InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
FCC proposes new reporting on telecom data breaches
On January 12, the FCC announced that it shared, among the FCC staff, a notice of proposed rulemaking (NPRM) to strengthen the rules for notifying consumers and federal law enforcement of breaches of customer proprietary network information. According to the FCC, the NPRM “would better align the Commission’s rules with recent developments in federal and state data breach laws covering other sectors,” and “further advances the FCC’s efforts to ensure its rules keep pace with evolving cybersecurity threats and to protect consumers in the face of today’s challenges.” The NPRM outlines certain updates to current FCC rules that address telecommunications carriers’ breach notification requirements, including: (i) “[e]liminating the current seven business day mandatory waiting period for notifying customers of a breach”; (ii) “[e]xpanding customer protections by requiring notification of inadvertent breaches”; and (iii) “[r]equiring carriers to notify the Commission of all reportable breaches in addition to the FBI and U.S. Secret Service.” The NPRM solicits feedback regarding whether the FCC should require customer breach notices to include specific categories of information “to help ensure they contain actionable information useful to the consumer.” According to FCC Chairwoman Jessica Rosenworcel, current laws “need updating to fully reflect the evolving nature of data breaches and the real-time threat they pose to affected consumers.”
Senate confirms Rosenworcel as permanent FCC Chair
On December 7, the U.S. Senate confirmed Jessica Rosenworcel to a five-year term as FCC Chair. As previously covered by InfoBytes, President Biden’s nomination highlighted Rosenworcel’s work at the FCC, where she has focused on addressing illegal robocalls and has worked to enhance consumer protections in the agency’s telecommunications policies. Rosenworcel issued a statement following the confirmation thanking President Biden for the opportunity and saying it is an honor to be confirmed and designated as the first woman to be named permanent Chair of the FCC.
CFPB issues FDCPA reminder on text messaging
On November 18, the CFPB issued a reminder that “debt collectors who adopt and follow certain procedures can obtain a bona fide error defense from civil liability for unintentional violations of the prohibition against third-party communications when communicating by email or text message,” as determined by the Bureau’s debt collection rule. As previously covered by InfoBytes, in October 2020 the CFPB issued its final rule amending Regulation F, which implements the FDCPA, addressing debt collection communications and prohibitions on harassment or abuse, false or misleading representations, and unfair practices. The reminder emphasizes that for text message communications, a provision in the rule includes utilizing a “complete and accurate database” to ensure that a consumer’s telephone number has not been re-assigned. Additionally, the reminder notes that the rule’s commentary identifies the FCC’s Reassigned Numbers Database as a “complete and accurate database,” which the FCC has published.
New York enacts robocall measures
On November 8, the New York governor signed measures to help prevent robocalls and increase consumer protections. The measures build upon federal actions to combat robocalls and “will enable telecom companies to prevent these calls from coming in in the first place, as well as empower our state government to ensure that voice service providers are validating who is making these calls so enforcement action can be taken against bad actors,” Governor Kathy Hochul stated.
S.6267a requires telecommunication companies to block certain calls, including those from (i) numbers that are not valid North American numbering plan numbers; (ii) numbers that are not allocated to a provider by the North American numbering plan administrator or the pooling administrator; and (iii) unused numbers that are allocated to a provider. According to the governor’s press release, the act codifies into state law the provisions of an FCC 2017 rule that took effect in June 2021 and allows telecommunications companies to proactively block calls from certain numbers. (Covered by InfoBytes here.) These types of numbers, the release states, “are indicative of ‘spoofing’ schemes in which the true caller identity is masked behind a fake, invalid number.” The act takes effect immediately.
The second act, S.4281a, requires voice services providers to authenticate calls using the STIR/SHAKEN call authentication framework. As previously covered by InfoBytes, in 2020, the FCC, pursuant to the TRACED Act, adopted new rules requiring providers to implement the STIR/SHAKEN framework by June 2021. Under New York’s new measure, providers have up to 12 months to implement this framework or an “alternative technology that provides comparable or superior capability to verify and authenticate caller identification in the internet protocol networks of voice service providers.” Violators face a fine of up to $100,000 for each offense per day that the framework is not in place. This act is also effective immediately.
