The Federal Communications Commission (FCC) recently issued four orders imposing $196 million in fines against the three largest national mobile services providers in the United States (i.e., AT&T, T-Mobile, and Verizon) and Sprint, who merged with T-Mobile in 2020 (the “Mobile Providers”).[1] The FCC fined them for sharing customer location information with third parties without prior customer consent and then failing to take reasonable measures to protect that information against unauthorized disclosure. Although AT&T, T-Mobile, and Verizon suspended in 2019 the specific programs that gave rise to the fines, the Forfeiture Orders stand as the definitive guidance from the FCC on the treatment of customer location information under Section 222 of the Communications Act and the FCC’s rules regulating access to “customer proprietary network information” or “CPNI.” They also provide a window into upcoming debates and possible additional FCC actions.Continue Reading FCC Fines National Mobile Providers for Sharing Customer Location Information: What Are the Lessons and What to Expect in this New Era of FCC Mobile Data Privacy Oversight
Data Retention
FCC Initiatives on Data Privacy, Internet Network Security and Data Caps
In the last week, the Federal Communications Commission (FCC) has taken several steps to signal a more assertive and aggressive role for that agency on privacy, data protection and cybersecurity issues.
First, The FCC announced on June 14, 2023, the creation of a Privacy and Data Protection Task Force that will coordinate across the FCC on rulemaking, enforcement and other proceedings impacting privacy and data protection. Among the issues that the Task Force will focus on are data breaches by telecommunications providers and vulnerabilities involving third-party vendors servicing telecommunications providers. FCC Chairwoman Jessica Rosenworcel noted that the Task Force, which the Chief of the Enforcement Bureau will lead, will play a prominent role in the agency’s effort to modernize its data breach rules and new rules to crack down on SIM-swapping fraud.
Continue Reading FCC Initiatives on Data Privacy, Internet Network Security and Data Caps
Privacy World Week in Review
In case you missed it, below are recent posts from Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.
New CISA Guidelines Lay Out Unified International Principles on Security-by-Design and Security-by-Default
2023 has swiftly become the year of the U.S. National Cybersecurity Strategy. On March 2, 2023, the Biden Administration issued its National Cybersecurity Strategy brief, outlining its vision to: (1) defend critical infrastructure; (2) disrupt and dismantle threat actors; (3) shape market forces to drive security and resilience; (4) invest in a resilient future; and (5) forge international partnerships to pursue shared goals. In furtherance of the goal to defend critical infrastructure, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) released “Shifting the Balance of Cybersecurity Risk: Principles and Approaches for Security-by-Design and -Default” (the “Report”), on April 13.
Calling the current state of technology “vulnerable by design,” the Report aims to encourage technology manufacturers to integrate security into their products from the ground up, factoring security into product development beginning at the design phase. In addition to the CISA, several American security agencies (the National Security Agency and Federal Bureau of Investigation) and international cybersecurity agencies (from Australia, Canada, the United Kingdom, Germany, the Netherlands, and New Zealand) collaborated to provide a unified recommended approach to the development of both software and hardware. Below, we break down what the Report means for the tech sector.Continue Reading New CISA Guidelines Lay Out Unified International Principles on Security-by-Design and Security-by-Default
Privacy World Week in Review
In case you missed it, below are recent posts from Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.
Privacy World Week in Review
In case you missed it, below are recent posts from Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.
Singapore Appointed as Deputy Chair of the Global Cross-Border Privacy Rules Body | Privacy World
Data Retention and Minimization, The Elephant in the Room
Following in the footsteps of Europe, U.S. states are codifying obligations to maintain personal data inventories and retention schedules, and to limit retention and use to only what is necessary to meet the purposes disclosed at the point and time of collection, for only so long as that limited purpose continues. A recent study by…
Federal Trade Commission’s Enforcement Action Against Data-Broker Kochava Heats Up With Motion To Dismiss Briefing And Upcoming Hearing
Kochava, an Idaho-based data broker, is currently embroiled in a federal lawsuit with the Federal Trade Commission (“FTC”) that has the potential to redefine the legal bounds of the data sharing and data brokering industries. Privacy World immediately reported on the FTC v. Kochava, Inc. case the day after the FTC filed its motion for…
Privacy World Week in Review
In case you missed it, below are recent posts from Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.
Kick Start Your Data Inventory Project in 7-Steps
Privacy World has been talking about the importance of data inventories for years. Why? Because it is next to impossible to build a compliant privacy and data security program without first doing a data inventory. A data inventory will serve as a roadmap to help a company meet various privacy and security compliance milestones. Yet, completing a data inventory is one of the hardest and most daunting parts to building a privacy program. At least it was for Katy when she was in-house as a Global Data Protection Officer. The alternative to proactively creating a data inventory is trying to hastily create one during the middle of an incident response or responding to a regulatory demand, which Katy and Shea have seen numerous times helping clients during a crisis. Indeed, building a data inventory during a time of turmoil is the worst time to confirm a company’s data processing practices, and we want to help you avoid this worst-case scenario as you work to build out your 2023 privacy and data security compliance action plan.
Continue Reading Kick Start Your Data Inventory Project in 7-Steps