The Federal Communications Commission (FCC) in the United States has proposed strict broadband privacy and data security rules. Once approved and adopted, these rules could impose prescriptive and complex obligations on service providers that would be among the most comprehensive in the United States. FCC voted to issue a notice of proposed rule-making (NPRM) to establish privacy rules for Broadband Internet Access Service (BIAS) providers.
If adopted, the NPRM would define key terms. For instance, the NPRM would define customer Proprietary Information as an umbrella term that includes both customer proprietary network information (CPNI) and personally identifiable information. It will also impose detailed content, form, timing, and placement requirements for privacy policies, with separate notice requirements for material changes.
The regulations would force to adopt the legacy three-tiered consent framework from the voice-centric CPNI rules, with a few notable changes. Also, it would impose prescriptive data security rules, which would address specific data security practices require that service providers generally protect the security, confidentiality, and integrity of customer Personal information by adopting security practices appropriately calibrated to the nature and scope of the BIAS provider’s activities, the sensitivity of the underlying data, and technical feasibility.
The regulations will broaden the definition of the breach to include inadvertent breaches and cover all customer personal information (not just CPNI), and expand breach notification obligations for both BIAS and voice providers. The rules will demand that BIAS providers be accountable for third party misuse of customer personal information. It will also prohibit BIAS providers from offering BIAS contingent on the waiver of privacy rights by consumers.
While the proposals are generally focused on broadband privacy, as the advisory explains, some of the issues on which the FCC seeks comment could have a far wider impact. Comments are due May 27, 2016, and reply comments are due June 27, 2016.
FCC regulates interstate and international communications by radio, television, wire, satellite, and cable in all 50 states, the District of Columbia, and U.S. territories.