FCC Strengthens Privacy Rules To Prevent Pretexting
Apr 6, 2007 3:12 PM
The Federal Communications Commission (FCC) has strengthened its privacy rules by requiring telephone and wireless carriers to adopt additional safeguards to protect the personal telephone records of consumers from unauthorized disclosure. The safeguards help prevent unauthorized access to customer proprietary network information (CPNI), also known as pretexting.
According to the FCC, pretexting is defined as the practice of obtaining someone's personal information under false pretenses. Pretexters can sell that information to people who may use it to obtain credit cards, steal assets, to investigate someone or even sue them. The FCC's new safeguards include:
Carrier Authentication Requirements: Carriers are prohibited from releasing a customer's phone call records when a customer calls the carrier except when the customer provides a password. If a customer does not provide a password, carriers may not release the customer's phone call records except by sending it to an address of record or by the carrier calling the customer at the telephone of record. Carriers are required to provide mandatory password protection for online account access. Carriers are permitted to provide all CPNI, including customer phone call records, to customers based on in-store contact with a valid photo ID.
Notice to Customer of Account Changes: Carriers are required to notify the customer immediately when the following are created or changed:
-a back-up for forgotten passwords;
-an online account;
-the address of record.
Notice of Unauthorized Disclosure of CPNI: A notification process is established for both law enforcement and customers in the event of a CPNI breach.
Joint Venture and Independent Contractor Use of CPNI: Consent rules are modified to require carriers to obtain explicit consent from a customer before disclosing a customer's CPNI to a carrier's joint venture partners or independent contractors for the purposes of marketing communications-related services to that customer.
Annual CPNI Certification: Certification rules are amended to require carriers to file with the Commission an annual certification, including an explanation of any actions taken against data brokers and a summary of all consumer complaints received in the previous year regarding the unauthorized release of CPNI.
CPNI Regulations Applicable to Providers of Interconnected VoIP Service: All CPNI rules are extended to cover providers of interconnected voice over Internet Protocol (VoIP) service.
Business Customers: In limited circumstances, carriers may bind themselves contractually to authentication regimes other than those adopted in this Order for services they provide to their business customers that have a dedicated account representative and contracts that specifically address the carrier's protection of CPNI.
The FCC has also adopted a Further Notice of Proposed Rulemaking, seeking comment on what additional steps, if any, the Commission should take to further protect the privacy of consumers. For more information, visit www.fcc.gov
Want to use this article? Click here for options!
© 2013 Penton Media Inc.
Today's New Product
In support of the Privaris family of personal identity verification tokens for secure physical and IT access, an updated version of its plusID Manager Version 2.0 software extends the capabilities and convenience to administer and enroll biometric tokens. The software offers multi-client support, import and export functionality, more extensive reporting features and a key server for a more convenient method of securing tokens to the issuing organization.