The New York State Attorney General's office came out in support of the FCC's broadband privacy proposal this week, but has some suggestions for tightening the rules.
In filings on the FCC's proposal to require ISPs get the permission (opt in) of customers for most third-party sharing of their information, Kathleen McGee, chief of the state's Bureau of Internet and Technology said that there was a need for "enhanced regulation" in the area of broadband privacy.
She echoed the FCC majority's argument that broadband service providers are the key gateway to the Internet, and thus to their subs' information.
"Consumers cannot avoid a BIAS (broadband Internet Access service) provider the way consumers can avoid (without penalty), or otherwise freely and easily choose between, search engines or other websites, or smartphone applications," McGee told the FCC, though she was preaching to the choir when it came to FCC Chairman Tom Wheeler.
She also said the state had some tweaks for the proposal.
The state wants the FC to make sure ISP transparency policies (disclosure of subs' choices and options) is as concise as possible. It also wants the FCC to require multilingual notifications of ad and sales pitches as well as disclosures.
"It would be unfair to customers to use their preferred language to persuade them to purchase a product, and then use a second language to provide critical information about the collection, use, and disclosure of their private information resulting from that purchase," McGee said.
But the state is suggesting a little more leniency in one area.
The FCC is proposing to require ISPs to notify customers within 10 days of discovering a breach of their information, and to the FCC within seven days. The state says that given the process of identifying a breach can be time consuming, the FCC should instead follow the language of state breach notification laws that notice be provided "in the most expedient time possible and without unreasonable delay" within a longer set deadline.
It also says the FCC should obligate third-parties or affiliates to notify BIAS providers in the event of a breach.