The FCC recently adopted broadband privacy rules which will be implemented on a staggered schedule. The FCC did not provide calendar dates for implementing the rules and some of the dates are based on pending PRA approvals. The following is a summary of the new privacy rules and the dates they are scheduled to take effect.
On January 3, 2017, sections 64.2010 and 64.2011(a) became effective. Section 64.2010 pertains to the Business Customer Exemption for Provision of Telecommunications Services other than BIAS, and states that Telecommunication carriers can utilize other contractual privacy and data security regimes for services other than BIAS as long as the issues of transparency, choice, data security, and data breach are addressed. There must also be a mechanism for the customer to communicate concerns to the carrier. Section 64.2011(a) pertains to BIAS Offers Conditioned on Waiver of Privacy Rights and states that a BIAS provider cannot condition providing BIAS on a customer’s agreement to waive privacy rights, nor may a BIAS provider terminate or refuse to provide service based on a customer’s refusal to waive their privacy rights. Section 64.2011(b) is not effective until on or after December 4, 2017, as discussed below.
On March 2, 2017, new section 64.2005 replaced old sections 64.2009 (Safeguards required for use of customer proprietary network information) and 64.2010 (Safeguards on the disclosure of customer proprietary network information). Section 64.2005 covers data security, states a carrier must take reasonable measures to protect customers’ proprietary information, and lists four factors for determining reasonableness—the nature and scope of the carrier’s activities, the sensitivity of the data, the size of the carrier, and technical feasibility.