NEWS Federal Communications Commission 445 12 th Street, S.W. Washington, D.C. 20554 This is an unofficial announcement of Commission action. Release of the full text of a Commission order constitutes official action. See MCI v. FCC. 515 F 2d 385 (D.C. Cir. 1974). News Media Information 202 / 418-0500 Internet: http://www.fcc.gov FOR IMMEDIATE RELEASE: NEWS MEDIA CONTACT: October 28, 2014 Neil Grace, 202-418-0506 E-mail: neil.grace@fcc.gov FCC JOINS GLOBAL PRIVACY ENFORCEMENT NETWORK Commission Commits to Strong International Collaboration to Protect Privacy Washington, D.C. – The Federal Communications Commission announced that it has joined the Global Privacy Enforcement Network (GPEN), an international group of privacy regulators and enforcers. GPEN seeks to promote and support law enforcement cooperation and collaboration on cross-border privacy enforcement actions. GPEN members include approximately fifty data protection authorities from around the world. The FCC will join the Federal Trade Commission in representing the United States in GPEN proceedings. “We live in an interconnected world where threats to consumer privacy and data security often require the cooperation of numerous law enforcement agencies around the world,” said Travis LeBlanc, Chief of the FCC’s Enforcement Bureau. “Every day Americans continue to have their personal data compromised by attacks from beyond our borders – like phone scams operated by identity thieves based thousands of miles away. If we are to detect, disrupt, and dismantle these persistent global privacy assaults, it is critical that we work closely with our international partners abroad, as well as our federal, state, and local partners here at home.” The FCC has a long history of working to protect the privacy of American consumers. Congress has put in place strong, Commission-enforced protections for personally identifiable information, like laws against collecting or sharing certain information without customer consent, and laws requiring providers to secure this information against unauthorized access. The Commission has also adopted its own rules to further protect consumer privacy, like rules governing the security and use of customer proprietary network information (CPNI), which includes billing and location data, and Do-Not-Call rules to combat intrusive phone calls. The Commission’s Enforcement Bureau has vigorously enforced these privacy laws and regulations. This month, the Commission announced its intent to fine phone carriers TerraCom and YourTel $10 million for deficient data security practices that exposed the personal information of up to 305,000 consumers to anyone with Internet access. Last month, the Enforcement Bureau secured a $7.4 million settlement with Verizon to address the company’s unlawful marketing to two million customers without their consent or notification of their privacy rights as required under the CPNI rules, the largest privacy action in the Commission’s history. And earlier this year the Bureau reached a $7.5 million settlement with Sprint for its failure to honor consumer requests to opt out of phone and text marketing communications in violation of the Telephone Consumer Protection Act, the largest Do-Not-Call settlement in the Commission’s history. The Global Privacy Enforcement Network grew out of a 2007 Recommendation on Cross-Border Cooperation in the Enforcement of Laws Protecting Privacy, adopted by the Organization for Economic Cooperation and Development (OECD). That Recommendation called for OECD member countries to establish an informal network of privacy enforcement authorities, and take appropriate steps to: (1) “[i]mprove their domestic frameworks for privacy law enforcement to better enable their authorities to co- operate with foreign authorities”; (2) develop effective international mechanisms to facilitate cross-border privacy law enforcement co-operation”; (3) provide mutual assistance … in the enforcement of laws protecting privacy”; and (4) engage relevant stakeholders in discussion and activities aimed at furthering co- operation in the enforcement of laws protecting privacy.” Following through on these steps led to the creation of GPEN in 2010. Among the fifty members of GPEN are the Office of the Australian Information Commissioner, Office of the Privacy Commissioner of Canada, Dutch Data Protection Authority, European Data Protection Supervisor (European Union), Commission Nationale de l’Informatique et des Libertés of France, Federal Data Protection Commission of Germany, Federal Institute for Access to Information and Data Protection of Mexico, Office of the Privacy Commissioner of New Zealand, and United Kingdom Information Commissioner’s Office. More information about the Notice of Apparent Liability against TerraCom and YourTel is here: http://www.fcc.gov/document/10m-fine-proposed-against-terracom-and-yourtel-privacy-breaches More information about the Verizon CPNI settlement is here: http://www.fcc.gov/document/verizon-pay-74m-settle-privacy-investigation More information about the Sprint Do-Not-Call settlement is here: http://www.fcc.gov/document/sprint-pay-record-75m-resolve-do-not-call-investigation -FCC-