Comcast to Pay $33.4 Million for the Unauthorized Disclosure of Customer Contact Information

Yesterday, the California Public Utilities Commission announced it had approved a $33.4 million settlement with Comcast, which resolves allegations that, due to vendor switches, the company disclosed and published the contact information – name, address, and telephone number – of almost 75,000 California customers. Although the information published included contact information only, the affected customers had paid Comcast $1.25 or $1.50 per month for non-published phone numbers. The CPUC alleged that Comcast did not honor customers’ choice to keep that information private, and was slow to act after receiving complaints about the unauthorized disclosure and publication of customer information.

Under the terms of the agreement, Comcast will pay a $25 million civil penalty and approximately $8.4 million in restitution, including $100 each to the 74,774 affected customers, $432,000 for home security and/or safety-related services for 216 customers with specific safety concerns related to the disclosure, and $517,714 in refunds for non-published fees collected. For injunctive relief, Comcast has agreed to enhance its practices with respect to non-published phone numbers, including by (1) auditing vendors with access to customer directory listing information; (2) implementing detailed processes to handle customer inquiries and complaints; and (3) providing customers with a simplified explanation of the XFINITY Voice non-published feature to resolve concerns that customers do not fully understand the feature’s scope. In addition, the company must provide compliance reports to the CPUC for the next three years.

This settlement serves as another reminder to companies of the costs associated with failing to reasonably ensure that marketing representations, including those about customer privacy, are accurate and supported.