On October 24, 2014, the Federal Communications Commission (FCC) levied a $10 million fine against two telecommunications companies that allegedly stored unencrypted personally identifiable customer data online with no security safeguards. Although the FCC has primary regulatory authority over telecommunications companies, this appears to be the first time the agency has ventured into the arena of data security enforcement and, according to FCC Enforcement Bureau Chief Travis LeBlanc, “it will not be the last.”

Although the proposed $10 million fine in the matter is noteworthy, just as significant is the internal dissent the FCC’s actions drew from two Commissioners. Those dissents—which questioned the FCC’s authority to act—must be examined in the context of the FCC’s overall authority to protect consumer privacy with respect to telecommunications activities, and how the FCC’s authority interacts and overlaps with that of the Federal Trade Commission (FTC).