Compliance Clock Begins to Tick for BIAS Providers Following Publication of Privacy Rules in the Federal Register

The FCC’s new privacy rules were published in the Federal Register last Friday, December 2, 2016.  The publication of these rules initiates the period in which broadband ISPs must come into compliance with the agency’s sweeping new rules. As summarized in our prior posts, the FCC’s Privacy Order, adopted Nov. 2, 2016, imposes broad new rules that alter the telecommunications privacy ecosystem and establish a new privacy framework for broadband ISPs centered on the principles of transparency, choice, and security.  Although the fate of these rules under a new administration is unclear the immediate implementation calendar is now set. The effective dates of certain elements of the new rules will be phased-in as follows:

• January 3, 2017 – The foundational rules (basis, purpose, definitions, etc.) (47 CFR 64.2001, 2002), the business customer exemption (64.2010), and the prohibition on conditioning service on a waiver of privacy rights (64.2011(a)) will be effective on this date.

• March 2, 2017 – Data security rules (64.2005) will be effective on this date.

• Pending further action – The breach notification rules (64.2006) will be effective the later of OMB approval under the Paperwork Reduction Act ("PRA") or 6 months after the FCC publishes a summary of the order the Federal Register.  Similarly, the notice and choice rules (64.2003, 2004) will be effective the later of OMB PRA approval under or 12 months after the FCC publishes a summary of the order the Federal Register.

Publication in the Federal Register also triggers the deadline for interested parties (or the FCC sua sponte) to file petitions for reconsideration, which must be filed no later than January 3, 2017. Any court challenge would be due January 31, 2017.