Biden announces key FCC nominees
On October 26, President Biden nominated acting FCC Chair Jessica Rosenworcel to be permanent Chair of the FCC. According to the announcement, in her time at the FCC, Rosenworcel has focused on addressing illegal robocalls and worked to enhance consumer protections in the agency’s telecommunications policies. Prior to joining the FCC, Rosenworcel served as Senior Communications Counsel for the United States Senate Committee on Commerce, Science, and Transportation. Biden also nominated Gigi Sohn, currently a Distinguished Fellow at the Georgetown Law Institute for Technology Law & Policy, to be a Commissioner. Biden’s announcement highlighted Sohn’s work pertaining to competition, innovation, and access to the Internet. The FCC’s leadership will be fully staffed at five members if Rosenworcel and Sohn are confirmed as commissioners.
FCC proposes obligations on international robocalls
On October 1, the FCC released a notice of proposed rulemaking (NPRM) to impose obligations on gateway providers to prevent illegal robocalls originating abroad from reaching U.S. consumers and businesses. Among other things, the NPRM seeks to require domestic gateway providers “to apply STIR/SHAKEN caller ID authentication to, and perform robocall mitigation on, foreign-originated calls with U.S. numbers.” As previously covered by InfoBytes, the STIR/SHAKEN framework addresses “unlawful spoofing by confirming that a call actually comes from the number indicated in the Caller ID, or at least that the call entered the US network through a particular voice service provider or gateway.” According to the FCC, the STIR/SHAKEN framework decreases illegal spoofing, provides assistance to law enforcement, and strengthens voice service providers’ blocking of robocalls using illegally spoofed caller ID information. The notice also proposes ensuring that gateway providers are engaged in the fight against illegal robocalls by requiring them to timely respond to traceback requests, which are utilized to block illegal robocalls and inform FCC enforcement investigations. Additionally, the NPRM seeks to require that both the gateway provider and the network accepting questionable traffic from the gateway provider actively block such calls. In a statement, acting Chairwoman Jessica Rosenworcel stated that such measures “will help [the FCC] tackle the growing number of international robocalls.” Comments on the proposed rules are due 30 days after the date of publication in the Federal Register.
FCC proposes largest TCPA robocall fine
On August 24, the FCC released a proposed total fine of more than $5.1 million against two consultants and their firm for allegedly violating the TCPA by making 1,141 unlawful robocalls to wireless phones without prior express consent. According to the FCC, the robocalls utilized messages informing “potential voters that, if they vote by mail, their ‘personal information will be part of a public database that will be used by police departments to track down old warrants and be used by credit card companies to collect outstanding debts.’” As previously covered by InfoBytes, the Telephone Robocall Abuse Criminal Enforcement and Deterrence (TRACED) Act amended the TCPA to not require the FCC to warn robocallers before violations could be counted toward a proposed fine. The recent action is the first the agency has taken regarding the amendment. According to a statement by the FCC acting Chairwoman Jessica Rosenworcel, the agency is “stepping up its efforts to combat illegal robocalls.”
9th Circuit revives TCPA suit against insurance servicer
On August 10, the U.S. Court of Appeals for the 9th Circuit revived a lawsuit against an insurance servicing company (defendant) for allegedly using both an automated telephone dialing system and an artificial or pre-recorded voice to place a job-recruitment call without obtaining the plaintiff’s consent. According to the opinion, the plaintiff filed a suit alleging, among other things, TCPA violations after receiving the pre-recorded voicemail from the defendant regarding his “industry experience” and that the defendant is “looking to partner with select advisors in the Los Angeles area.” The district court dismissed the plaintiff’s action under Federal Rule of Civil Procedure 12(b)(6) for failing “to state a claim upon which relief can be granted,” holding that the TCPA and the relevant implementing regulation do not prohibit conducting job recruitment robocalls to a cellular telephone number. In addition, the district court “read the Act as prohibiting robocalls to cell phones only when the calls include an ‘advertisement’ or constitute ‘telemarketing,’ as those terms have been defined” by the FCC. The court found that since the plaintiff admitted that the job recruitment call he received did not involve advertising or telemarketing, he had not adequately pleaded a violation of the TCPA.
