The Cable Communications Policy Act (Public Law 98-549) protects the personal information of customers of cable service providers. It incorporates the provisions of the OECD Privacy Guidelines (1980), thus providing a model of a comprehensive privacy statute. At the same time, it also represents an example of US sector-by-sector approach to privacy law.
What is the Cable Act?
In 1984, Congress passed the Cable Communications Privacy Act (“1984 Cable Act,” or simply “Cable Act”) to amend the Communications Act of 1934. The Cable Act establishes a comprehensive framework for cable regulation and puts forward strong protections for subscriber privacy by restricting the collection, maintenance and dissemination of subscriber data.
The Cable Act prohibits cable operators from using the cable system to collect “personally identifiable information” concerning any subscriber without prior consent, unless the information is necessary to render services, or detect unauthorized reception. It also prohibits operators from disclosing personally identifiable data to third parties without consent, unless the disclosure is either necessary to render a service provided by the cable operator to the subscriber or if it is made to a government entity pursuant to a court order.
Under the Cable Act, cable companies are required to provide a written notice of privacy practices to each subscriber/customer at the time of entering into a service contract, and at least once a year thereafter. The privacy notice must specify:
- The nature of the personally identifiable information that is or may be collected, and the uses to which it may be put.
- The “nature, frequency and purpose” of any disclosure that may be made of such information, including identification of the persons to whom those disclosures may be made.
- How long the information may be maintained by the cable service provider.
- Where and how the subscriber may have access to the information about himself/herself.
- The subscriber’s right to bring legal action if the requirements of the law are not followed.
Consent, Disclosure & Access
Generally, cable service providers are required to obtain prior written or electronic consent from their customers before the collection of personal information. Consent is not required to obtain information “necessary to render cable services,” nor is it required for information used to detect unauthorized reception.
Under the Cable Act, disclosure requires prior consent, with the same two exceptions for business necessity and detection of cable piracy. Disclosure of personal information without consent is also permitted pursuant to a court order. The subscriber must be first notified, and presented with an opportunity to appear and contest the order. Generally, disclosures may not include information about the subscriber`s particular selections of video programming.
Cable service customers must be offered access to the personal information collected “at reasonable times and at a convenient place.” The customer must be provided with a reasonable opportunity to have any errors in that information corrected. It is also the responsibility of the service provider to destroy personal information when it is no longer needed for the purposes for which it was collected. The company must take appropriate steps to prevent unauthorized access of customers’ personal information for as long as it is held.
Cable service subscribers have rights for civil action in cases of violation of the Cable Act. The Act includes provisions for actual and punitive damages.
Updates to the Act
In 2001, the USA-PATRIOT Act narrowed the Cable Act’s privacy provisions, clarifying that companies who offer cable-based internet or telephone services will be subject to the requirements of the Cable Act to notify subscribers of government surveillance requests only when detailed cable viewing information is being sought. Otherwise, cable operators can respond to a government surveillance request under the Electronic Communications Privacy Act (ECPA), which does not require service providers to notify subscribers of requests.
This article introduces the Cable Communications Privacy Act of 1984 (CCPA, or “Cable Act”), which protects the personal information of customers of cable service providers.
CIPP Exam Preparation
In preparation for the Certified Information Privacy Professional/United States (CIPP/US) exam, a privacy professional should be comfortable with topics related to this post, including:
- Cable Communications Privacy Act of 1984 (II.E.g.)