The wireless industry was tagged with new privacy rules it decried as overkill and potentially costly to consumers, while Sprint Nextel Corp. downplayed suggestions its joint venture with four cable operators could suffer because of restrictions on sharing phone records.
The Federal Communications Commission’s decision directs wireless and wireline carriers to take additional steps to prevent unauthorized disclosure of subscribers’ phone records in the name of consumer privacy, but one provision allows delays in notifying customers of some privacy breaches involving customer proprietary network information, or CPNI. The agency’s two Democratic members dissented to the latter rule change.
The new guidelines, which essentially represent a shift from an opt-out to an opt-in regime, were triggered by high-profile cases in which data brokers
and others impersonated customers to obtain their phone records. Congress last year said “pretexting” was illegal. Congress is also pursuing legislation to require telecom carriers to do more to protect consumers’ phone records. The cellular industry opposes additional legislation and is unhappy with some parts of the FCC decision.
“The wireless industry shares the commission’s interest in protecting consumers from criminals who attempt to steal CPNI. While we understand that many of the FCC’s new requirements are entirely consistent with steps already taken by wireless carriers to protect their customers’ CPNI, we believe that some elements of the item are unnecessary and could ultimately raise costs for wireless consumers,” stated cellphone association CTIA. “In the end, however, we are committed to working with our customers and with the commission to protect consumers’ information.”
Under new FCC guidelines, telecom carriers cannot release phone records when a customer calls unless a password is provided. If a customer does not provide a password, carriers can mail it or call the customer. Moreover, telecom operators must provide mandatory password protection for online account access. Carriers can provide all CPNI, including phone call records, to subscribers based on in-store contact with a valid photo identification.
When there are changes involving a password, a backup for forgotten passwords, online accounts or an address of record, carries must notify customers promptly.
But the policy shift that emerged as potentially most significant in this era of sophisticated marketing would require wireless and wireline carriers to obtain explicit consent from a customer before disclosing a customer’s CPNI to a carrier’s joint-venture partners or independent contractors who would use that information to market communications-related services to that customer. Indeed, the new regulation seems to strike at the heart of synergistic marketing alliances.
No worries for Sprint, cable JV
One major press report predicted new FCC privacy rules put Sprint Nextel’s joint venture with four cable TV operators in harm’s way and that a challenge was a near certainty.
Not so, shot back Sprint Nextel.
“The FCC order is something that we anticipated and it does not jeopardize the cable joint venture in any way. We already have sound practices in place that ensure privacy and comply with the law, and they will ensure the success of the cable partnership,” said Matthew Sullivan, a Sprint Nextel spokesman.
Sprint Nextel’s cable TV partners are Time Warner Inc., Comcast Corp., Cox Communications Inc. and Advance/Newhouse Communications.
Sullivan was circumspect about whether Sprint Nextel would petition the FCC to reconsider the joint venture marketing restriction or pursue a federal court appeal.
“If there are issues as we move forward, we expect to raise them with the FCC,” said Sullivan.
The FCC said it had little choice but to put joint-venture marketing limits in place.
“We find that there is a substantial need to limit the sharing of CPNI with others outside a customer’s carrier to protect a customer’s privacy,” stated the FCC decision. “The black market for CPNI has grown exponentially with an increased market value placed on obtaining this data, and there is concrete evidence that the dissemination of this private information does inflict specific and significant harm on individuals, including harassment and the use of the data to assume a customer’s identity. The reality of this private information being disseminated is well-documented and has already resulted in irrevocable damage to customers. While there are safeguards in our current rules for sharing CPNI with joint-venture partners and independent contractors, we believe that these safeguards do not adequately protect a customer’s CPNI in today’s environment.”
Reviewing policy
AT&T Inc., owner of the largest U.S. wireless operator and the recipient of criticism over a separate privacy issue in connection with the Bush administration’s anti-terrorism surveillance program, said it takes phone record security seriously.
“AT&T shares a common goal with the FCC: to protect customer information from data burglars.