The FCC recently announced the formation of a “Privacy and Data Protection Task Force” to be headed up by the Enforcement Bureau. The task force has a mandate to “coordinate across the agency” on rulemaking, enforcement, and public awareness needs, including looking at data breaches and “supply chain vulnerabilities involving third-party vendors that service regulated communications providers.”

It remains to be seen exactly what that means in practical terms, but the appointment of the Enforcement Bureau head to chair the task force suggests investigation and enforcement may be a priority. The FCC has long held authority to address telephone carrier privacy issues related to “customer proprietary network information” (“CPNI”), and cable operator privacy issues, but it is not clear whether the task force’s work will be confined to those more traditional areas. The FCC has slowly begun addressing privacy issues over the past decade, most notably with its 2016 adoption of privacy rules applicable to broadband providers. Those rules were overturned by Congress through application of the Congressional Review Act in early 2017.

More recently, the agency has focused on cybersecurity, particularly with regard to telecom carrier data breaches and network equipment supply chain concerns. While starting out as national security matters, that work has expanded to more general cybersecurity considerations, including a January 2023 proposal (which has not yet resulted in final rules) to update and strengthen the agency’s data breach reporting requirements related to CPNI.

Paul Hastings attorneys will continue to monitor these and other developments at the FCC, as yet another source of privacy and data security regulatory considerations comes into sharper focus.