The new Federal Communications Commission (FCC) rules are an effort to keep consumer data secure and to fight “pre-texting,” the illegal practice of obtaining phone records by impersonating a phone customer.
In summer of 2006, the Hewlett-Packard Company was charged with hiring private detectives to gain personal information on their board members, in an effort to identify the sources of news leaks about company matters.
Concern about pre-texting first rose among law-makers in 2005 and was spurred by the events at Hewlett-Packard. Privacy advocates have been pushing since the 1990s for increased security including laws against selling customer information without written authorization.
A law was signed by President George W Bush in January, 2007, making the practice of pre-texting illegal, with penalties of up to ten years in prison. While the law gives police the ability to detain perpetrators, there are no requirements in the law stating how phone companies should protect customer information.
The FCC is currently working to pass new rules that include password requirements for phone accounts in order to safeguard consumer privacy. Phone companies are weary that this will create outrage among their customers, because it hinders easy access to their information. Also included are provisions requiring phone companies to obtain written permission prior to releasing customer information to outside marketing organizations.
The FCC is advocating increased security through several components:
– Passwords set by consumers.
– Audit trails that record all instances when a customer’s records have been accessed, whether information was disclosed, and to whom.
– Encryption by carriers of stored customer proprietary network information, (CPNI) data.
– Limits on data retention that require deletion of call records when they are no longer needed for legitimate business purposes.
– Notice provided by companies to customers when the security of their CPNI may
have been breached.
Phone companies oppose the new rules as unnecessary, claiming no evidence exists that information provided to third party organizations will fall into the wrong hands. Phone companies also cite a 1999 victory in a federal court which upheld their claim that this requirement for written authorization violates their first amendment rights.
Privacy advocates are concerned because the Department of Justice and the Department of Homeland Security have taken issue with two of the proposed provisions of the new rules. One is the requirement that consumer records must be promptly destroyed once no longer needed, which law enforcement agencies say can hinder criminal investigations. The two departments also want law enforcement agencies to be notified prior to the customer if private information has been improperly shared or obtained.
The new set of rules is part of a long run by the FCC to modernize its own organization and existing telecommunication laws in the face of a changing marketplace. Proceedings were launched one year ago on February 10, 2006, to enact the new rules currently under debate.
JOHN DUNBAR. “Companies Leery of FCC Phone Rules.” The Associated Press. http://www.theolympian.com/101/story/63977.html
FCC Press Release “Fcc Examines Need For Tougher Privacy Rules.”