RealTime IT News

Are Carriers Doing Enough to Protect Consumer Data?

The furor over the unauthorized disclosure of consumers' personal telephone records continues to gain momentum in Washington.

Late Friday afternoon, the Federal Communications Commission (FCC) turned its attention to the telecommunications carriers entrusted with securing the data.

Already investigating the data brokers who sell the records online, the FCC now wants to know if carriers are doing all they can to adequately protect customer call records and other customer proprietary network information (CPNI).

"We seek comment on whether additional commission rules are necessary to strengthen the safeguards currently in place to protect consumers' sensitive telephone record data," FCC Chairman Kevin Martin said in a statement. "I am deeply concerned about reports of companies trafficking in personal telephone records."

The FCC probe comes in reaction to an August petition by the Electronic Privacy Information Center (EPIC) that seeks additional FCC rules and regulations for tighter telecom CPNI security standards.

"By starting this proceeding, we pledge to protect consumers from unscrupulous data brokers who have built a business on selling information about our private conversations," Commissioner Michael Copps said in his statement. "The commission also commits to adjusting its rules to further safeguard privacy and prevent the unauthorized disclosure of customer proprietary network information."

Since EPIC filed its petition, both houses of Congress have launched investigations into how the data brokers are obtaining the information and what the carriers are doing about it. A number of bills have been introduced aimed at curbing the practice.

According to EPIC and subsequent congressional testimony, carriers being duped into providing customers' personal data through a process known as "pretexting," which is where con artists, armed with a some personal information about a consumer, pretend to be the account holder.

EPIC also claims unscrupulous operators can crack consumers' online telephone accounts and suggests evidence exists of dishonest insiders at the carriers selling access to information.

In its petition, EPIC proposed five additional security measures that it says will more adequately protect CPNI. The FCC is seeking public comment on EPIC's ideas, including consumer-set passwords, audit trails to record all instances when consumers' records are accessed, encryption and time limits on retention of certain records.

"We live in a day and age where our cherished right to privacy suffers from a daily fusillade of data gathering," Copps said. "Companies can monitor what we do, stores can study what we buy, technologies can track what we watch, see and hear."

Copps added, "Consumers rightfully expect that regulatory agencies like this one will do something to protect them from this bombardment, to give them a measure of confidence that not every aspect of their personal information is available to the highest bidder."