WASHINGTON — The FCC’s Enforcement Bureau today entered into a settlement with Liberty Latin America, through Liberty subsidiaries Liberty Mobile Puerto Rico and Liberty Mobile USVI, to resolve an investigation into whether Liberty failed to report a data breach in a timely manner as required by Commission rules and conditions of Liberty’s license under a national security agreement intended to address national security and law enforcement risks.
Liberty acquired telecommunications operations from another carrier in 2020. In January 2023, Liberty learned from its predecessor that Liberty customer data predating the transaction had been breached. Liberty was required to file a breach report pursuant to the Commission’s rules and to notify the Department of Justice of the breach pursuant to a national security mitigation agreement. Liberty did not timely report the breach and instead spent weeks negotiating with its predecessor over which of the companies was responsible for notifying the government about this breach.
“The nexus between national security and consumer privacy and the protection of sensitive data is stronger than ever,” said FCC Enforcement Chief Loyaan A. Egal, who also serves as head of the Privacy and Data Protection Task Force. “The Enforcement Bureau will work closely with our national security partners to ensure that conditions to FCC licenses and the provisions in Team Telecom mitigation agreements that address the protection of sensitive data and cybersecurity risks are strongly enforced.”
Carriers have access to voluminous sensitive information about their customers. When a breach occurs, carriers must have a plan to act quickly and notify regulators. The risks may require heightened care when companies have foreign ownership, control, or investment. To address such risks, the Commission requires businesses with foreign ownership (including Liberty) to undergo a transaction review and approval process. The Commission works closely with the Committee for the Assessment of Foreign Participation in the United States Telecommunications Sector (commonly known as Team Telecom) to address issues related to U.S. national security and law enforcement interests before approving such transactions.
At the FCC’s request, Team Telecom reviewed the Liberty transaction for these concerns. Team Telecom and Liberty subsequently negotiated and entered into a letter of agreement, which included a 72-hour breach notification requirement and other terms to address identified risks to national security and law enforcement interests. The Commission conditioned its approval of Liberty’s transaction upon Liberty’s compliance with the terms of the LOA.
The Enforcement Bureau’s settlement, formally called a Consent Decree, advances vital U.S. national security and law enforcement interests and protects the privacy and security of sensitive consumer data, ensuring that Liberty abides by the Commission’s rules and its commitments to Team Telecom. The FCC—through its own expertise and coordination with the Team Telecom national security agencies—is able to protect consumers’ privacy and sensitive data, as well as oversee the security of vital U.S. communications infrastructure.
In 2023, FCC Chairwoman Rosenworcel established the Privacy and Data Protection Task Force, an FCC staff working group focused on coordinating across the agency on the rulemaking, enforcement, and public awareness needs in the privacy and data protection sectors, including data breaches (such as those involving telecommunications providers) and vulnerabilities in regulated communications providers’ privacy and cybersecurity practices. More information on the Task Force is available at: https://www.fcc.gov/privacy-and-data-protection-task-force.
###
Media Relations: (202) 418-0500 / ASL: (844) 432-2275 / www.fcc.gov
This is an unofficial announcement of Commission action. Release of the full text of a Commission order constitutes official action. See MCI v. FCC, 515 F.2d 385 (D.C. Cir. 1974).
Leave a Reply
You must be logged in to post a comment.
