One year ago, in March 2015, the Federal Communications Commission (“FCC”) reclassified broadband Internet access service as a common carrier Telecommunications Service subject to regulation under Title II of the Communications Act.  At that time, however, the FCC recognized that the then-current rules were not well suited to broadband privacy.  On March 10, 2016, the FCC’s Chairman Tom Wheeler circulated for consideration by the full Commission a Notice of Proposed Rulemaking (“NPRM”) that effectively represents the start of the process of adopting rules suitable to broadband service.

The proposed rules would be built on three core principles: Customer choice, transparency, and data security.

Choice – Internet Service Providers (“ISPs”) would be required to provide customers with varying degrees of choice (i.e., no consent required, opt-out or opt-in), depending on how the customer’s personal information is used.

Transparency — ISPs would be required to disclose in “an easily understandable and accessible manner” the types of information they collect, how they use that information, and the circumstances in which they will share customer information with third parties.

Security — The proposal would require broadband providers to take reasonable steps to safeguard customer information from unauthorized use or disclosure. And, at a minimum, the proposal would require broadband providers to adopt risk management practices; institute personnel training practices; adopt strong customer authentication requirements; identify a senior manager responsible for data security; and take responsibility for use and protection of customer information when shared with third parties.

In order to encourage ISPs to protect the confidentiality of customer data, and to give consumers and law enforcement notice of failures to protect such information, the Chairman’s proposal includes common-sense data breach notification requirements. Specifically, in the event of a breach, providers would be required to notify:

  • Affected customers of breaches of their data no later than 10 days after discovery.
  • The Commission of any breach of customer data no later than 7 days after discovery.
  • The Federal Bureau of Investigation and the U.S. Secret Service of breaches affecting more than 5,000 customers no later than 7 days after discovery of the breach.

The proposed rule would apply exclusively to providers of broadband Internet access service and not to providers such as Amazon and Facebook or other operators of social media websites.

The proposal will be voted on by the full Commission on March 31, and, if adopted, would be followed by a period of public comment.

Tags: FCC, Federal Communications Commission, ISP
Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Jeffrey M. Schlossberg Jeffrey M. Schlossberg

Jeffrey M. Schlossberg is a Principal in the Long Island, New York, Office of Jackson Lewis P.C. Mr. Schlossberg has devoted his entire career to the employment law field. He is a Certified Information Privacy Professional (CIPP/US) with the International Association of Privacy…

Jeffrey M. Schlossberg is a Principal in the Long Island, New York, Office of Jackson Lewis P.C. Mr. Schlossberg has devoted his entire career to the employment law field. He is a Certified Information Privacy Professional (CIPP/US) with the International Association of Privacy Professionals and is an editor of the firm’s EPL Risk Mitigation Blog.

Mr. Schlossberg has extensive experience in handling all aspects of the employer-employee relationship. Areas of concentration include: employment discrimination prevention and litigation; workplace harassment policy development and compliance; social media and information privacy in the workplace; family and medical leave; disability matters; wage and hour investigations and litigation; non-competition agreements; and corporate mergers and acquisitions.

Mr. Schlossberg has defended against claims such as sexual harassment, age, race, national origin and disability discrimination for public and private companies in industries such as media, technology, airline, aircraft components, restaurants, supermarkets, securities, medical, manufacturing, cosmetics, food processing, software, clothing, vitamins and nutritional products, and many other employers of varying size throughout the metropolitan area and across the country.

Mr. Schlossberg lectures frequently about various topics to trade and professional associations, such as the Hauppauge Industrial Association. Mr. Schlossberg is also an active member of the Nassau County Bar Association and is a Past Chair of the Nassau County Bar Association Labor & Employment Law Committee.

Mr. Schlossberg is an appointed member of the Employment Law Panel of arbitrators for National Arbitration and Mediation.

Read more about Jeffrey M. Schlossberg
Show more Show less
Related Posts
hacker hand stealing data from laptop top down
Towfiqu barbhuiya, Unsplash
 Insights From The IBM 2023 Cost of a Data Breach Report
September 5, 2023
Beds at a hospital in Sinjar.
Levi Meir Clancy, Unsplash
 Hospital Mergers Double the Risk of a Data Breach, Study Shows
August 15, 2023
Gaming Keyboard
Xeriss, Unsplash
 Cyber Safety Review Board Issues Compelling Report about Lapsus$, MFA Vulnerabilities, and Helpful Recommendations
August 14, 2023