All eyes are on the five Commissioners of the Federal Communications Commission (FCC) this week as the agency prepares to vote on a new privacy regulation at Thursday’s Open Meeting. Barring a change of heart from any of the three Democrats expected to endorse the plan, Thursday’s vote will mark the Obama Administration’s first real effort to codify internet privacy regulations after eight years of policy debates.
Up to now, the privacy routine has been familiar for internet companies. After a data breach or the rollout of a privacy invasive technology, the regulators come looking for the “culprit,” assess hefty fines, negotiate terms of a settlement, and move on. Through case-by-case adjudication, the FCC and FTC shamed companies for non-compliance with privacy best practices, but often failed to provide businesses with clear guidance on privacy standards.
The new privacy rule for ISPs remakes the privacy compliance landscape. The rule sets standards for interacting with customers, for using, sharing and security data, and for data breach prevention and remediation.
Ongoing compliance promises to be a feature of the new privacy rule. Businesses will be required to post privacy notices, update customers when data practices change, and handle aggregate data in new, specific ways. ISPs will likely have to document and maintain records proving they supplied customer notices, obtained customer consent, and recorded opt-in or opt-out preferences accurately.
If history is a guide, the FCC’s Enforcement Bureau will be monitoring ISPs for noncompliance from the first moment the privacy rule comes into effect. Businesses are advised to begin planning for compliance with the new rule to avoid a potential enforcement action.
The CommLaw Group’s Privacy Attorneys Know FCC Compliance
The CommLaw Group has helped countless regulated clients develop strategies for complying with FCC regulation. We can help your business build a plan to achieve ongoing compliance with the FCC’s new privacy rule, addressing four major provisions of the new rule: (1) customer transparency, (2) treatment of sensitive data, (3) ongoing compliance with data handling rules, and (4) data breach prevention and remediation. To learn more, please contact Linda McReynolds, CIPP/US, at firstname.lastname@example.org, or 703-714-1318, or Alexander Schneider, at email@example.com, or 703-714-1328.