FCC To Telecoms: Protect customer's privacy or pay the price

Different countries approach privacy and regulations in a few different fashions.  Areas such as the European Union practice a comprehensive privacy approach where any piece of Personally Identifiable Information (PII) is protected by one set of rules.  In Canada and Australia, a co-regulatory model extends the comprehensive model to include industry in defining the terms of privacy.  Self regulatory models in Singapore, Japan, and some commercial segments within the US require companies to abide by a code or set of best practices designed by the segment.

The rest of the US employs a sectoral approach, where each industry answers to some sort of government regulatory agency.  Whether it’s the Federal Trade Commission (making the news quite a bit over the past few months), the Department of Health and Human Services (HIPAA), or the Public Company Accounting Oversight Board (PCAOB – set up specifically to regulate SarbOx), different rules, reporting and punishments apply.  Eventually, all of these regulations interweave and become difficult to manage, especially in the privacy space where everyone is expected to authenticate a user, but carefully collect any sort of PII.

The Federal Communications Commission isn’t the body normally considered for privacy regulations.  Created in 1934, most people think of the FCC in it’s handling of radio and tv stations.  The FCC received broader powers under the Telecommunications Act amendement in 1996.  As of last week, the FCC made good on it’s Customer Proprietary Network Information protection plan.  A minimum of $20,000 in fines for each of 600 small phone and wireless providers were handed out to carriers who had not filed appropriate reports on their protection methods.

“I have long stressed the importance of protecting the sensitive information that telecommunications carriers collect about their customers,” said Michael Copps, the FCC’s acting chairman, in an FCC statement. “Carriers’ obligation to annually certify that they have implemented a CPNI [customer proprietary network information] protection plan is essential to ensuring their compliance with the commission’s rules as well as our ability to monitor their compliance. The broad nature of this enforcement action hopefully will ensure substantial compliance with our CPNI rules going forward as the commission continues to make consumer privacy protection a top priority.”

This enforcement should serve as a reminder to privacy professionals, and especially those interested in certification and studying for the CIPP,  how wide spread regulations are in the United States.


Leave a Reply




You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>