Techdirt does their usual bang-up job covering the FCC's new ruling that puts further restrictions on pretexting. Unlike the recent anti-pretexting law that was passed in the U.S., which was aimed squarely at the pretexters themselves the FCC action is designed to plug the holes on the other side of the conversation, establishing more secure practices within telecom companies to prevent the exposure of personal data. Better alert practices for consumers and law enforcement are also part of the package. Amongst the consequences of the FCC's new ruling are:

• Phone companies cannot release customer phone call records unless the customer provides a password. In the absence of a password, the company can only send the data to the customers' address of record or call the customer back at their phone number of record.

• Carriers must notify the customer immediately if their password changes.

• Telcos must get explicit consent from customers before sharing calling data with marketing partners and independent contractors.

• Carriers must submit an annual certification to the FCC that includes actions taken against pretexters and a summary of relevant complaints from consumers.

Check out the full pretexting piece from Techdirt, or go straight to the horses mouth and read the FCC's order (Look for date: 4/2/07).

-- MDT

Labels: FCC, identity theft, pretexting, Techdirt