Cybersecurity and Data Privacy: FCC Proposes New Privacy Rules for Internet Providers

March 10, 2016

By: Michael D. Billok and Clifford G. Tsan

On March 10, 2016, the Federal Communication Commission (FCC) released its proposal for new, sweeping privacy rules that would apply to internet service providers (ISPs). According to the FCC, the rules are designed "to ensure consumers have the tools that they need to make informed choices about how and whether their data is used and shared" by ISPs. Amongst other things, the proposed rules would require ISPs to take steps to protect customer data, clearly disclose to customers how their data is being used, and to notify customers and the FCC promptly after discovering a breach.

On the security front, the proposed rules would require ISPs to adopt risk management practices; institute personnel training practices; adopt strong customer authentication requirements; identify a senior manager responsible for data security; and take responsibility for use and protection of customer information when shared with third parties.

The proposal also contains some benefits for ISPs. For example, ISPs would be expressly allowed to use consumer data for certain purposes without obtaining express consent. For example, any customer data "necessary to provide broadband services and for marketing the type of broadband service purchased by a customer would require no additional customer consent beyond the creation of the customer-broadband provider relationship." ISPs will be allowed to use customer data for those purposes unless the customer affirmatively opts out. Any other uses of the customer data, on the other hand, would require that the customer affirmatively opts in.

The proposed rules will only apply to ISPs, and not to individual websites (i.e. Twitter, Facebook, etc.). The FCC is scheduled to vote on them at its upcoming meeting on March 31, 2016. The FCC’s fact sheet summarizing the proposed rules can be accessed at

For more information, please contact Michael D. Billok, Clifford G. Tsan or Christopher J. Stevens.

Clifford G. Tsan

Michael D. Billok

Christopher J. Stevens