After a year filled with news stories about data privacy breaches, including Target and Home Depot, it seems that the Federal Communications Commission (FCC) is finally doing something about it. On Friday, the FCC proposed a $10 million fine against two telecom companies for data breaches that potentially affected 300,000 customers, The Washington Post reports.
How did this happen? And what does this mean for small business that store customer data?
Out in the Open
The data breaches came to light last year when Scripps Howard News Service was able to find customer records stored by TerraCom and YourTel, two companies that provide low-cost phone service to low-income customers under a federal program. The records contained very sensitive information like Social Security numbers and pay stubs. It turns out customer data were stored unencrypted on servers open to the Internet; in some cases, Scripps reporters were able to locate the data via a Google search.
What Does This Mean for Small Businesses?
Unless you're a telecommunications company, it's unlikely the FCC will be coming after you for $10 million any time soon (the federal law that allows the FCC to act in this case applies only to phone companies). Nevertheless, if your business stores any user information -- including passwords, or even phone numbers, you'll want to make sure that it's stored securely.
Here are a few considerations:
So while the law at issue in the FCC's first data breach fine applies only to phone companies, keep in mind that different kinds of data are protected under different laws (even video rental records!) that can subject companies to liability if the data are leaked.
Follow FindLaw for Consumers on Google+.