FCC to establish privacy and data protection task force

The Federal Communications Commission is establishing a privacy and data protection task force to modernize its policies and bolster its enforcement of digital privacy violations, Chairwoman Jessica Rosenworcel announced Wednesday.

“In light of the magnitude of the privacy challenges we're facing, I think we're going to have to concentrate our efforts at the agency and give them new focus,” Rosenworcel said during a speech delivered at the Center for Democracy and Technology, a nonprofit advocating for civil liberties in the digital age. “We're going to bring all of our technical and legal experts together from across the agency to maximize coordination and use the law to reach results by evolving our policies and taking enforcement action.”

The task force will be led by Loyaan Egal, the chief of the agency’s enforcement bureau, who Rosenworcel noted commands a privacy and data security investigative staff that is double the size of his predecessor’s team.

She said that among other things the task force will focus on modernizing FCC data breach rules, which were last updated more than 15 years ago.

“They are due for a digital age update,” she said.

The task force also will oversee investigations and enforcement actions for major data breaches, she said, and help develop rules to crack down on SIM-swapping fraud, in which cybercriminals hijack peoples’ phones. Rosenworcel said the FCC is working on a rule proposing standards for carriers to authenticate customers before transferring a number to a new device or a new carrier.

She said the task force will play a role in the agency’s work under the Safe Connections Act, a law passed last year which Rosenworcel described as supporting access to communications for domestic violence victims.

“They've got real challenges when it comes to setting up new phone accounts to separate from anyone who might be abusing them,” she said.

According to Rosenworcel, last year she wrote to the 15 largest mobile phone carriers asking for information about their geolocation, data retention and privacy practices. The task force will comb through that data and push forward investigations that have emerged from it.

She said the task force has already proposed enforcement action against two companies who have put the security of customer communications at risk but declined to offer more detail.

“We are showing that this task force means business,” she said. “The devices we carry in our palms, our pockets, in our purses know an awful lot about us. They know our whereabouts at any given moment and this geolocation data, I think it's especially sensitive — it is a record of where we have been and even more fundamentally it’s a record of who we are.”