On December 2, 2016, a notice and summary of the Federal Communications Commission’s (FCC’s) controversial Broadband Privacy Order (the Order) was published in the Federal Register. The Order imposes comprehensive privacy and data security regulations for providers of broadband Internet access service (BIAS) and replaces existing privacy and data security rules for all other telecommunications service providers.
Since “carriers will need some time to update their internal business processes as well as their customer-facing privacy policies and choice mechanisms,” the Order provides a staggered timeline for implementing the new privacy and data security rules. It also provides guidance on how carriers should treat customer approvals and share customer PI received before the new rules are effective. Finally, the Order extends the timeline for small carriers to implement the transparency and customer choice rules.
A few of the rules must obtain approval from the Office of Management and Budget (OMB) under the Paperwork Reduction Act (PRA) before they go into effect. After OMB approval, the FCC’s Wireline Competition Bureau (WCB) must release a public notice indicating that the rule is effective, and giving carriers a time period to come into compliance with the rule that is the later of (1) eight weeks from the date of the public notice, or (2) the effective date noted above.