Telecommunications/Marketing Flashcards
Telemarketing Sales Rule (TSR)
who it applies to
sellers (provide offers in exchange for consideration)
telemarketers (initiates and receives phone calls)
TSR
do not call registry
must access registry and obtain # listed in area code prior to making any solicitation calls o consumers in such area code
must pay annual fee for each area code to access #
list is updated every 31 days
TSR
do not call registry safe harbor
not in violation if have
- establish/implemented written procedure honoring customers do not call wishes
- trained personnel and assisting entities to comply with procedures
- have own do not call list or use copy of updated registry
- person hired to monitor and enforce compliance with procedures
- call is in error
TSR
no abusive calls
no pattern of unsolicited phone calls that consumer (reasonable) would find coercive or abusive to right of privacy
not abusive if
- express agreement
- established business relationship (transaction within last 18 months or inquiry in last 3 months)
enforcement TSR
FTC and FCC federally
state attorney general (50,120/improper call)
preemption TSR
preemption for state email marketing laws
no preemption for state telemarketing laws
Telephone Consumer Protection Act of 1991 (TCPA)
who it applies to
person that uses automatic phone dialing system (stores # and dials) to make
1. phone solicitation
2. unsolicited advertisements
TCPA
prohibited calls
- emergency phone lines
- guest/patient room in hospital, health care facility, elderly home etc
- cell phone or device that would charge fee to user
TCPA
prohibitions
- use system to call 2 or more lines of multiline business at same time
- calling number to see if its fax or voice line
TCPA
junk fax prevention act of 2005
any unsolicited ads sent by fax are prohibited unless
- established business relationship
- obtained number through voluntary communication in business relationship
- obtained # through public distribution of fax by recipient
if fall within exception must have notice on 1st page explaining opt out right of future ads and how to do so cost free 24/7 (honor within 30 days)
TCPA enforcement
must be brought in federal courts
FCC or state attorney (within notice to FCC)
private right of action
TSR and TCPA call guidelines
- residence only between 8am-9pm unless prior consent
- no threats or abuse
- prompt oral disclosure call is to sell goods and of natural of goods/services
- verifiable authorization for payments other than by credit/debit
- no call abandonment
- no prerecorded messages (robocalls)
- use caller ID that is accurate
- keep records (2 years)
TSR and TCPA call guidelines
call abandonment
no call abandonment may be made (not connected with live representative within 2 seconds of completed greeting)
unless:
1. use tech that no more than 3% of calls will be abandoned during 30 day period or 1 calling campaign
2. let phone ring 4x or 15 seconds
3. prerecorded message states live representative is unavailable
TSR and TCPA call guidelines
robocalls
no robocalls (prerecorded) unless
- written consent
- outbound made by covered entity/associate under HIPAAs privacy rule
- for info purposes only
if allowed must
- let phone ring for 15+ seconds
- play prerecorded message within 2 seconds once completed
- promptly disclose that person can opt out or be placed on do not call list
Combating Assault of Non-Solicited Port and Marketing Act of 2003 (CAN-SPAM)
what it applies to
- commercial electronic mail messages (primary purpose is to advertise or promote commercial website)
- mobile service commercial messages (messages that go to device used by subscriber)
- transactional/relationship messages (for info, transaction relationship, employment)
CAN-SPAM
requirements
- clear and conspicuous identification it is ad/solicitation
- no false/misleading header or subject line
- clear and conspicuous opt-out opportunity (stop 10 days after request)
- physical postal address
- warning label for sexually oriented material
- access wireless domain registry prior to sending message (30 day grace period for newly added names)
CAN-SPAM
aggravated violations
email address harvesting
automated creation of multiple email accounts
retransmitting commercial emails through automated accounts
CAN-SPAM
enforcement federal
FTC- section 5 (50,120/violation)
prudential regulators (ex. banking institutions)
CAN-SPAM
enforcement state
state attorney general
internet access service provider- private cause of action
Telecommunications Act of 1996
disclosure
telecommunication carriers may not disclose customer proprietary network information (CPNI)
CPNI= info collected as part of carrier subscription relationship (quantity, type, destination, location, amount of use of service)
unless:
1. consent
2. required by law
3. identifiable customer info removed
4. made for purpose of
- billing
- protect rights of carrier
- protect customer from fraud
- offer services in same category customer already subscribes to
- location info for emergency services
Telecommunications Act of 1996
administrative safeguards
must put in place
- employee training
- record maintenance
- compliance procedures
- certification annually to FCC that process is implemented/ description of process/ and summary of customer complaints
Telecommunications Act of 1996
technical safeguards
must put in place
- discover unauthorized access to CPNI
- protect against unauthorized access to CPNI
