The Federal Communications Commission has issued a declaratory ruling calling for wireless carriers to protect customer proprietary network information (CPNI) stored on end-user devices. The data in question includes call logs, duration, and a device's location at both the beginning and conclusion of a call. In a statement, the commission said today's ruling "rests on a simple and fundamentally fair principle: when a telecommunications carrier collects CPNI using its control of its customers’ mobile devices, and the carrier or its designee has access to or control over the information, the carrier is responsible for safeguarding that information."
"By taking action in this area, the Commission reaffirms that it is looking out for consumers..."
Wireless providers are already required to safeguard this data when it resides directly on their network. But now the FCC is expanding that responsibility to cover the CPNI found on your smartphone and other mobile hardware. Carriers utilize this information for various purposes including network optimization and to provide customers with more personalized support, Still, the FCC says the sensitive nature of CPNI makes proper protection vital.
The commission warns that it will be able to take action "in the event that a failure to take reasonable precautions causes a compromise of CPNI on a device." As for how carriers should protect this customer info, the FCC isn't proposing any sort of new approach. As long as there's some sort of defense against data being compromised in place, it seems the commission will be happy. Today's decision has no impact on legal requests, however, so carriers are just as likely to hand over your call history when the government comes calling.