The Federal Communications Commission approved new rules requiring wireless and wireline carriers to take additional steps to prevent unauthorized disclosure of subscribers’ phone records, but a provision delaying notification of customers of some privacy breaches drew protests from the agency’s two Democratic members.
The new guidelines, which essentially represent a shift from an opt-out to an opt-in regime, were triggered by high-profile cases in which data brokers and individuals impersonated customers to obtain their phone records.
The practice of “pretexting” was criminalized by Congress last year. Congress is also pursuing legislation to require telecom carriers to do more to protect consumers’ phone records. The cellular industry opposes additional legislation and is unhappy with some elements of the FCC ruling.
“The wireless industry shares the commission’s interest in protecting consumers from criminals who attempt to steal CPNI (customer proprietary network information). While we understand that many of the FCC’s new requirements are entirely consistent with steps already taken by wireless carriers to protect their customers’ CPNI, we believe that some elements of the item are unnecessary and could ultimately raise costs for wireless consumers,” stated cellphone association CTIA. “In the end, however, we are committed to working with our customers and with the commission to protect consumers’ information.”
Under new FCC rules, telecom carriers cannot release phone records when a customer calls unless a password is provided. If a customer does not provide a password, carriers can mail it or call the customer. Moreover, telecom operators must provide mandatory password protection for online account access. Carriers can provide all CPNI, including phone call records, to subscribers based on in-store contact with a valid photo identification.
When there are changes involving a password, a backup for forgotten passwords, online accounts or an address of record, carries must notify customers promptly.
FCC regulations were modified to require carriers to obtain explicit consent from a customer before disclosing a customer’s CPNI to a carrier’s joint venture partners or independent contractors for the purposes of marketing communications-related services to that customer.
FCC Commissioners Michael Copps and Jonathan Adelstein objected to a clause allowing the FBI and Secret Service to keep telecom consumers in the dark for two weeks or longer about a privacy breach during investigations.
“As some have described it, it is akin to not telling victims of a burglary that their home has been broken into because law enforcement needs to continue dusting for fingerprints,” stated Copps.
New FCC rules take aim at pretexting
ABOUT AUTHOR
