Federal Communications Commission FCC 14-173 STATEMENT OF CHAIRMAN TOM WHEELER Re: TerraCom, Inc. and YourTel America, Inc., Notice of Apparent Liability for Forfeiture, File No. EB-TCD-13-00009175 Today, the Commission is proposing a $10 million fine against two companies that failed to adequately secure the personal information of their customers. These companies have a duty under the Communications Act to protect the confidentiality of their customers’ personal information. As the nation’s expert agency on communications networks, the Commission cannot – and will not – stand idly by when a service provider’s lax data security practices expose the personal information of hundreds of thousands of the most vulnerable Americans to identity theft and fraud. Let’s be clear about the facts: The companies in question collected sensitive information from low-income consumers to establish their eligibility for the Lifeline program. This collection is consistent with our rules, and the companies promised in their privacy policies to safeguard this information. But rather than safeguarding the information, the companies outsourced this responsibility to a vendor that collected and stored customers’ Social Security numbers, names, addresses, driver’s licenses, and other sensitive information on unprotected Internet servers. In other words, the most sensitive, personal information of up to 305,000 Americans was available to anyone with an Internet connection anywhere in the world. We do not need detailed ex ante rules and regulations to know that this is simply unacceptable. Failure to take reasonable steps to secure consumer information is a clear breach of a carrier’s duty to protect the confidentiality of the customer information they collect and an “unjust and unreasonable practice” – both violations of the companies’ statutory obligations under the Communications Act. Consumers entrust their most personal, confidential, and sensitive information to our communications networks and service providers every day. The Commission has a responsibility under the Communications Act to ensure that those service providers and network operators take reasonable steps to honor that public trust, and to protect consumers from harm caused by violations of the Communications Act. That is exactly what we are doing today.