The Canadian Privacy Law Blog: Developments in privacy law and writings of a Canadian privacy lawyer, containing information related to the Personal Information Protection and Electronic Documents Act (aka PIPEDA) and other Canadian and international laws.

Search this blog

Recent Posts

On Twitter

About this page and the author

The author of this blog, David T.S. Fraser, is a Canadian privacy lawyer who practices with the firm of McInnes Cooper. He is the author of the Physicians' Privacy Manual. He has a national and international practice advising corporations and individuals on matters related to Canadian privacy laws.

For full contact information and a brief bio, please see David's profile.

Please note that I am only able to provide legal advice to clients. I am not able to provide free legal advice. Any unsolicited information sent to David Fraser cannot be considered to be solicitor-client privileged.

David Fraser's Facebook profile

Privacy Calendar

Archives

Links

Subscribe with Bloglines

RSS Atom Feed

RSS FEED for this site

Subscribe to this Blog as a Yahoo! Group/Mailing List
Powered by groups.yahoo.com

Subscribe with Bloglines
Add to Technorati Favorites!

Blogs I Follow

Small Print

The views expressed herein are solely the author's and should not be attributed to his employer or clients. Any postings on legal issues are provided as a public service, and do not constitute solicitation or provision of legal advice. The author makes no claims, promises or guarantees about the accuracy, completeness, or adequacy of the information contained herein or linked to. Nothing herein should be used as a substitute for the advice of competent counsel.

This web site is presented for informational purposes only. These materials do not constitute legal advice and do not create a solicitor-client relationship between you and David T.S. Fraser. If you are seeking specific advice related to Canadian privacy law or PIPEDA, contact the author, David T.S. Fraser.

Saturday, February 11, 2006

FCC considers new rules to safeguard caller information 

From the Federal Communication Commission (via beSpacific: FCC Proposes Rulemaking to Prevent Sale of Cell Phone Records):

FCC EXAMINES NEED FOR TOUGHER PRIVACY RULES

Comment Sought On Measures Proposed by EPIC, Commission

Washington, D.C. – The Federal Communications Commission today launched a proceeding to examine whether additional security measures could prevent the unauthorized disclosure of sensitive customer information held by telecommunications companies.

In a Notice of Proposed Rulemaking (NPRM) adopted today, the Commission seeks comment on a variety of issues related to customer privacy, including what security measures carriers currently have in place, what inadequacies exist in those measures, and what kind of security measures may be warranted to better protect consumers’ privacy. The Notice grants a petition for rulemaking filed by the Electronic Privacy Information Center (EPIC) expressing concerns about whether carriers are adequately protecting customer call records and other customer proprietary network information, or CPNI. EPIC claims that some data brokers have taken advantage of inadequate security standards to gain access to the information under false pretenses, such as by posing as the customer, and then offering the records for sale on the Internet. The practice is known as “pretexting.”

In its petition, EPIC proposed five additional security measures that it says will more adequately protect CPNI. The NPRM specifically seeks comment on these five measures, which are:

  • Passwords set by consumers.
  • Audit trails that record all instances when a customer’s records have been accessed, whether information was disclosed, and to whom.
  • Encryption by carriers of stored CPNI data.
  • Limits on data retention that require deletion of call records when they are no longer needed.
  • Notice provided by companies to customers when the security of their CPNI may have been breached.

Section 222 of the Communications Act requires carriers to take specific steps to ensure that CPNI is adequately protected from unauthorized disclosure. Current rules require carriers to certify compliance with the Commission’s CPNI rules and make that certification available to the public, but the Commission observes that a lack of uniformity in these certifications could be an obstacle to effective enforcement. The Commission seeks comment on a tentative conclusion that it should amend its rules to require carriers to file annual compliance certificates with the Commission, along with a summary of all consumer complaints received in the past year concerning the unauthorized release of CPNI and a summary of any actions taken against data brokers during the preceding year.

The Commission also seeks comment on other ways to protect customer privacy, including whether carriers should be required to take the additional step of calling a subscriber’s registered telephone number before releasing CPNI in order to verify that the caller requesting the information is actually the subscriber.

Action by the Commission, February 10, 2006 by Notice of Proposed Rulemaking (FCC 06-10). Chairman Martin, Commissioners Copps, Adelstein and Tate.

Technorati tags: ::

Labels: , ,

Links to this post:

Create a Link

This page is powered by Blogger. Isn't yours? Creative Commons License
The Canadian Privacy Law Blog is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 2.5 Canada License. lawyer blogs