Federal Communications Commission FCC 07-22 STATEMENT OF CHAIRMAN KEVIN J. MARTIN Re: Implementation of the Telecommunications Act of 1996: Telecommunications Carriers’ Use of Customer Proprietary Network Information and Other Customer Information; IP-Enabled Services, Report and Order and Further Notice of Proposed Rulemaking, CC Docket No. 96-115 and WC Docket No. 04-36 The unauthorized disclosure of consumers’ private calling records is a significant privacy invasion. Today, the Commission significantly strengthens the Commission’s existing safeguards and takes a strong approach to protecting consumer privacy. The Commission has taken numerous steps to combat these alarming breaches of the privacy of consumers’ telephone records. We investigated so-called “data brokers” to determine how they are obtaining this information, and levied forfeitures against companies that failed to respond to our subpoenas and requests for information. We also investigated telecommunications carriers to determine whether they had implemented appropriate safeguards, and issued Notices of Apparent Liability against carriers that failed to comply with the Commission’s rules. The Order we adopt prohibits carriers from releasing over the phone sensitive personal data, call detail records, unless the customer provides a password, requires providers to notify customers immediately when changes are made to a customer’s account and requires providers to notify their customers in the event of a breach of confidentiality. Service providers also must annually certify their compliance with these regulations, inform the Commission of any actions they have taken against data brokers, and provide a summary of the complaints they receive regarding the unauthorized release of CPNI. Today’s action also ensures that law enforcement will have necessary tools to investigate and enforce illegal access to customer records. While we work to create an environment in which market forces can thrive, the Commission must also act to protect consumers. With its strong approach to safeguarding consumer privacy, this item does just that. In particular, this item requires express consumer consent before a carrier may disclose a customer’s phone records to joint venture partners or independent contractors for the purposes of marketing communications services. The former “opt-out” approach to customer consent, whereby a carrier may disclose a customer’s phone records provided that a customer does not expressly withhold consent to such use, shifted too much of the burden to consumers, and has resulted in a much broader dissemination of consumer phone records. The “opt-in” approach adopted in this Order clearly is supported by the record, is consistent with applicable law, and directly advances our interest in protecting customer privacy. Compliance with our consumer protection regulations is not optional for any telephone service provider. We need to take whatever actions are necessary to enforce these requirements to secure the privacy of personal and confidential information of American customers.