I just read the reports of this settlement by Verizon with the FCC, reported through a few media outlets. Here is the news release on the FCC site itself:
http://www.fcc.gov/document/verizon-pay-74m-settle-privacy-investigation-0
As a privacy consultant, I found this interesting, for a number of reasons. One is that, I am often the person in the room (the *only* person) pushing for “best practices” in the area of best practices for use and handling of customer data. Typically, other stakeholders in the conversation will push back, wanting to know what the inherent costs and risks are in not employing those best practices. That’s fair business analysis in any case – but in the realm of privacy, it’s also when things get hard.
Because the United States does not have any over-arching Federal data privacy / protection law, often times we are left to lean on seemingly altruistic views of how to treat individuals and their data. You may be able to find some International or US state laws to stretch and contort into the conversation, but for the most part, calling out that a particular use would be “breaking the law” typically doesn’t work.
Another approach is about consumer perception. What will our customers think of this? How are we interacting with them? How much effort should we make in telling them what we do? Will they think this is “creepy” if we tell them? Just Google “consumer creepy“, which is a pretty wide open search, and you’ll see that the results generally center around user data collection and use, particularly in a marketing context. As we’ve discussed before, consumers are the product, and the goals of most privacy enthusiasts are to ensure that consumers are just aware of the trades they are making relative to their information, the use of that information, and the services that they receive in return.
The FTC and the FCC are among the government arms that have purview over trade and commerce in the US. Because Verizon is a carrier in the US, the FCC has additional oversight and power to enforce such an action. I’m not as clear on the specific reasoning, rules or laws they applied to levy this fine. If anyone has a comment on that, we’d appreciate the info, let us know in the comments.
In any case, if this scenario had involved someone else – say, Land’s End, Old Navy, eBay, or some other retailer, not subject to FCC regulations – one wonders, would the FTC have taken similar action? Would the fine have been as high?
Whatever the mettle is behind the FCC’s capability to do this – I know that there are many a privacy consultant who are pleased to have such an example to point at. A meaningful fine levied against common sense, best practices issue on managing customer data, and just treating customers fairly.
– Tom
