Jonathan P. Garvin of Mintz writes:
The Federal Communications Commission (“FCC”) announced Thursday that in furtherance of the work of the agency’s Privacy and Data Protection Task Force, the FCC’s Enforcement Bureau signed Memoranda of Understanding (“MOU”) with the Attorneys General of Connecticut, Illinois, New York, and Pennsylvania to share expertise and resources and to coordinate efforts conducting privacy, data protection and cyber-security-related investigations. These states have been some of the most aggressive privacy and data security regulators in the past, making these MOUs especially noteworthy.
In addition, the announcement indicates that the FCC intends to rely on authority under Sections 201 and 222 of the Communications Act to increase its investigation and enforcement activity concerning privacy, data protection, and cybersecurity issues. Section 222 generally requires carriers and VoIP providers to protect their customer proprietary network information (“CPNI”), such as service-related billing information. Under the current rules implementing Section 222, carriers and VoIP providers must notify customers, the Federal Bureau of Investigation, and the U.S. Secret Service of data breaches that may have exposed CPNI. The FCC also has the authority to investigate breaches involving intentional unauthorized access to, use, or disclosure of CPNI.
Read more at The National Law Review.