Investigation by the FCC revealed that AT&T had failed to dispose of customer data shared with the unnamed firm it enlisted for billing and marketing efforts dating back to 2017 and 2018 even though several evaluations from 2016 to 2020 purported the vendor’s compliance with data deletion policies. Aside from paying the fine, AT&T has also been required by the settlement to conduct yearly compliance audits and establish an extensive information security program, as well as bolster third-party vendor ecosystem oversight through restricted customer data access and more stringent data removal policies.
Source: SC Magazine