Cybersecurity And The Cloud: Lessons From FCC Cloud Breach Enforcement
iapp, Thursday, September 19th, 2024
A recent enforcement action by the U.S. Federal Communications Commission offers important lessons to all entities that use cloud services, whether or not they are subject to FCC regulation.
The specific case involved AT&T, which utilized a third-party provider to generate and host personalized video content for its customers. As part of the relationship, and in order to receive the vendor's services, AT&T shared customer information with the third party.
AT&T's agreements with the vendor required its customer data to be deleted, destroyed or returned either upon expiration or termination of the agreement or when the data was no longer necessary to fulfill contractual obligations. The vendor was also subject to AT&T's Supplier Information Security Requirements, which included encryption, access control and network oversight requirements.