Big Fines Aid Deterrence, FCC Official Says, As Regulator Ramps Up Enforcement Activity

Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...

By Lydia Beyoud

 

April 14 — A string of record fines in the telecommunications industry since FCC Enforcement Bureau Chief Travis LeBlanc stepped into his role in March 2014 underscores not only a philosophy of promoting deterrence through penalties but also focusing agency resources on bigissues impacting larger numbers of consumers, LeBlanc said April 14.

While the multimillion-dollar fines may raise concerns within the industry, they are also enabling the Federal Communications Commission to provide certainty to those it regulates, LeBlanc said during a session at the National Association of Broadcasters Show in Las Vegas.

LeBlanc has made several process and policy changes since his appointment, including major changes to how the bureau selects cases.

"We have begun to focus on the kinds of issues that matter to most Americans in the 21st century," he said.

A priority has been to focus on consumer restitution in addition to continuing to police the industry and pursue fines, he said.

On April 8, in its largest privacy and data security enforcement action to date, the FCC announced that it had reached an administrative consent order with AT&T Services Inc. that includes a $25 million settlement payment to resolve an investigation into data breaches involving almost 280,000 U.S. mobile device customer accounts operated by the company's international call center contractors.

The FCC made its first significant move into data security enforcement in October 2014 when it imposed $10 million in fines on two phone companies—TerraCom Inc. and YourTel America Inc.—for failing to protect their customers' personal data online.

"We're on track to do just as many this year as in the last two fiscal years," although the penalty amounts at stake in the consent decrees are significantly higher than under his predecessor, LeBlanc said. "Larger fines do promote deterrence."

In March, LeBlanc said the FCC's renewed interest in privacy issues was the result of the rise in the number of mobile devices, the increasing convergence of phone and cable providers and a surge in the demand for data.

More recently, the FCC April 15 said it had joined the Asia Pacific Privacy Authorities, a network of privacy enforcement authorities in the Asia-Pacific region.

Weighing Impact.

The bureau relies on its prosecutorial discretion and considers the impact of action on industry competition and consumer protection to determine its priorities for enforcement action, LeBlanc told Bloomberg BNA after the session.

“We use all of that together as a basis to help us decide whether we should devote our scarce prosecutorial resources to a particular investigation,” he said.

A policy of no longer treating every complaint as a case that must be resolved has freed enforcement staff to take on more complex cases on a faster timeline.

“When you’re doing bigger cases, undoubtedly the amount of money that’s at stake is also bigger,” LeBlanc said during the session. “But we are being more creative in our approach; we’re not just focusing on the fines,” he added. That also means that license renewals are being processed more quickly, he said.

“We have begun to focus on the kinds of issues that matter to most Americans in the 21st century.”

Travis LeBlanc, Enforcement Bureau Chief, Federal Communications Commission

FCC rules generally require the bureau to take enforcement action within a year of the date of a violation.

Past practices resulted in a large backlog of unresolved cases with hundreds of staff hours spent not on casework but on tolling agreements and escrows to hold open the statute of limitations.

“That just didn’t strike me as a good way of going about enforcement,” LeBlanc said. “We stopped opening up cases when we have no legal basis for pursuing a claim.”

That concentration of effort resulted in numerous stalled renewal applications being approved by the Media Bureau, he said. “It’s something that we don’t get a lot of credit for in the Enforcement Bureau, but it was very industry and business friendly,” he said.

LeBlanc said he was interested in promoting greater transparency on when the Enforcement Bureau plans to take actions and encouraged broadcasters attending the conference to contact the bureau directly with questions. “If you’re worried about a hold that’s there, ask us about it.”

Consent Decree Changes.

The bureau has made substantial changes to how it uses consent decrees as an enforcement tool, LeBlanc said in response to an audience question on whether his views had changed since June 2014 remarks before the Federal Communications Bar Association criticizing their use.

Those changes include revising the characterization of the payment of fines from “voluntary contributions”—which he said allowed companies to write off fines from their taxes as donations to the U.S. General Treasury—to civil penalties.

The bureau has also begun seeking admissions of liability rather than no-fault consent agreements, such as those often reached by the Federal Trade Commission in alleged failures of companies to honor privacy promises to consumers and to provide reasonable data security for consumer information.

The FCC has also standardized its consent decree templates across its divisions and expanded on providing an explanation of what the FCC considered the wrongful action to be, he said. That model is based on the FTC’s practice and is intended to provide guidance to other members of the industry, LeBlanc said.

But the FTC has been criticized by some for relying on its consent decrees to create a body of regulatory enforcement precedent, including in the Wyndham Worldwide Corp. litigation over the FTC's data security enforcement authority.

Compliance Oversight.

Another change has been to push for compliance provisions as part of settlement agreements to ensure similar conduct doesn’t reoccur, he said. Such provisions were part of the FCC’s recent action against AT&T for consumer privacy violations.

In addition to the $25 million fine, AT&T agreed to implement within 90 days a new data security program to protect consumer personal information from unauthorized access and to submit compliance reports for three years.

The continual churn of litigation, appeal and petition for review is one area LeBlanc said is ripe for process change. “There’s a lot of litigation and relitigation of issues at the FCC. It’s kind of hard to get to a final action,” he said. “In terms of process reforms, it’s one of the areas I’d like to see as sort of reaching finality at a certain stage and being able to end further relitigation of the issue.”

‘Rogue' Reputation.

While the bureau has faced criticism for what some in the industry view as an aggressive stance driven by LeBlanc’s background as a senior prosecutor with the California Department of Justice, there is significant consideration of how enforcement action aligns with other FCC policy, he told broadcasters.

“In a law enforcement agency you have the law, and you begin to work from the law and just do what you think is right based on the facts,” he said. “The FCC is fundamentally a regulatory agency, and we have the benefit of having the folks who wrote the rules that were enforced down the hall, and we can go talk to them.”

Any bureaus that have a policy interest in an enforcement action are consulted to ensure the action doesn’t contradict current policy or potential rulemakings that may be imminent, he said.

“Although a lot of people think that the Enforcement Bureau is just kind of independent and running rogue in the agency,” he said, “I am here to confirm that is not the case.”

 

By Lydia Beyoud

To contact the reporter on this story: Lydia Beyoud in Las Vegas at lbeyoud@bna.com

To contact the editors responsible for this story: Heather Rothman at hrothman@bna.com; Donald G. Aplin at daplin@bna.com