On March 10, the FCC released a fact sheet regarding consumers’ rights in relation to broadband internet services. Significantly, the fact sheet highlights FCC Chairman Tom Wheeler’s proposed rule, which was recently circulated to the Commission for consideration, to ensure consumers have the tools necessary “to make informed choices about how and whether their data is used and shared by their broadband providers.” According to the fact sheet, Chairman Wheeler’s proposed rule “separates the use and sharing of information into three categories, and proposes adoption of clear guidance for both ISPs and customers about transparency, choice and security requirements for that information.” The Commission will vote on the proposal on March 31; if adopted, a period of public comment will follow the Commission’s approval.
On April 4, the FCC released new broadband disclosure labels for Internet services. According to the FCC, consumers submit more than 2,000 complaints annually related to surprise fees associated with consumers’ Internet service bills. Specifically designed for mobile broadband services and fixed broadband services, the newly released labels “will provide consumers with more information on service speed and reliability and greater clarity regarding the costs of broadband services, including fees and other add-on charges that may appear on their bills.”
In coordination with the FCC to provide greater transparency to consumers using broadband services, CFPB Director Cordray likened the broadband disclosure labels to the CFPB’s “know before you owe” initiative, noting that, “[c]onsumers must be able to understand the terms of the agreement, and if there are options, they need to be able to comparison shop for the best deal.”
On February 10, Indiana Attorney General Greg Zoeller and Missouri Attorney General Chris Koster, along with 23 other state attorneys general, wrote to the Senate Committee on Commerce, Science, and Transportation (Committee) urging it to pass legislation repealing a recent amendment to the Telephone Consumer Protection Act (TCPA) that allows debt collection robocalls to consumers’ cellphones. According to the AGs’ letter, the TCPA currently “permits citizens to be bombarded by unwanted and previously illegal robocalls to their cell phones if the calls are made pursuant to the collection of debt owed to or guaranteed by the United States.” The letter references the FCC’s efforts to slow the proliferation of robocalling and calls the recent amendment to the TCPA a “step backward in our law enforcement efforts” to protect consumers from “unwanted and unwelcome robocalls.”
On November 16, the FCC and the FTC executed a Memorandum of Understanding (MOU) on continued cooperative efforts to protect consumers from unfair and deceptive acts and practices involving telecommunications services. In an effort to formalize existing cooperation among the agencies, the MOU outlines the ways in which the two agencies will continue to work together, including: (i) coordinating agency initiatives where one agency’s action will significantly impact the other agency’s authority or programs; (ii) sharing investigative techniques and tools, intelligence, technical and legal expertise, as necessary, in addition to best practices in response to reasonable requests for such assistance; and (iii) collaborating on consumer and industry outreach and education efforts, as appropriate. Moreover, the MOU identifies the scope of each agency’s enforcement authority with respect to common carriers, and confirms that the 2003 MOU regarding Telemarketing Enforcement between the two agencies remains effective, stating that the most recent MOU should not “be construed as altering, amending, or invalidating that  MOU.”
On November 5, the FCC resolved its first ever data security action against a cable company with a $595,000 settlement. According to the FCC, the company did not have adequate data security measures in place for employees and contractors with access to the company’s electronic data systems. In 2014, the company’s electronic data systems were breached by a third party who, by pretending to be from the company’s IT department, convinced a customer service representative and a contractor to enter their account information into a fake website. The third party hacker allegedly used the information to gain access to customers’ personally identifiable information, subsequently sharing the information with another hacker and posting the information on social media sites. The cable company did not use the FCC’s breach-reporting portal to report the breaches. In addition to the civil money penalty, the settlement requires the company to: (i) identify and notify all customers affected by the breach and provide them with one year of free credit report monitoring; (ii) designate a senior corporate manager who is a certified privacy professional; (iii) conduct privacy risk assessments; (iv) implement a written information security program; (v) maintain reasonable oversight of third party vendors and implement multi-factor authentication; (vi) implement a more robust data breach response plan; (vii) provide privacy and security training to third party vendors and employees; and (viii) regularly file compliance reports with the FCC.