FCC Restricts Disclosure of Telephone Call Records for Marketing Purposes

This posting was written by Bill Zale, editor of CCH Advertising Law Guide.

Telecommunications companies must get explicit opt-in approval from customers before the companies are permitted to disclose telephone call records to joint venture partners or independent contractors for purposes of marketing communications-related services to customers, according to tightened privacy rules announced by the Federal Communications Commission on April 2, 2007.

The new rules become effective only after they are published in the Federal Register and approved by the White House’s Office of Management and Budget.

The restrictions apply to “customer proprietary network information,” or CPNI. CPNI includes information about the type of communications services purchased (local, long distance, wireless, etc.) and about use of those services (such as the quantity, destination, and location of calls).

Prevention of “Pretexting”

In addition to the changes relating to customer consent for disclosure of CPNI for marketing purposes, the new rules are designed to prevent “pretexting”—the obtaining of a customer’s records by impersonation.

Carriers are prohibited from releasing a customer’s phone call records when a customer calls the carrier, except when the customer provides a password. If a customer does not provide a password, carriers may not release the customer’s phone call records except by sending them to an address of record or by the carrier calling the customer at the telephone of record.

Carriers are required to provide mandatory password protection for online account access. Carriers are permitted to provide all CPNI, including customer phone call records, to customers based on in-store contact with a valid photo ID.

Voice over Internet Protocol Service

All CPNI rules are extended to cover providers of interconnected voice over Internet Protocol (VoIP) service. In addition, certification rules are amended to require carriers to file with the FCC an annual certification, including an explanation of any actions taken against data brokers and a summary of all consumer complaints received in the previous year regarding the unauthorized release of CPNI

A press release, and a Report and Order and Notice of Further Proposed Rulemaking appear at the FCC website.