FCC adapts new privacy rules to prevent pretexting
April 10, 2007
The FCC is requiring telephone and wireless carriers to adopt new safeguards protecting the personal telephone records of consumers from unauthorized disclosure.
The new safeguards are meant to combat the practice of pretexting, where someone impersonating a phone customer obtains access to personal calling records and other sensitive information. The commission has already proposed a $100,000 fine against three telecommunications companies that it claims did not adequately protect personal calling records, including mobile video service provider Amp’d Mobile.
Under the new safeguards, carriers, including providers of interconnected voice over Internet Protocol (VoIP) services: are prohibited from releasing a customer’s phone call records to that customer unless he or she provides a password; must provide mandatory password protection for online account access; have to notify a customer immediately when a password, a back-up for forgotten passwords, an online account or the address of record has been changed or created; and must establish a notification process for both law enforcement and customers in the event of a customer proprietary network information (CPNI) breach. In addition, carriers must obtain explicit consent from a customer before disclosing a customer’s CPNI to joint venture partners or independent contractors trying to market communications-related services to that customer.
Carriers must also file a certification annually with the commission explaining any actions taken against data brokers and a summary of customer complaints received in the previous year regarding the unauthorized release of CPNI.
Amp’d Mobile came under fire from the FCC because the commission alleges the provider failed to provide a statement accompanying its compliance certificate explaining how its operating procedures protect customers’ personal information. A spokeswoman for the company stated recently in the “Los Angeles Times” that Amp’d Mobile felt the proposed fine was “based on a misunderstanding” and it “would be able to demonstrate that it was in compliance.”
For more information, visit www.fcc.gov.