RealTime IT News

FCC Pushing Carriers to Guard Your Data

WASHINGTON -- While the new Congress drafts bills that aim to help curb identity theft, Federal Communications Commission (FCC) Chairman Kevin Martin said Wednesday he plans to attack the problem through the agency's existing regulatory authority over telephone carriers.

According to Martin, the FCC may consider as early as February new agency rules that would mandate telephone companies require customer passwords to access account information over the telephone. In the past, carriers have resisted requiring passwords, insisting the idea would impose an unfair burden on consumers.

But a surge in pretexting over the last several years has put the carriers' procedures in the FCC's crosshairs. With a booming cottage industry on the Internet selling individuals' personal telephone data, the FCC is concerned carriers are not doing enough to adequately protect consumer information, known as Consumer Proprietary Network Information (CPNI).

Martin said he would also push for a consumer opt-in requirement for a telephone company to sell or market a customer's personal information.

"We want to add safeguards to protect consumers' CPNI," Martin told reporters. "We want to change the way carriers share information among affiliates."

President Bush last week signed legislation targeting pretexters, but the new law does not add any further requirements on telephone carriers to protect CPNI.

Under current FCC rules, telephone companies are obligated to protect the confidentiality of CPNI, but carriers may disclose the information without user approval in order to market services such as Caller ID and voice mail through affiliates.

If a telephone company uses CPNI for other marketing purposes, it must obtain user approval to do so. The company may request user approval orally, in writing or electronically. The request must contain specific disclosures about how a telephone company will use customer information.

Carriers that use CPNI for marketing purposes usually require consumers to opt-out of the scheme. "We're calling for opt-in," Martin said.

An FCC source close to the Martin proposal said the FCC is also considering extending the opt-in requirements beyond telephone carriers to Internet service providers and others who deal in confidential customer information.

In Congress, Sen. Ted Stevens (R-Alaska) is proposing an outright ban on telephone carriers selling CPNI without the express written consent of consumers. The Protecting Consumer Phone Records Act would apply to wireline, wireless and Voice over IP (VoIP) carriers.

The bill also increases penalties for pretexters who attempt to dupe telephone companies into revealing personal information about a customer and Internet sites that sell personal telephone information.