NEWS Federal Communications Commission 445 12th Street, S.W. Washington, D. C. 20554 This is an unofficial announcement of Commission action. Release of the full text of a Commission order constitutes official action. See MCI v. FCC. 515 F 2d 385 (D.C. Circ 1974). News Media Information 202 / 418-0500 Internet: http://www.fcc.gov TTY: 1-888-835-5322 FOR IMMEDIATE RELEASE: NEWS MEDIA CONTACT: April 2, 2007 Mark Wigfield, 202-418-0253 Email: mark.wigfield@fcc.gov FCC STRENGTHENS PRIVACY RULES TO PREVENT PRETEXTING Washington, D.C. – The Federal Communications Commission has strengthened its privacy rules by requiring telephone and wireless carriers to adopt additional safeguards to protect the personal telephone records of consumers from unauthorized disclosure. These new safeguards will help prevent unauthorized access to customer proprietary network information, or CPNI. The new safeguards include: · Carrier Authentication Requirements. Carriers are prohibited from releasing a customer’s phone call records when a customer calls the carrier except when the customer provides a password. If a customer does not provide a password, carriers may not release the customer’s phone call records except by sending it to an address of record or by the carrier calling the customer at the telephone of record. Carriers are required to provide mandatory password protection for online account access. Carriers are permitted to provide all CPNI, including customer phone call records, to customers based on in-store contact with a valid photo ID. · Notice to Customer of Account Changes. Carriers are required to notify the customer immediately when the following are created or changed: (1) a password; (2) a back-up for forgotten passwords; (3) an online account; or (4) the address of record. · Notice of Unauthorized Disclosure of CPNI. A notification process is established for both law enforcement and customers in the event of a CPNI breach. · Joint Venture and Independent Contractor Use of CPNI. Consent rules are modified to require carriers to obtain explicit consent from a customer before disclosing a customer’s CPNI to a carrier’s joint venture partners or independent contractors for the purposes of marketing communications-related services to that customer. · Annual CPNI Certification. Certification rules are amended to require carriers to file with the Commission an annual certification, including an explanation of any actions taken against data brokers and a summary of all consumer complaints received in the previous year regarding the unauthorized release of CPNI. · CPNI Regulations Applicable to Providers of Interconnected VoIP Service. All CPNI rules are extended to cover providers of interconnected voice over Internet Protocol (VoIP) service. · Business Customers. In limited circumstances, carriers may bind themselves contractually to authentication regimes other than those adopted in this Order for services they provide to their business customers that have a dedicated account representative and contracts that specifically address the carrier’s protection of CPNI. The Commission also adopted a Further Notice of Proposed Rulemaking seeking comment on what additional steps, if any, the Commission should take to further protect the privacy of consumers. Action by the Commission, March 13, 2007, by Report and Order and Further Notice of Proposed Rulemaking (FCC 07-22). Chairman Martin and Commissioner McDowell, with Commissioners Copps and Adelstein dissenting in part, and Commissioner Tate concurring in part. Separate statements issued by Chairman Martin, Commissioners Copps, Adelstein, Tate and McDowell. Docket Nos.: 96-115, 04-36 Wireline Competition Bureau Staff Contact: Adam Kirschenbaum at 202-418-7280, adam.kirschenbaum@fcc.gov. -FCC- News about the Federal Communications Commission can also be found on the Commission’s web site www.fcc.gov.