On October 28, 2014, the Federal Communications Commission (“FCC” or the “Commission”) announced that it had joined the Global Privacy Enforcement Network (“GPEN”), a network of privacy enforcement and regulatory bodies from around the world that engages in collaboration and coordination on cross-border privacy enforcement actions.
The FCC’s announcement represents the latest step in its headlong march into privacy and data security matters. This past June, the FCC launched a brand new cybersecurity initiative, “The New Paradigm,” which will include a private-sector-driven effort to improve cyber-readiness in the communications industry. In September, the FCC reached a $7.4 million settlement with Verizon over alleged violations of the Customer Proprietary Network Information (“CPNI”) rules. And just two weeks ago, the FCC released a Notice of Apparent Liability (“NAL”) proposing multi-million dollar fines against two wireless providers, YourTel and TerraCom, based on a novel and expansive reading of Sections 222(a) and 201(b) of the Communications Act of 1934, as amended.
These recent actions demonstrate that Chairman Tom Wheeler and Enforcement Bureau Chief Travis LeBlanc are serious about expanding the FCC’s role as a privacy and security cop. As a result, communications companies – particularly those that fall within the Federal Trade Commission’s “common carrier exemption” – should take this opportunity to review all of their privacy and data security practices to ensure compliance with an evolving set of FCC privacy and security requirements.