Despite strong opposition from the cable industry, the FCC late Mon beefed up its phone privacy rules in response to the Hewlett-Packard board investigation scandal that unfolded late last year (Cfax, 10/18). In that case, members of H-P’s board allegedly used "pretexting"—the use of false pretenses to gain an individual’s phone records—in order to determine who on the board was leaking information to the press. The FCC’s new safeguards, which apply to VoIP providers as well as traditional common carriers, require carriers to get express consent before disclosing customer data to third parties. "The former ‘opt-out’ approach to customer consent, whereby a carrier may disclose a customer’s phone records provided that a customer does not expressly withhold consent to such use, shifted too much of the burden to consumers, and has resulted in a much broader dissemination of consumer phone records," said FCC chmn Kevin Martin. "The ‘opt-in’ approach adopted in this order clearly is supported by the record, is consistent with applicable law, and directly advances our interest in protecting customer privacy." NCTA, which has opposed standardized pretexting rules as counterproductive, costly and too confusing for consumers, wasn’t commenting at presstime as it was still studying the order. Several MSOs also opposed the pretexting rules during the comment process. Other new FCC requirements in the order include: carrier authentication requirements that bar carriers from releasing a customer’s phone records unless the customer provides proof of identity such as a password; notification requirements to inform customers when account changes are requested or to alert them to an account breach; an annual certification program requiring carriers to disclose consumer complaints and actions taken against data brokers. The Commission also sought comment on what additional steps, if any, it should take. Democratic commissioners Jonathan Adelstein and Michael Copps dissented in part, citing provisions allowing the authorities to delay notifying customers of a breach while an investigation is ongoing. "As some have described it, it is akin to not telling victims of a burglary that their home has been broken into because law enforcement needs to continue dusting for fingerprints," said Copps.