- verify customer identity
telecommunication act of 1996
reporting
must report to FCC within 5 business days of any instance where opt out mechanism is ineffective
must notify law enforcement within 7 days of determination that breach has occurred + affected customers (after law enforcement)
telecommunications act of 1996
enforcement federal
FCC
telecommunications act of 1996
enforcement state
private right of action or file complaint with FCC
Cable Communications Policy Act of 1984
privacy notice
cable operators must provide privacy notices upon entering into cable service agreement + annually that says
- nature of PI collection
- how PI is used and disclosed
- length of time PI maintained
- how they can obtain access to info
- limits on collection/disclosure
Cable Communications Policy act of 1984
PI collection
cable operators may not collect PI about consumers unless
- consent
- necessary for service
- necessary to detect unauthorized interception
cable communications policy act of 1984
PI disclosure
cable operators may not disclose PI about consumers unless
may disclose name and address if :
- consent
- necessary for service
- necessary to conduct leg business activities
- court order + subscriber notification
- gov agencies permitted under federal criminal law
enforcement federal cable communications policy act of 1984
FCC
enforcement state cable communications policy act of 1984
private right of action of file complaint with FCC
Video Privacy Protection Act of 1988 (VPPA)
disclose
video tape service providers may not disclose customer PI
unless may disclose name, address, and opt out if:
1. to consumer
2. consent
3. to law enforcement
4. for purpose of
- debt collection activities
- order fulfillment
- transfer of ownership
VPPA
destruction
video tape service provider must destroy PI as soon as reasonable practical (no later than 1 year after data no longer necessary for purpose and no pending requests/court orders for info)
VPPA enforcement federal
criminal violation
VPPA enforcement state
private cause of action for improper disclosures (not improper retention)
wiretap act
prohibits any person from intercepting wire, oral or electronic communications unless
1. court order
2. consent
any unlawfully intercepted communications may not be admitted into evidence during court proceeding or other official proceeding
wiretap act enforcement federal
federal crime enforced by US attorney general
- suit for injunction against unlawful interceptions other than telecommunication companies intercepting during ordinary course of business
wiretap act enforcement state
private cause of action or suit against US government for willful violation
electronic communications privacy act (ECPA)- stored communications act
access
no obtaining alternating or blocking authorized access to stored wire or electronic communications while in storage unless authorized by user of service or by person or entity providing service
ECPA- stored communications act
disclosure
no disclosure by internet service provider (ISP) of stored wire or electronic communications of customer records to government entity
ECPA- stored communications act
preservation
ISPs must preserve communications and customer records for up to 90 days subject to renewal upon gov request
ECPA- stored communications act
gaining access to communications
if stored less than 180 days or access without notice to subscriber/customer- need warrant to compel disclosure
all other
1. may compel disclosure through notification to subscriber/ customer + subpoena/court order
- may force disclosure through court order/warrant/consent
ECPA- stored communications act- cloud act
electronic communication services + remote computing services must preserve backup or disclose contends of wire or electronic communication + any record or other info pertaining to customer regardless of within US or not
authorities in other counties can gain access to communication data of non-US citizens stored in use by entering into agreement with country itself and going to ISP directly
ECPA- stored communications act enforcement
private cause of action or sue US government (willful violation)
ECPA- pen registers
it is unlawful to install or use either pen register or trap and trace device without 1st obtaining aid court order unless emergency situation (must receive court order within 48 hours after installation or use started)
court order:
- can authorize installation for no longer than 60 days and
- can place gag order on person who owns/leases facility to keep them from disclosing existence
ECPA- pen register enforcement
criminal offene- fine or imprisonment up to 1 year
immunity for providers who cooperate with law enforcement pursuant to valid court order
communications assistance to law enforcement act of 1994 (CALEA)
telecommunication companies must design their products and services in a way that
- provides access to communications as necessary to comply with court order and
- ensures security and integrity
government can’t mandate or prohibit specific designs or systems be used
don’t have to unencrypted communications unless encryption provided by communication carrier themselves
CALEA enforcement
US attorney general
civil penalties allowed only if court finds
- law enforcement doesn’t have alternative tech and capabilities to intercept communication or access info +
- compliance by telecommunications company is reasonably achievable
