EPIC, Coalition Urge FCC to Provide All Consumers With Robust Protection From Data Breaches

Last week, EPIC, along with the Center for Democracy and Technology, Privacy Rights Clearinghouse, and Public Knowledge, jointly filed reply comments with the Federal Communications Commission urging the agency to prioritize protecting consumers from data breaches by explicitly naming and outlining its multiple sources of legal authority to protect privacy. As the comments explain, this authority includes the FCC’s power to protect Social Security Numbers and not merely phone service usage information (what is traditionally described as Customer Proprietary Network Information, or CPNI). The reply comments build on EPIC’s original comments to the agency in February, which noted that the trajectory of breaches and inadequate data security at telecom companies has gotten worse over time. The comments also include updates regarding breaches that had happened at each of the three largest carriers already revealed within the first three months of 2023.

The advocates particularly urged the FCC to protect the privacy of Telecommunications Relay Service users (as TRS breaches could include transcript information) and non-customers (e.g., former customers and prospective customers). The comments reiterate that consumers should be informed of any breach and not be left in the dark just because the breached company has determined the breach is unlikely to result in harm. The comments also suggest that the Commission explore how the FCC and partner agencies might protect data collected from web-enabled vehicles.

EPIC regularly comments on regulations and testifies on policies to promote better cybersecurity practices that protect consumer data from unauthorized access and other misuse.