Privacy Protections

Background

Rapid changes in technology have made protecting consumer privacy increasingly challenging. Telecommunications and utility companies collect and maintain detailed usage information about their customers. This includes detailed usage histories that allow behavioral profiling. It also includes geolocation data from wireless phones. The data are valuable to third-party companies seeking to build detailed consumer profiles. As such, there is an incentive to sell that data. That raises serious privacy concerns (see also Data Privacy and Health Information Technology).

PRIVACY PROTECTIONS: Policy

PRIVACY PROTECTIONS: Policy

Privacy safeguards

Policymakers should ensure by default that customers’ personal data are secured against unauthorized access, use, or disclosure. This includes information on usage, billing, and payments. Consumers should not have to opt into these protections (see also Data Privacy). Consumers should have a right to redress when their personal data are misused. 

Consumers should have the opportunity to determine whether their non-publicly available and personally identifiable information is used or disclosed for purposes other than those for which the information was originally provided. Federal policymakers should prohibit telecommunications and utility companies from using this information without customer authorization. 

Policymakers should: 

  • require telecommunications and utility companies to protect a customer’s usage, billing, payment, and other personal data from disclosure unless it has been authorized by the customer or is necessary to provide services the customer has requested; 
  • ensure that consumers are informed about easily accessible and usable avenues for redress if their personal information is inappropriately disclosed or used and that they have the right to correct the listing of their personal information if it is false or inaccurate; and 
  • establish rules to specify the procedures by which customers can provide authorization for disclosures and be informed of their privacy rights. 

Policymakers should build strong privacy protections into any system design prior to deployment to ensure that: 

  • privacy of customer information is the default setting; 
  • data collection is limited to only what is necessary for operations, and data are retained only for as long as necessary; 
  • privacy protections exist throughout the entire life cycle of any personal information collected; 
  • affirmative consent from customers is obtained before utilities disclose personally identifiable data to affiliates or third parties for purposes other than account management and billing; and 
  • third parties agree to maintain the same level of privacy of customer data. 

Policymakers should develop standards protecting the privacy and security of mobile device users. This includes protections related to the collection, transfer, use, and disposal of location data gathered through mobile devices (see also Data Security). 

Privacy disclosures in utility services

Privacy disclosures for utility services should be transparent and understandable. Privacy disclosures should use plain, easily accessible language. Those delivered via mobile devices should be short, meaningful, and easily accessible on smaller screens.