FCC 16-39: Protecting the Privacy of Customers of Broadband and Other Telecommunications Services
I was asked to provide a synopsis and extract possible requirements from the subject NPRM. It has taken longer than I intended so it comes with my apologies. Here it is under, with my apologies: ----------------------------------------------------------- By a plurality of the votes, the [United States] Federal Communications Commission (FCC) adopted and issued a so-called Notice of Proposed Rule Making (NPRM) that addresses “Protecting the Privacy of Customers of Broadband and Other Telecommunications Services”. See FCC 16-239: NOTICE OF PROPOSED RULEMAKING Adopted: March 31, 2016 Released: April 1, 2016. This NPRM <http://transition.fcc.gov/Daily_Releases/Daily_Business/2016/db0401/FCC-16-3...> is intended to regulate how Personal Identifier Information (PII) is used and shared. The rules as proposed extend long-standing privacy protections granted to consumers of traditional telephone services in Sections 222, 11, 631, 12 and 33813 of the Communications Act to broadband consumers – and, by extension internet users occasioned by the recent classification of broadband as a Class II service via FCC 15-24, the Open Internet Order <https://apps.fcc.gov/edocs_public/attachmatch/FCC-15-24A1.pdf>. This NPRM refines the FCC's Customer Proprietary Network Information (CPNI) rules, the set of rules derived from Section 222 of the Communications Act, for enforcing privacy requirements by adding to and extending the set of recognized PII’s. CPNI is here defined as: “*information that relates to the quantity, technical configuration, type, destination, location, and amount of use of a telecommunications service subscribed to by any customer of a telecommunications carrier, and that is made available to the carrier by the customer solely by virtue of the carrier-customer relationship” and “information contained in the bills pertaining to telephone exchange service or telephone toll service received by a customer or a carrier,” except that CPNI “does not include subscriber list information.” * The FCC’s "*illustrative non-exhaustive guidance to types of data that are PII*" that may be subject to protection was given as: “*name; Social Security number; date and place of birth; mother’s maiden name; unique government identification numbers (e.g., driver’s license, passport, taxpayer identification); physical address; email address or other online contact information; phone numbers; MAC address or other unique device identifiers; IP addresses; persistent online identifiers (e.g., unique cookies);eponymous and non-eponymous online identities; account numbers and other account information, including account login information; Internet browsing history; traffic statistics; application usage data; current or historical geo-location; financial information (e.g., account numbers, credit or debit card numbers, credit history); shopping records; medical and health information; the fact of a disability and any additional information about a customer’s disability; biometric information; education information; employment information; information relating to family members; race; religion; sexual identity or orientation; other demographic information; and information identifying personally owned property (e.g., license plates, device serial numbers)*." Pertaining to broadband and at the heart of this NPRM, the *minimum* set of elements of the CPNI in context is: “ (1) service plan information, including type of service (e.g., cable, fiber, or mobile), service tier (e.g., speed), pricing, and capacity (e.g., information pertaining to data caps); (2) geo-location; (3) media access control (MAC) addresses and other device identifiers; (4) source and destination Internet Protocol (IP) addresses and domain name information; and (5) traffic statistics.” Some requirements that can be gleaned from the publication are: * Customer personal information data must be authenticated * Customer personal information online must be password-protected * Customers must be given the opportunity to approve any contemplated use or sharing of protected PII * Customers must be informed of data breaches or unauthorized disclosure of protected CPNI The original Order identifying the CPNI requirements for IP-enabled services (FCC 07-22) can be found here <https://apps.fcc.gov/edocs_public/attachmatch/FCC-07-22A1.pdf>. --------------------------------------------- -Carlton ============================== Carlton A Samuels Mobile: 876-818-1799 *Strategy, Planning, Governance, Assessment & Turnaround* =============================
participants (1)
-
Carlton Samuels