Friday, April 1, 2016

FCC Proposes Broadband Consumer Privacy Rules

Friday, April 01, 2016  ,  

The FCC is proposing new privacy guidelines to ensure broadband customers have meaningful choice, greater transparency and strong security protections for their personal information collected by ISPs.

Specifically, to provide consumers more control over the use of their personal information – and enforce the broadband provider’s responsibility to safeguard such data – the NPRM separates the use and sharing of information into three categories, and proposes adoption of clear guidance for both ISPs and customers about the transparency, choice and security requirements for customers’ personal information:

Consent Inherent in Customer Decision to Purchase ISP’s Services:  Customer data necessary to provide broadband services and for marketing the type of broadband service purchased by a customer – and for certain other purposes consistent with customer expectations, such as contacting public safety – would require no additional customer consent beyond the creation of the customer-ISP relationship.
Opt-out:  Broadband providers would be allowed to use customer data for the purposes of marketing other communications-related services and to share customer data with their affiliates that provide communications-related services for the purposes of marketing such services unless the customer affirmatively opts out.
Opt-in:  All other uses and sharing of consumer data would require express, affirmative “opt-in” consent from customers.

In addition, the NPRM proposes:
Transparency requirements that require ISPs to provide customers with clear, conspicuous and persistent notice about what information they collect, use and share with third parties, and how customers can change their privacy preferences;
Robust and flexible data security requirements for broadband providers that include requirements
to adopt risk management practices; institute personnel training practices; implement strong customer authentication requirements; identify a senior manager responsible for data security; and take responsibility for use and protection of customer information when shared with third parties.
Common-sense data breach notification requirements to encourage ISPs to protect the confidentiality of customer data, and to give consumers and law enforcement notice of failures to protect such information.

http://www.fcc.gov