Cinnamon Mueller Client Updates

 

New FCC EAS Rules Will Take Effect July 30th

Last month, the FCC released an Order revising its Emergency Alert System (“EAS”) rules.  The revised rules were recently published in the Federal Register and will take effect July 30, 2015 (except for the new reporting requirement, which is subject to OMB approval).

Background.  In November 2011, the FCC and FEMA conducted the first national EAS test to assess how the EAS system would perform in practice, and to develop and implement any improvements to ensure that the national EAS, if activated in a real emergency, would perform as designed.  After analyzing the performance of the EAS, and after soliciting feedback from EAS participants and interested parties, the FCC decided to revise its rules and tweak the system. 

Below, we highlight key parts of the recent Order.

New Reporting Requirement for EAS Tests.  For the 2011 national EAS test, EAS participants were required to submit an initial form to the FCC before the test with identification information, a second form the day of the test stating whether they received the test, and a third form after the test with information about the receipt and distribution of the test.  In light of the data submitted, the FCC has decided to adopt a permanent Electronic Test Reporting System (“ERTS). 

All EAS participants, including cable operators, will be required to file in the ERTS.  As with the 2011 test, EAS participants will be required to submit three separate forms, including an initial form with identification information.  The Public Safety & Homeland Security Bureau plans to release a public notice providing more details about ERTS in the near future. 

EAS Visual Crawl Requirements.  EAS participants will now be required to follow some basic display rules.  Visual messages must be displayed at the top of the television screen or where they won’t interfere with other video messages (such as closed captioning).  EAS messages must also be displayed in a size, color, contrast, location and speed that is readily readable and understandable. There is no requirement to display the message in a particular font size or crawl speed, but the entire visual message must be displayed at least once during any EAS alert.

            At the same time, the FCC declined to adopt specific audio accessibility requirements.  Audio EAS messages must be played in full at least once during any EAS alert, and must be delivered “in a manner and cadence that is sufficient for the consumer who does not have a hearing loss to readily comprehend it.”

Header Code Changes for National EAS Test Alerts. The FCC has designated six zeroes (000000) as the national location code for future national EAS tests.  Location codes signal to an EAS participant’s equipment whether the alert covers that participant’s area (for example, whether a tornado warning affects a certain county or state).  After conducting the national test and reviewing the results, the FCC and FEMA realized that many EAS participants’ equipment rejected the test as out of area because there was no designated code for a national alert.  Moreover, there was no event code to be used in a national alert.  To solve this issue, the FCC will use the “National Periodic Test Code” or NPT for future national tests.

           

According to the Order, most EAS equipment should be able to receive and decipher a six zeroes code and be able to process an NPT code.  EAS equipment that cannot should be able to with a software update from its manufacture. 

 

Compliance Dates.  EAS participants have until January 31, 2016 to comply with the visual display requirements and until July 30, 2016 to get EAS equipment set up to use the six zeroes and NPT codes.  EAS participants will also have six months after the launch of the ERTS to complete their initial filings. 

If you have questions about your company’s requirements under the EAS rules, or EAS in general, please contact Scott Friedman at (312) 372-3930 or sfriedman@cinnamonmueller.com.

FCC Enters Into $3.5 Million Settlement to Resolve Data Breach and Lifeline Investigation

 

On July 9, 2015, the FCC released an Order announcing that its Enforcement Bureau had entered into a $3.5 million settlement with TerraCom and YourTel America to resolve an investigation into whether the companies failed to properly protect the confidentiality of personal information they received from more than 300,000 consumers.  The FCC also announced that the settlement resolved the Enforcement Bureau’s investigation into YourTel’s failure to comply with FCC instructions to remove ineligible Lifeline subscribers which resulted in over-billing of the federal program.  

            In 2013, an Enforcement Bureau investigation found that the companies’ vendor stored consumers’ personal information on unprotected servers that were accessible over the Internet, and that the companies’ failure to provide reasonable protection for their customers’ personal information resulted in a data breach that permitted anyone with a search engine to gain unauthorized access to the information.  The companies had notified the Bureau after a Scripps Howard investigative reporter discovered the situation and was preparing to publish an article.

The Enforcement Bureau found the two carriers apparently liable for violating two separate provisions of the Communications Act, Sections 222(a) and 201(b), by failing, among other things, to protect the confidentiality of proprietary information collected from customers and to notify customers whose information was exposed to data security breaches.  Under Section 222 of the Communications Act, telecommunications carriers, and, since 2007, interconnected VoIP providers, are required to protect the confidentiality of “customer proprietary network information,” commonly known as “CPNI.”  Section 201(b) prohibits carriers from engaging in unjust and unreasonable practices, and had not previously been relied upon by the FCC in cases involving disclosure of customer proprietary information. 

            The settlement is conditioned on the companies paying a $3.5 million civil penalty, notifying all consumers whose information was subject to unauthorized access, providing complimentary credit monitoring services for all affected individuals, and undertaking additional measures to mitigate any potential harm to consumers.  Additionally, the companies committed to improving their privacy and data security practices, conducting an assessment of any other privacy risks, implementing a security program to protect written information, maintaining strict oversight of their vendors, and assuring that a senior corporate manage is a certified privacy professional.  They will also implement a data breach response plan, train their employees on privacy and security awareness, and file regular compliance reports with the FCC.

            All VoIP and broadband Internet access service providers should assess the need to engage in similar assessments and compliance improvements concerning their and their vendors’ handling of sensitive personally identifiable subscriber information gathered in their provision of voice telephone and broadband Internet access services.  

If you have questions about your privacy requirements, or how Section 222 may apply to your company under the Open Internet rules, please contact Barbara Esbin at (202) 872-6811 or besbin@cinnamonmueller.com, Bruce Beard at (314) 394-1535 or bbeard@cinnamonmueller.com, or Jake Baldwin at (312) 372-3930 or jbaldwin@cinnamonmueller.com.