06:31 PM

AT&T Settles Customer Information Investigation

In response to allegations about its customer privacy practices, the company agreed to, among other measures, supervision and review of its opt-out processes for releasing proprietary customer network information.

AT&T will pay a $550,000 settlement to end an investigation into its handling of customers' telephone information.

The company recently agreed to pay the money on behalf of SBC, which acquired AT&T and adopted its name. The companies cooperated with the enforcement bureau of the Federal Communications Commission during an investigation into whether customer confidentiality was breached. The payment, due within 30 days, does not constitute an admission of wrongdoing, according to language in the agreement.

The company agreed to supervision and review of its opt-out processes for releasing proprietary customer network information (CPNI). The company also agreed to monitor customer complaints and identify violations of the FCC's opt-out rules.

The Electronic Privacy Information Center claimed it prompted the investigation when it submitted a petition to the FCC, but AT&T said the failures were self-reported. EPIC had been arguing for strengthened security and authentication standards for accessing customer phone records, including call histories, subscribers' unlisted phone numbers and other personal information obtained by online information brokers.

In the petition, EPIC pointed out that online brokers advertise their ability to obtain the information without account holders' knowledge and consent, that the information is gained in hours (indicating it could not have been obtained legally) and that carriers are not careful enough about validating the identity of the person requesting the information. EPIC suggested that carriers were not doing their part to prevent pretexting, the practice of assuming an identity to obtain personal information from an account holder.

AT&T said that the company made errors relating to sharing of information with its own internal marketers, not outside entities. The company claimed it discovered the issue, corrected it, reported it and took steps to ensure that it does not recur.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Register for InformationWeek Newsletters
White Papers
Current Issue
Top IT Trends to Watch in Financial Services
IT pros at banks, investment houses, insurance companies, and other financial services organizations are focused on a range of issues, from peer-to-peer lending to cybersecurity to performance, agility, and compliance. It all matters.
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on for the week of August 21, 2016. We'll be talking with the editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.