November 2015
Pillsbury’s communications lawyers have published FCC Enforcement Monitor monthly since 1999 to inform our clients of notable FCC enforcement actions against FCC license holders and others. This month’s issue includes:
- FCC Admonishes TV Licensee for Prior Station Owner’s Failure to Timely File Children’s Television Programming Reports
- Inadequate Antenna Fencing and Signage Result in Proposed Fines of $60,000 and $25,000 for Two Broadband-PCS Licensees
- Cable Company Settles Data Breach Investigation for $595,000
You Can’t Leave Your Troubles Behind: FCC Clarifies That Prior Violations Transfer Along with TV Station
The FCC’s Video Division admonished a New York TV licensee whose station failed to file Children’s Television Programming Reports in a timely manner for thirteen quarters between 2006 and 2010. The licensee acquired control of the station through a long-form transfer of control consummated in September 2010.
Section 73.3526 of the FCC’s Rules requires each commercial broadcast licensee to maintain a public inspection file containing specific information related to station operations. Subsection 73.3526(e)(11)(iii) requires TV licensees to prepare and place in their public inspection files a Children’s Television Programming Report for each calendar quarter showing, among other things, the efforts made during that three-month period to serve the educational and informational needs of children.
In 2011, the FCC sent a letter to the licensee requesting that the licensee provide information concerning missing Children’s Television Programming Reports between 2006 and 2010. In response, the licensee explained that some of the missing reports had actually been filed under a “–FM” call sign, instead of the licensee’s “–CA” call sign, and admitted that the others had not been filed. The FCC later notified the licensee’s counsel that it had concluded its investigation into the Children’s Television Reports at issue in its 2011 letter, and did not impose a fine or other penalty for the violations at that time.
The violations resurfaced, however, after the station’s license renewal application filing in 2015 triggered an FCC review of the station’s online public inspection file. The FCC issued a Notice of Apparent Liability for Forfeiture to the licensee, proposing a $15,000 fine for its failure to timely file the 2006-2010 Children’s Television Programming Reports. The licensee argued that (i) the FCC had previously investigated the station’s public file and deemed it in compliance, and (ii) the licensee was not responsible for untimely report violations of the station’s prior owner, noting “existing regulations and a consistent line of published decisions and notices” to that effect. In particular, the licensee cited Section 73.3526(d) of the FCC’s Rules, which provides that “[i]f the assignment is consented to by the FCC and consummated, the assignee shall maintain the file commencing with the date on which notice of the consummation of the assignment is filed with the FCC.”
As even the licensee acknowledged, however, “assignments and transfers are dealt with in separate sub-sections of the rule, and the language about the limited responsibility of a new owner appears only in the assignment subsection.” On that basis, the FCC rejected the licensee’s argument, explaining that “[b]ecause the Licensee remains the same after a transfer of control, as a legal matter, liability remains with the licensee.”
Nevertheless, the FCC concluded that the licensee “had reason to believe it was in compliance at the time it submitted its license renewal application because it had filed previously missing reports in 2011 and 2013.” It therefore exercised its discretion to cancel the proposed fine and instead issue an admonishment. The FCC warned, however, that it would not rule out more severe sanctions for similar violations in the future, noting that the FCC takes the timely filing of Children’s Television Programming Reports “very seriously.”
Broadband-PCS Licensees Face Fines for Exposing the Public to Excessive Radiofrequency Levels
The FCC’s Enforcement Bureau proposed $60,000 and $25,000 fines against two broadband-PCS licensees for inadequate warning signs and fencing surrounding certain antennas in Phoenix, resulting in unprotected areas that exceeded what is permissible radiofrequency (“RF”) exposure for the general public. The violations were discovered on the same day as a result of a complaint from the owner of a nearby office building.
Failure to maintain acceptable levels of public RF exposure is a violation of Section 1.1310 of the FCC’s Rules, which mandates that licensees comply with the RF exposure limits established by the National Council on Radiation Protection and Measurements as outlined in the tables provided in the FCC’s Rules. Among other things, these rules provide RF exposure limits for workers who may be exposed to RF as part of their job and who have the ability to control their level of exposure, as well as different RF limits for members of the public and workers who are unable to control their level of RF exposure. The general population/uncontrolled exposure limits “apply in situations in which the general public may be exposed, or in which persons who are exposed as a consequence of their employment may not have been fully aware of the potential for exposure or cannot exercise control over their exposure.”
In this case, the antennas for both licensees were located on a rooftop that was accessible to the public and contained two penthouse apartments. One licensee had three antennas on the roof, and the other licensee had one antenna. While there were warning signs on the door leading to the rooftop, the signs near the antennas themselves were faded and obstructed, and there were no warning signs on other parts of the roof. In addition, the orange posts meant to block access to one licensee’s antennas were partially broken, and there were no barriers at all impeding access to the other licensee’s antenna. The property manager of the building told the FCC that she and other building workers work on the rooftop, including the antenna area, and that due to inadequate signage and barriers, they were not aware of areas to avoid or how to otherwise limit their RF exposure.
Accordingly, the FCC applied the general population/uncontrolled exposure limits and found that the publically accessible areas in front of the antennas exceeded the maximum permissible exposure by 175% to 300%, resulting in a violation of Section 1.1310. The base fine for violations of Section 1.1310 is $10,000. However, the FCC adjusted the proposed fines upwards to $60,000 for one licensee and $25,000 for the other, explaining that large or highly profitable companies should “expect the assessment of higher forfeitures . . . to ensure that the forfeiture liability serves as an effective deterrent and not simply a cost of doing business.”
Gone Phishing: Cable Company Agrees to Pay $595,000 to Settle Data Breach Investigation
The FCC’s Enforcement Bureau entered into a consent decree with a cable company to resolve an investigation into whether the company failed to protect its customers’ personal information when the company’s data systems were breached in August 2014. This action is the FCC’s first privacy and data security enforcement action involving a cable company.
Under Section 631(c) of the Communications Act, a cable operator cannot disclose personally identifiable information concerning any subscriber without the prior written or electronic consent of the subscriber, and must take such actions as are necessary to prevent unauthorized access to such information. In addition, Section 222 of the Communications Act provides that every telecommunications carrier has a duty to protect the confidentiality of its customers, and to notify customers of a breach as soon as practicable.
Between August 7, 2014 and August 14, 2014, hackers viewed personal information of about 60 current and former customers, posted eight customers’ information on social media sites, and changed the passwords of 28 of the customers. The hackers gained access to the information by posing as information technology administrators and tricking employees into entering their login credentials into a “phishing” website controlled by the hackers.
The FCC found that, at the time of the breach, the company did not have measures in place that might have prevented the use of compromised credentials. In addition, the company never reported the breach to the FCC’s data breach portal, as required under the Communications Act.
Under the consent decree, the company must pay a $595,000 fine, identify and notify all affected customers, and provide them with a free one year credit monitoring subscription. It must also adopt a comprehensive data security plan to protect against similar breaches in the future.
The consent decree comes on the heels of a July 9, 2015 settlement with two telecommunications companies that also involved protection of customer personal information. In that settlement, the companies agreed to pay a $3.5 million fine after it was discovered that the companies’ vendor stored consumers’ personal information on unprotected servers that were accessible over the Internet.
A PDF version of this article can be found at FCC Enforcement Monitor.