<div dir="ltr"><div class="gmail_default" style="font-family:"comic sans ms",sans-serif;font-size:small">I was asked to provide a synopsis and extract possible requirements from the subject NPRM. It has taken longer than I intended so it comes with my apologies. Here it is under, with my apologies:</div><div class="gmail_default" style="font-family:"comic sans ms",sans-serif;font-size:small">-----------------------------------------------------------</div><div class="gmail_default" style="font-size:small"><p class="MsoNormal" style="font-family:"comic sans ms",sans-serif;text-align:justify">By a plurality of the votes, the
[United States] Federal Communications Commission (FCC) adopted and issued a
so-called Notice of Proposed Rule Making (NPRM) that addresses “Protecting
the Privacy of Customers of Broadband and Other Telecommunications Services”.
See FCC 16-239: NOTICE OF PROPOSED RULEMAKING Adopted: March 31, 2016 Released:
April 1, 2016.</p><p class="MsoNormal" style="font-family:"comic sans ms",sans-serif;text-align:justify"><br></p>
<p class="MsoNormal" style="font-family:"comic sans ms",sans-serif;text-align:justify">This <a href="http://transition.fcc.gov/Daily_Releases/Daily_Business/2016/db0401/FCC-16-39A1.pdf" target="_blank">NPRM</a>
is intended to regulate how Personal Identifier Information (PII) is used and
shared. The rules as proposed extend long-standing privacy protections granted
to consumers of traditional telephone services in Sections 222, 11, 631, 12 and
33813 of the Communications Act to broadband consumers – and, by extension
internet users occasioned by the recent classification of broadband as a Class
II service via FCC 15-24, the <a href="https://apps.fcc.gov/edocs_public/attachmatch/FCC-15-24A1.pdf" target="_blank">Open
Internet Order</a>.</p><p class="MsoNormal" style="font-family:"comic sans ms",sans-serif;text-align:justify"><br></p>
<p class="MsoNormal" style="font-family:"comic sans ms",sans-serif;text-align:justify">This NPRM refines the FCC's Customer
Proprietary Network Information (CPNI) rules, the set of rules derived from Section
222 of the Communications Act, for enforcing privacy requirements by adding to and extending the set of recognized PII’s. CPNI is here
defined as:</p><p class="MsoNormal" style="font-family:"comic sans ms",sans-serif;text-align:justify"><br></p>
<p class="MsoNormal" style="text-align:justify"><font face="comic sans ms, sans-serif"> “</font><font face="trebuchet ms, sans-serif"><i>information that relates to the quantity,
technical configuration, type, destination, location, and amount of use of a
telecommunications service subscribed to by any customer of a
telecommunications carrier, and that is made available to the carrier by the
customer solely by virtue of the carrier-customer relationship” and
“information contained in the bills pertaining to telephone exchange service or
telephone toll service received by a customer or a carrier,” except that CPNI
“does not include subscriber list information.” </i></font><font face="comic sans ms, sans-serif"></font></p><p class="MsoNormal" style="font-family:"comic sans ms",sans-serif;text-align:justify"><br></p>
<p class="MsoNormal" style="text-align:justify"><font face="comic sans ms, sans-serif">The FCC’s "</font><font face="trebuchet ms, sans-serif"><i>illustrative
non-exhaustive guidance to types of data that are PII</i></font><font face="comic sans ms, sans-serif">" that may be
subject to protection was given as: </font></p><p class="MsoNormal" style="font-family:"comic sans ms",sans-serif;text-align:justify"><br></p>
<p class="MsoNormal" style="font-family:"comic sans ms",sans-serif;text-align:justify">“<i>name; Social Security number;
date and place of birth; mother’s maiden name; unique government identification
numbers (e.g., driver’s license, passport, taxpayer identification); physical
address; email address or other online contact information; phone numbers; MAC
address or other unique device identifiers; IP addresses; persistent online
identifiers (e.g., unique cookies);eponymous and non-eponymous online
identities; account numbers and other account information, including account
login information; Internet browsing history; traffic statistics; application
usage data; current or historical geo-location; financial information (e.g.,
account numbers, credit or debit card numbers, credit history); shopping
records; medical and health information; the fact of a disability and any
additional information about a customer’s disability; biometric information;
education information; employment information; information relating to family
members; race; religion; sexual identity or orientation; other demographic
information; and information identifying personally owned property (e.g.,
license plates, device serial numbers)</i>."</p><p class="MsoNormal" style="font-family:"comic sans ms",sans-serif;text-align:justify"><br></p>
<p class="MsoNormal" style="font-family:"comic sans ms",sans-serif;text-align:justify">Pertaining to broadband and at
the heart of this NPRM, the <b>minimum</b> set of elements of the CPNI in context is:</p><p class="MsoNormal" style="font-family:"comic sans ms",sans-serif;text-align:justify"><br></p>
<p class="MsoNormal" style="font-family:"comic sans ms",sans-serif;text-align:justify">“ (1) service plan information,
including type of service (e.g., cable, fiber, or mobile), service tier (e.g.,
speed), pricing, and capacity (e.g., information pertaining to data caps); (2)
geo-location; (3) media access control (MAC) addresses and other device
identifiers; (4) source and destination Internet Protocol (IP) addresses and
domain name information; and (5) traffic statistics.”</p><p class="MsoNormal" style="font-family:"comic sans ms",sans-serif;text-align:justify"><br></p>
<p class="MsoNormal" style="font-family:"comic sans ms",sans-serif;text-align:justify">Some requirements that can be
gleaned from the publication are:</p><p class="MsoNormal" style="font-family:"comic sans ms",sans-serif;text-align:justify"><br></p>
<p class="MsoNormal" style="font-family:"comic sans ms",sans-serif;text-align:justify">* Customer personal information data
must be authenticated</p>
<p class="MsoNormal" style="font-family:"comic sans ms",sans-serif;text-align:justify">* Customer personal information
online must be password-protected</p>
<p class="MsoNormal" style="font-family:"comic sans ms",sans-serif;text-align:justify">* Customers must be given the
opportunity to approve any contemplated use or sharing of protected PII</p>
<p class="MsoNormal" style="font-family:"comic sans ms",sans-serif;text-align:justify">* Customers must be informed of
data breaches or unauthorized disclosure of protected CPNI</p><p class="MsoNormal" style="font-family:"comic sans ms",sans-serif;text-align:justify"><br></p>
<p class="MsoNormal" style="font-family:"comic sans ms",sans-serif;text-align:justify">The original Order identifying
the CPNI requirements for IP-enabled services (FCC 07-22) can be found <a href="https://apps.fcc.gov/edocs_public/attachmatch/FCC-07-22A1.pdf" target="_blank">here</a>. </p></div><div class="gmail_default" style="font-family:"comic sans ms",sans-serif;font-size:small">---------------------------------------------</div><div class="gmail_default" style="font-family:"comic sans ms",sans-serif;font-size:small">-Carlton</div><div class="gmail_default" style="font-family:"comic sans ms",sans-serif;font-size:small"><br></div><div><div data-smartmail="gmail_signature">==============================<br>Carlton A Samuels<br>Mobile: <a href="tel:876-818-1799" value="+18768181799" target="_blank">876-818-1799</a><br><i><font color="#33CC00">Strategy, Planning, Governance, Assessment & Turnaround</font></i><br>=============================</div></div>
</div>