The FCC Enforcement Bureau released an advisory on May 20, 2015 which reiterates the findings in the Open Internet Order that all broadband providers must comply with the privacy provisions of Section 222 of the Communications Act, but that the FCC’s current rules implementing Section 222 [64 CFR 2001 – 64 CFR 2011] are not applicable to the provision of broadband services.
Section 222 of the Communications Act governs telecommunications carriers’ protection and use of information obtained from customers or other carriers and regulates the required level of protection of such information based on its sensitivity. Congress afforded the highest level of protection to customer proprietary network information (“CPNI”). Section 222 places a duty on telecommunications carriers to protect their customers’ private information and imposes restrictions on a carrier’s ability to use, disclose, or permit access to customer’s CNPI without their consent.
Until the FCC adopts formal privacy rules for broadband providers, the providers will be judged on whether they take reasonable, good faith steps to comply with Section 222. Providers can seek advice from the Enforcement Bureau on whether their practices comply. A request for guidance will tend to show that the provider is acting in good faith. Although, the Bureau noted that failure to seek guidance would not have any effect on a good faith determination.
Broadband providers may want to conduct a review of current customer privacy practices and policies for Section 222 compliance. Where practicable, broadband providers may want to seek guidance from the Enforcement Bureau.