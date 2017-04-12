Rollback of FCC privacy requirements could have broad repercussions

Last week's roll-back of FCC privacy regulations was good news for ISPs and marketers and bad news for privacy advocates.

The FCC privacy rules repeal does not actually make the privacy situation worse, since the proposed rules hadn't gone into effect yet.

But it may inspire ISPs to expand their data collection efforts.

"What we're going to see is the extension of whatever products and services these telcos have been offering," said Fatemeh Khatibloo, analyst and privacy expert at Forrester Research. "It's just going to be happening a little more aggressively and a little bit faster. They've gotten a bit of a green light."

That has a number of implications for security teams tasked with protecting their company's customers, employees, and business partners.

The most obvious impact is that customers, increasingly concerned about online security, may pay closer attention to how the websites they visit handle the issue.

"From a business perspective, you've got to make sure you've got an encrypted website," she said. "HTTPS is going to be increasingly important, and consumers are being told to make sure they're on a secure and encrypted site."

In addition, CISOs might be called on to work with business and marketing departments on whether to take advantage of the data available to them from the ISPs and broadband providers, she said. "Is there a risk to the organization by doing so?"

Then there's the question of protecting employees when they're online.

"This has some interesting implications for the privacy of employees using the web and the data that may now be collected on them and their online activities," said Craig Spiezle, executive director and president at Online Trust Alliance. "For some, this might include the need to use VPN services."

Outsiders may gain access to data about employees' VoIP calls, location, and search history, he said.

"In an era of the U.S. government focusing on alleged wiretaps and cyber spying, we are now effectively handing this same data over to broadband providers to sell and share as they like," he said.

It's not just marketers who might want to gain access to this data.

"This information provides context around who we are, what we think, where we go and what we do," said Jeff Kukowski, CEO at SecureAuth. "The potential misuses of this information in the hands of attackers is concerning and therefore needs to be critically protected like any other identity-related information."

Global repercussions

The ruling may also hurt the global competitiveness of US cloud service providers and may conflict with European privacy regulations.