On the appeal, a three-judge panel of the 9th Circuit determined that the district court misread the TCPA and the implementing regulation when dismissing the plaintiff’s suit and remanded the case for further proceedings. The appellate court noted that the FCC provision was intended to tighten the consent requirement for robocalls that involve advertising or telemarketing, but the lower court incorrectly perceived the provision as “effectively removing robocalls to cellphones from the scope of the TCPA’s coverage unless the calls involve advertising or telemarketing.” Moreover, the panel wrote that “[t]he applicable statutory provision prohibits in plain terms ‘any call,’ regardless of content, that is made to a cellphone using an automatic telephone dialing system or an artificial or pre-recorded voice, unless the call is made either for emergency purposes or with the prior express consent of the person being called.”
State AGs ask for faster implementation of STIR/SHAKEN
On August 9, state attorneys general from all 50 states and the District of Columbia, through the National Association of Attorneys General, sent a letter to the FCC urging the Commission to confront illegal robocalls by moving the deadline for smaller telephone companies to implement caller ID technology, STIR/SHAKEN, by June 30, 2022 at the latest. The TRACED Act (the Act), which became law in 2019 (covered by InfoBytes here), requires phone companies to implement STIR/SHAKEN technology on their networks to ensure that telephone calls are originating from verified numbers, not spoofed sources. As previously covered by InfoBytes, the STIR/SHAKEN caller ID authentication framework is an “industry-developed system to authenticate Caller ID and address unlawful spoofing by confirming that a call actually comes from the number indicated in the Caller ID, or at least that the call entered the US network through a particular voice service provider or gateway.” Currently under the Act, large companies are required to implement the technology by June 2021, and smaller voice service providers have until June 2023. According to the letter, the state attorney generals’ advocate that “[r]emoving — or, at least, curtailing — the Commission's blanket extension for small voice service providers that flout the commission's largess by perpetrating this high-volume traffic would truly serve the purpose of the TRACED Act: ‘to deter criminal robocall violations and improve enforcement’ of the TCPA.”
FCC takes action against robocalls
On August 5, the FCC announced a “fair and consistent” process for reviewing actions regarding a voice service provider’s ability to comply with the FCC’s anti-spoofing caller ID authentication rules. FCC rules require broad implementation of the STIR/SHAKEN caller ID authentication framework on voice service providers’ IP networks. As previously covered by InfoBytes, the STIR/SHAKEN framework addresses, among other things, “unlawful spoofing by confirming that a call actually comes from the number indicated in the Caller ID, or at least that the call entered the US network through a particular voice service provider or gateway.” Since June 30, all major phone companies are using the STIR/SHAKEN caller ID authentication framework in their IP networks (covered by InfoBytes here). To combat illegal spoofing, the STIR/SHAKEN standards are considered a common digital language utilized by phone networks, which facilitates valid information to be passed from provider to provider. The standards also allow most caller ID information to be verified for providers and third-party consumer protection services to use that information to inform call blocking or warning services to protect customers. According to the FCC, “[t]he widespread implementation of STIR/SHAKEN is a major step forward in the FCC’s fight against malicious spoofing and scam robocalls.”
Pages
Upcoming Events
- Keisha Whitehall Wolfe to discuss “Tips for successfully engaging your state regulator” at the MBA's State and Local Workshop
- Max Bonici to discuss “Enforcement risk and trends for crypto and digital assets (Part 2)” at ABA’s 2023 Business Law Section Hybrid Spring Meeting
- Jedd R. Bellman to present “An insider’s look at handling regulatory investigations” at the Maryland State Bar Association Legal Summit