The Cable Communications Policy Act of 1984

• Provides private right of action

• Excludes internet services via cable

• Defines cable service” one way transmission to subscribers of video programming or other

programming service and subscriber interaction if any which is required for the selection of such

video programming or other programming service

• Cable service providers must give a privacy notice that clearly and conspicuously informs subscribers of

• o The nature of the PI collected

• o How such info will be used

• o The retention period of such info

• o The manner by which the subscriber can access and correct such info

• A Cable provider can only collect PI that is necessary to render cable services or detect the

unauthorized reception of services

• Limits cable service providers right to disseminate PI without written or electronic consent.

Exceptions:

o To the extent necessary to render services or conduct other legit business activities

o Subject to a court order with notice to the subscriber

o If the disclosure is limited to the name and addresses and the subscriber is given an

option to opt out

• Mandates PI be destroyed when it is no longer needed for the purpose for which it was

collected and there are no pending requests for access

• Conflicts with the ECPA’s provision that no notice is needed for court orders. Courts rule in favor of ECPA

The Telecommunications Act of 1996

Section 222 governs the privacy of customer info provided to and obtained by

telecommunications carriers. Prior, carriers were permitted to sell consumer data to third

parties w/o consent. This statute imposes new restrictions on the access, use, and disclosure of

customer proprietary network info (CPNI)

• ISPs are subject to general CPNI requirements

• Carriers can use and disclose CPNI only with customer approval or as required by law

• FCC governs

• U.S West Inc v FCC made standard switch to opt out for carrier’s own use of CPNI

• Carriers must obtain express consent to share data with third parties. Sharing is allowed with

joint venture or independent contractors unless customers opted out within 30 days of being

notified. Must opt in if the data shared will be for marketing purposes

• Other requirements:

o Carriers must notify law enforcement when CPNI is disclosed in a security breach w/in seven business days of the breach

o Customers must provide a password before they can access their CPNI via telephone or

online account services

o Carriers must certify their compliance with these laws annually, explain how their

systems ensure compliance and provide an annual summary of consumer complaints

related to unauthorized disclosure of CPNI