What was the main violation in the CaptionCall settlement?

The FCC found that CaptionCall unlawfully retained customer call data for three years, violating rules that prohibit keeping such information beyond the duration of the call.

How can organizations avoid similar data retention penalties?

Companies must implement strict data retention schedules and use compliance-verified automated erasure solutions to ensure data is destroyed once its legal or business purpose expires.

Data Retention

CaptionCall's $34.6M FCC Settlement: The Price of Data Retention

Learn about the FCC's $34.6M settlement with CaptionCall for excessive data retention, highlighting key consumer privacy issues.

FCC Findings & Settlement

The FCC investigation revealed serious violations by CaptionCall:

Unlawful Data Retention

The company unlawfully retained customer call data for three years. This was in clear violation of the FCC rule that prohibits retention of call information beyond the duration of the call as per section 225 of the Communications Act of 1934 and section 64.604(a)(2)(i)-(ii) of the TRS Rules.

False Submissions

Submitted wrong information to the TRS Fund administrator concerning reimbursement claims related to IP CTS.

Settlement Breakdown: $34.6 Million

$12 Million: TRS Fund reimbursement
$13.6 Million: Relinquishing claims for IP CTS minutes
$5 Million: Civil Penalty
$4 Million: Investment in privacy, data protection improvements, and user awareness

Key Settlement Requirements

TRS Privacy & Data Protection Program

CaptionCall must develop and implement a privacy & data protection program within 120 days, including designating a Data Privacy Officer and developing a data retention schedule that specifies retention period, purpose of data collection, usage, and disclosure.

The policy shall ensure the safe removal and disposal of user data by sanitizing or destroying data-bearing electronic media when required.

Operating Procedures

Within 120 days, CaptionCall shall engage an independent accessor to ensure internal compliance reporting happens regularly, non-compliance incidents are managed properly, and vendor agreements are updated.

Additional Requirements

Develop policies for Incident Response, Vendor Oversight, and risk assessment
Update marketing agreements and maintain records for 2 years
Update compliance manual and training program
File regular compliance reports

What CaptionCall Could Have Done Differently

Data Minimization

Collect and retain only necessary data for the minimum required duration

Automated Data Erasure

Implement automated data erasure policies to delete data after retention period

Regular Audits

Conduct regular compliance audits to identify and address retention violations

Certified Solutions

Use certified data erasure software to ensure compliant data disposal

Conclusion

The CaptionCall settlement serves as a stark reminder that excessive data retention can result in massive financial penalties. Organizations must implement proper data retention policies, automated erasure procedures, and certified data sanitization solutions to avoid similar consequences.

Avoid Costly Data Retention Violations

Implement proper data retention and erasure policies with D-Secure to ensure compliance.

Request Free Demo View Products

Frequently Asked Questions

Comments (0)

Your email address will not be published. Providing an email is optional.

No comments yet. Be the first to comment.

Have Questions About This Topic?

Send us an enquiry regarding: CaptionCall Settlement