Yesterday, FCC Chairwoman Jessica Rosenworcel circulated a Notice of Proposed Rulemaking (“NPRM”) with her colleagues on the Commission to update the agency’s rules for notifying customers and federal law enforcement of breaches involving customer proprietary network information (“CPNI”). According to a press release, the proposed “updates would better align the Commission’s rules with recent developments in federal and state data breach laws covering other sectors.”

The Chairwoman’s proposal is significant because it signals a potentially more active FCC in consumer protection as the Democrats solidify control of the agency following the Presidential transition and Chairwoman Rosenworcel’s elevation from Acting Chair to Chair. The scope of the proposal appears to be fairly narrow (based on the limited information currently available) but represents the second CPNI-related action proposed in the past three months. Once a fifth commissioner is confirmed, Chairwoman Rosenworcel may be able to press a broader consumer protection agenda for the agency.


Continue Reading Rosenworcel Moves to Update Data Breach Reporting Requirements Under CPNI Rules

On Tuesday, November 16 at 2:00 PM, the FCBA Privacy and Data Security Committee and the American Bar Association’s Forum on Communications Law will hold the 16th Annual Privacy & Data Security Symposium: “The Evolving Privacy Landscape in the Absence of Federal Legislation”. This event will take a deep dive into the evolving privacy

On November 16th, Partner Steve Augustino will host the “Private 5G Networks” roundtable during Telecom Council’s virtual TC3 conference. This discussion will delve into this latest trend in 5G innovation, including the choices of unlicensed or licensed spectrum, MVNOs, privacy, control, and federal concerns about security. In addition to this and other Executive Roundtables,

Over the past few years, the data collection and use practices of Internet Service Providers (“ISPs”) have largely flown under the radar while large internet platforms and the broader adtech industry have been under greater scrutiny. That respite may be coming to end following a staff report released last week by the FTC detailing the scope of ISPs’ data collection and use practices. The staff report was based on orders issued in 2019 under Section 6(b) of the FTC Act and puts ISPs and large platforms on similar footing, observing that “many ISPs in our study can be at least as privacy-intrusive as large advertising platforms.” In addition, the staff report finds that several ISP data practices could cause harm to consumers but does not go as far as calling any practices unfair or deceptive.

What the FTC will do with the staff report is less clear. The Commission voted unanimously to release the report, which does not make any specific policy recommendations. Members of the Commission, however, drew their own conclusions and articulated starkly different outlooks on the report’s implications. Chair Lina Khan and Commissioner Rebecca Kelly Slaughter declared that the FCC should play a leading role in overseeing ISPs’ data practices, citing the FCC’s industry expertise and legal authority. Commissioner Christine Wilson, however, stated that “oversight of ISPs for privacy and data security issues should remain at the FTC.” ISPs’ data practices – and the broader question of whether the FCC should reclassify broadband service back to a Title II telecommunications service and re-impose strict broadband privacy rules – are likely to be prominent issues as the Biden FCC takes shape in the months ahead.


Continue Reading FTC Staff Report Puts Spotlight Back on ISP Data Collection and Use Practices; FCC Re-Regulation Suggested

On September 30, 2021,  the Federal Communications Commission (“FCC”) adopted a Notice of Proposed Rulemaking (“NPRM”) proposing new requirements for mobile wireless carriers to protect consumers from two practices that nefarious actors use to take control of a subscriber’s cell phone service without gaining control of the subscriber’s device. With “SIM swap fraud” a bad actor fraudulently convinces a carrier to transfer wireless services from a cell phone associated with a subscriber’s subscriber identity module (“SIM”) to a cell phone associated with another SIM and controlled by the bad actor. “Port-out fraud” is the practice of arranging for a phone number to be transferred from a subscriber’s wireless carrier account to an account the bad actor has opened with another carrier. In both cases, the bad actor gains access to customer account information and can start sending and receiving calls and text messages using the victim’s account or phone number, including text messages customers receive for two-factor authentication.

The Commission’s consumer protection action arises from numerous complaints from consumers who have suffered harm as a result of these practices, and from concerns that consumers are vulnerable to these acts because wireless carriers have not implemented adequate protocols to verify that SIM swap and port-out fraud requests. To mitigate them, the agency suggests revisions to its Customer Proprietary Network Information (“CPNI”) and Local Number Portability (“LNP”) rules.


Continue Reading FCC Proposes Amending Privacy and Number Portability Rules to Stop Virtual Cell Phone Theft

In episode 9 of Kelley Drye Full Spectrum’s “Inside the TCPA” series, Partner Steve Augustino and Associate Chris Laughlin provide an update on the new FCC requirement for voice service providers to develop and implement robocall mitigation programs. Building on their Episode 7 discussion of the STIR/SHAKEN framework, Steve and Chris discuss when

Earlier this year, we were asked to suggest 2021 resolutions for clients in the telecommunications, media, and technology industries. We developed several that should guide industry participants to improve their compliance and services to customers. Research suggests that February typically is the month when New Year’s resolutions fail, so we decided to take a look at our resolutions and offer some suggestions for making these stick.

To start, here is the first resolution we suggested for the industry:

Resolution for Voice Service Providers: Resolve to reduce illegal robocalls. Voice service providers long have supported the FCC’s ongoing efforts to target bad actors sending illegal and fraudulent robocalls, but in 2021, each carrier should resolve to do its part individually  in the battle to stop illegal calls. All voice service providers must implement the STIR/SHAKEN call authentication framework by June 30, 2021 and should develop an effective robocall mitigation program to prevent their customers from originating illegal robocalls. These changes are necessary to stay on the right side of the anti-robocall battle.  Each voice service provider should resolve to make reducing illegal robocalls a top priority.


Continue Reading A Look at Communications Industry New Year’s Resolutions: Reduce Illegal Robocalls

On February 9, Partner Steve Augustino will moderate a two-part Robocall Compliance panel at the INCOMPAS Policy Summit. Steve, along with FCC attorneys and other industry leaders, will discuss 1) Progress towards the implementation of STIR/SHAKEN and call authentication solutions for non-IP portions of voice service providers’ networks and upcoming compliance requirements related to provider

For the second time this year, the TCPA came before the Supreme Court via teleconference oral argument in Facebook, Inc. v. Duguid, et al, Case No. 19-511 (2020). The Supreme Court’s disposition of Facebook’s petition is expected to resolve a widening Circuit split over what qualifies as an automatic telephone dialing system (“ATDS”) under the TCPA, 47 U.S.C. § 227, et seq., and thus determine much of the scope of the TCPA’s calling restrictions.

Continue Reading Supreme Court Hears Oral Argument Over the TCPA’s Definition of an Autodialer

In this episode of Kelley Drye’s Legal Download, Special Counsel Michael Dover and Tara Marciano discuss compliance requirements of Illinois’ Biometric Information Privacy Act (“BIPA”) and how they affect companies implementing COVID-19 procedures to get their employees back to work, as well as how ongoing litigation may have an effect on BIPA compliance in