The Federal Communications Commission has proposed fining AT&T Inc. and Alltel Corp. $100,000 each for apparently failing to certify that they have procedures to protect customers' personal phone records.
The finding comes as Congress opens hearings Wednesday on how to stop companies that are selling private phone records over the Internet.
AT&T and Alltel have 30 days to respond to a "notice of apparent liability" issued late Monday by the FCC's enforcement bureau.
The two separate notices said the companies apparently violated commission rules by failing to have a corporate officer file an annual certificate stating the company has procedures to ensure customer confidentiality.
AT&T said in a statement Tuesday that it has systems in place to protect customer data. "However, a copy of the officer's certificate attesting to those procedures hasn't been located. The company is rectifying the mistake and is working with the FCC to ensure full compliance," it said.
Alltel didn't immediately respond to a phone call seeking comment.
Both regulators and lawmakers are looking into the phone safety issue because companies are offering to sell people's cell and landline records. They can get the information in a number of ways including through "pretexting," in which someone calls a phone company pretending to be a customer and persuades it to release the information.
Pretexting for financial data is illegal, but there's no specific law against pretexting for phone records. The data brokers also can use insiders at the phone companies to get the records.
The House Energy and Commerce Committee plans a hearing Wednesday afternoon on the safety of phone records from pretexting.