The number of IT snafus, problems and burps moved back to a more normal rate last week. There were a surprising number of coincidental outages that hit Apple, eBay, Tumblr and Facebook, but other than these, the most interesting IT Hiccup of the Week was the news that the U.S. Federal Communications Commission (FCC) fined Verizon Communications a record $7.4 million for failing to notify two million customers of their opt-out rights concerning the use of their personal information for certain company marketing campaigns.
According to the Washington Post, Verizon is supposed to inform new customers via a notice in their first bill that they could opt-out of having their personal information used by the company to craft targeted marketing campaigns of products and services to them. However, since 2006, Verizon failed to include the opt-out notices.
A Verizon spokesperson blamed the oversight as being “largely due to an inadvertent IT glitch,” the Post reported. The Verizon spokesman, however, didn’t make it clear as to why the company didn’t notice the problem until September 2012, nor why it didn’t inform the FCC of the problem until 18 January 2013, some 121 days later than the agency requires. (Companies are required to inform the FCC of issues like this within five business days of their discovery.)
The FCC’s press release annoucing the fine showed that the agency was clearly irritated by Verizon’s tardiness. Travis LeBlanc, the acting chief of the FCC Enforcement Bureau, said that, “In today’s increasingly connected world, it is critical that every phone company honor its duty to inform customers of their privacy choices and then to respect those choices. It is plainly unacceptable for any phone company to use its customers’ personal information for thousands of marketing campaigns without even giving them the choice to opt out.”
Of course, a better solution would be for the FCC to force companies to allow customers only to opt-in to the use of their personal information, but that discussion is for another day.
On top of the $7.4 million fine, which the FCC took pains to point out is the “largest such payment in FCC history for settling an investigation related solely to the privacy of telephone customers’ personal information,” Verizon will have to include opt-out notices in every bill, as well as put a system in place to monitor and test its billing system to ensure that they actually go out.
Verizon tried to downplay the privacy rights violation, of course, even implying that its customers benefited from the glitch by being able to receive “marketing materials from Verizon for other Verizon services that might be of interest to them.”
Readers of the Risk Factor may remember another Verizon inadvertent IT glitch disclosed in 2010 in which Verizon admitted that it over-billed customers by $52.8 million for “mystery fees” over three years. During that time, Verizon customers who called the company to complain over the fees were told basically to shut up and pay them. The FCC smacked Verizon with a then FCC record-setting $25 million fine for that little episode of customer non-service and IT ineptitude.
Last year, Verizon agreed to pay New York City $50 million for botching its involvement in the development of a new 911 emergency system. Alas, that wasn’t a record-setting settlement; SAIC owns that honor after paying the city $466 million to settle fraud charges related to its CityTime system development.
In Other News…
Robert N. Charette is a Contributing Editor to IEEE Spectrum and an acknowledged international authority on information technology and systems risk management. A self-described “risk ecologist,” he is interested in the intersections of business, political, technological, and societal risks. Charette is an award-winning author of multiple books and numerous articles on the subjects of risk management, project and program management, innovation, and entrepreneurship. A Life Senior Member of the IEEE, Charette was a recipient of the IEEE Computer Society’s Golden Core Award in 2008.