Protecting Broadband Customer Data

At the end of July 2023, the Federal Communications Commission proposed a $20 million penalty against Q Link and Hello Mobile for not complying with the Customer Propriety Network Information (CPNI). The FCC concluded that the two companies violated the CPNI rules when they failed to protect confidential user data. The companies both had security flaws in their apps that allowed outside access to customer account information. There are stringent privacy rules in place at the FCC for voice providers, but nothing similar for broadband. Other than perhaps invoking an investigation from the Federal Trade Commission (FTC) for allowing leaks of broadband customer information, there are no specific prohibitions in place to stop internet service providers (ISP) from misusing customer data. Telephone companies routinely capture details of customer calling – who you call and who calls you. Telephone companies can’t release this information without a warrant. CPNI rules also require phone companies to keep other customer data secure, such as billing records, credit card numbers, etc. Telephone companies are even prohibited from marketing their own products to customers if a customer opts out of such marketing. The FCC's 2016 broadband privacy rules that were in place for only a short time implemented the same sort of privacy rules as voice, but customers were also given the choice to allow or deny access to their records.