Enter to open, tab to navigate, enter to select
FCC Blocks Data Security Regulation for Internet Service Providers
Practical Law Legal Update w-006-7340 (Approx. 3 pages)
FCC Blocks Data Security Regulation for Internet Service Providers
by Practical Law Intellectual Property & Technology
| Published on 02 Mar 2017 • USA (National/Federal) |
The Federal Communications Commission (FCC) has issued an interim partial stay of a 2016 regulation which would have required internet service providers to take reasonable data security measures to protect consumer personal information.
On March 1, 2017, the FCC issued a partial interim stay of an October 2016 order that would have required ISPs to take reasonable data security measures to protect the privacy of their customers' information.
The FCC's stay blocks the parts of the order:
- Requiring ISPs to take reasonable data security measures.
- Requiring an ISP's data security practices to be designed according to:
- its size and the characteristics of its activities;
- the sensitivity of the personal information it collects; and
- technical feasibility.
The FCC's stay also applies to the order's requirements that ISP data security measures:
- Follow current industry best practices, including those that address risk management.
- Provide for appropriate accountability and governance.
- Include robust customer authentication methods.
- Support proper data disposal.
The FCC blocked the data security privacy rules to:
- Prevent ISPs from being subject to a different standard than that applied to other internet companies by the Federal Trade Commission (FTC).
- Provide time for the FCC to work with the FTC to create a comprehensive and consistent framework to protect online privacy.
- Ensure that ISPs and other telecommunications carriers do not incur substantial and unnecessary compliance costs while the FCC considers modifications to the rules.
This stay does not affect certain aspects of the 2016 Privacy Order, including requirements related to:
- Notice.
- Customer approval.
- Data breach notification.
For more information on the 2016 privacy rules, please see Legal Update, FCC Adopts Privacy Rules for Internet Service Providers.