Services & Software

Verizon pays $7.4 million to settle FCC privacy investigation

The settlement involves an investigation into what the Federal Communications Commission says is an "unacceptable use" of customers' personal info for marketing.

Verizon Communications has agreed to pay the Federal Communications Commission $7.4 million to settle an investigation into the company's use of consumers' personal information for marketing purposes.

"In today's increasingly connected world, it is critical that every phone company honor its duty to inform customers of their privacy choices and then to respect those choices." --Travis LeBlanc, Acting Chief of the FCC's Enforcement Bureau

This is the largest such payment the FCC has ever received in an investigation related solely to the privacy of telephone customers' personal information.

The settlement comes as the FCC is trying to look like it's being tough on wireless phone companies. In late July, the commission sent Verizon a strongly worded letter in which Chairman Tom Wheeler said he was "deeply troubled" by Verizon's decision to expand its network-management policy that targets customers of its unlimited data plans.

Chairman Wheeler has come under fire from fellow Democrats on Capitol Hill, as well as consumer groups and even comedians like John Oliver, for bowing too much to the will of big broadband companies, as his agency attempts to redraft new Net neutrality rules. The rules are designed to replace regulation that a federal court threw out earlier this year. Critics have been especially unhappy with the chairman for drafting a proposal to reinstate Open Internet rules that they claim would allow broadband companies to pay for priority access to networks, creating so-called Internet fast lanes.

Net neutrality is the principle that Internet service providers, such as AT&T, Comcast, Time Warner Cable and Verizon, and governments around the world, should treat all Internet traffic the same. This means Internet service providers (ISPs) shouldn't block or slow down traffic on their local broadband networks based on individual users. And they shouldn't modify their services based on the type of traffic those users are accessing or on the type of service that's sending the content.

Even though the FCC says the Verizon investigation has nothing to do with the rewrite of the Net neutrality rules, it's clear the commission wants to look as though it can take a tough stand against the phone companies.

The investigation

The Communications Act requires phone companies to protect the privacy of customers' information, such as sensitive personal information like billing and location data. But some of this data can be used by a phone company for marketing additional services to consumers. The main restriction is that customers must provide phone companies with their approval through either an "opt in" or "opt out" process. When that process isn't working properly, the company must report the problem to the FCC within five business days.

Verizon typically uses an opt-out process. It sends notices to new customers in a welcome letter asking them if they don't want their information used by Verizon to send them marketing information about other Verizon services they might be interested in.

The FCC's Enforcement Bureau said it discovered that, beginning in 2006 and continuing for several years, Verizon had failed to notify about 2 million new customers of their privacy rights, which would have let them opt out. In addition to the $7.4 million payment, Verizon has agreed to notify customers of their opt-out rights on every bill for the next three years.

"In today's increasingly connected world, it is critical that every phone company honor its duty to inform customers of their privacy choices and then to respect those choices," Travis LeBlanc, Acting Chief of the FCC's Enforcement Bureau, said in a statement. "It is plainly unacceptable for any phone company to use its customers' personal information for thousands of marketing campaigns without even giving them the choice to opt out."

Verizon didn't become aware of the issue until September 2012, the FCC said in its statement. And the company failed to notify the FCC of the problem until January 18, 2013 -- 126 days after becoming aware of it -- which is way beyond the 5 days the FCC requires.

Verizon said in a statement that it takes seriously the obligation to comply with all FCC rules. It also noted that the issue didn't involve a security breach:

"The issue here was that a notice required by FCC rules inadvertently was not provided to certain of Verizon's wireline customers before they received marketing materials from Verizon for other Verizon services that might be of interest to them," the company said in a statement. "It did not involve a data breach or an unauthorized disclosure of customer information to third parties."