The FCC launched a proceeding to examine whether additional security measures could prevent the unauthorized disclosure of sensitive customer information held by telecommunications companies.
In a Notice of Proposed Rulemaking (NPRM), the FCC seeks comment on a variety of issues related to customer privacy, including what security measures carriers currently have in place, what inadequacies exist in those measures, and what kind of security measures may be warranted to better protect consumers' privacy.
The Notice grants a petition for rulemaking filed by the Electronic Privacy Information Center (EPIC) expressing concerns about whether carriers are adequately protecting customer call records and other customer proprietary network information, or CPNI.
The NPRM specifically seeks comment on five measures, which are:
- Passwords set by consumers.
- Audit trails that record all instances when a customer's records have been accessed, whether information was disclosed, and to whom.
- Encryption by carriers of stored CPNI data.
- Limits on data retention that require deletion of call records when they are no longer needed.
- Notice provided by companies to customers when the security of their CPNI may have been breached.
