FCC probes how carriers handle subscribers' private data

Tools

The FCC is seeking public comment on how wireless carriers handle their customers' private data and what notice the carriers give subscribers about how their data is stored, used and can be protected.

The last time the FCC looked at the matter in any kind of in-depth way was in 2007, and the commission said in a public notice that it wants to update the record given the pace of change in mobile devices and location data since then. The notice, issued May 25, calls for comments within 30 days of the notice being published in the Federal Register, with reply comments due 45 days after it is published.

After a privacy furor exploded last year around technology from Carrier IQ, wireless carriers including Verizon Wireless (NYSE:VZ), AT&T Mobility (NYSE:T), Sprint Nextel (NYSE:S) and T-Mobile USA explained in detail their privacy policies and what they do with customer data. However, the Tier 1 carriers responded to inquiries from legislators in Congress and did not give the information directly to the FCC.

In their responses to Congress, the nation's Tier 1 wireless carriers defended the way they collect and store subscribers' location data. The companies argued generally that while they collect location information to keep their networks functioning properly and to provide location-based services, they do not rent or sell any information they collect and that they go to great lengths to ensure that the data is secure.

In its request for information, the FCC posed the following questions:

  • Are consumers given meaningful notice and choice with respect to service providers' collection of usage-related information on their devices?
  • Do current practices serve the needs of service providers and consumers, and in what ways?
  • Do current practices raise concerns with respect to consumer privacy and data security?
  • How are the risks created by these practices similar to or different from those that historically have been addressed under the FCC's customer proprietary network information rules?
  • Have these practices created actual data-security vulnerabilities?
  • Should privacy and data security be greater considerations in the design of software for mobile devices, and, if so, should the FCC take any steps to encourage such privacy by design?
  • What role can disclosure of service providers' practices to wireless consumers play?
  • To what extent should consumers bear responsibility for the privacy and security of data in their custody or control?

For more:
- see this FCC public notice (PDF)
- see this AllThingsD article

Special Report: What were the worst mobile security breaches in 2011-12 (so far)?

For more:
Carrier IQ hires Verizon alum Mobley to lead consumer privacy efforts
Carrier IQ: We have lost business due to public relations debacle
Sprint to release mobile advertising policy
Wireless carriers defend location data policies to Congress