Part 3: Rules Governing Privacy

Purpose and Scope

While most of the consumer protection rules in this general order protect small businesses as well as individual consumers, the rules in Part 3 are designed specifically to protect the privacy interests of residential telephone subscribers. We recognize that small businesses have some of the same rights and interests as individuals, for example, the right to have call information kept confidential and the right not to be disturbed by unwanted solicitations. Some privacy interests are, however, obviously unique to individuals, and the right to privacy in one's home benefits from a heightened level of protection under the law. For example, Public Utilities Code § 2891 requires carriers to obtain a residential subscriber's written consent before disclosing the subscriber's confidential information "to any other person or corporation."45 There is no comparable requirement for business customers. The privacy rules in Part 3 reflect this distinction. They implement § 2891 and other state law privacy protections for residential consumers. Should we determine that there is a need for regulations protecting the privacy of small business telephone customers as well, we will address that need at a later time.

Because wireless telephones used by individual subscribers are typically brought into their homes (and into other private residences), sometimes to the exclusion of landline telephone, the privacy interests of wireless customers are substantially the same as those of residential customers. Accordingly, they are afforded the same protections.

The portability of cell phones, which are usually carried on or about one's person, coupled with the public's reliance that directories of cell phone telephone numbers are not generally available, makes them considered an intimate, personal, private instrument. As such, we deem cellular telephone subscribers who are individuals (as opposed to corporate, partnership, limited liability companies, or comparable business entities) "residential" within the meaning of Public Utilities Code § 2891. To find otherwise would be to confer a higher level of privacy protection for a static instrument that does not command the immediacy of a cell phone, an instrument the attractiveness of which seems to derive in no small part from its small, portable, and intimate nature.

Clearly, to many modern subscribers, a cell phone is a personal accoutrement more akin to communication prosthesis than a mere gadget. We cannot believe that the legislature would have us interpret § 2891, which was enacted before the widespread profusion of cell phones, to afford greater privacy protection to land line phones than cell phones.

The notion of "privacy" as it is used in the United States actually encompasses at least two distinct interests: an interest in precluding the dissemination or misuse of sensitive and confidential information about oneself (sometimes called "informational privacy") and an interest in making intimate personal decisions or conducting personal activities without observation, intrusion, or interference ("autonomy privacy").46 Each of these interests comes into play for users of telecommunications facilities, and each is protected by California law. The interest in keeping telephone communications confidential, and the interest in keeping confidential information about whom we called, when, how often, and for how long, involves both informational privacy and autonomy privacy interests.

The right to control access to information about oneself is protected by Article I, Section 1 of the California Constitution, which provides:


All people are by nature free and independent and have inalienable rights. Among these are enjoying and defending life, liberty, acquiring, possessing and protecting property, and pursuing and obtaining safety, happiness, and privacy.47

In 1972, California voters added privacy to the list of inalienable rights in Article I, Section 1 of the California Constitution. In a 1975 opinion interpreting the new provision, the California Supreme Court observed that the "moving force behind the ... constitutional provision was ... the accelerating encroachment on personal freedom and security caused by increasing surveillance and data collection activity in contemporary society. The new provision's primary purpose is to afford individuals more measure of protection against this most modern threat to personal privacy."48 That conclusion was based in part on what the proponents of the amendment had stated in the state election brochure:


The proliferation of government snooping and data collection is threatening to destroy our traditional freedoms. Government agencies seem to be competing to compile the most extensive set of dossiers of American citizens. Computerization of records makes it possible to create `cradle-to-grave' profiles of every American. At present there are no effective restraints on the information activities of government and business. This amendment creates a legal and enforceable right of privacy for every Californian.


The right of privacy is the right to be left alone. It is a fundamental and compelling interest. It protects our homes, our families, our thoughts, our emotions, our expressions, our personalities, our freedom of communion and our freedom to associate with the people we choose. It prevents government and business interests from collecting and stockpiling unnecessary information about us and from misusing the information gathered for one purpose in order to serve purposes or to embarrass us. Fundamental to our privacy is the ability to control circulation of personal information. This is essential to social relationships and personal freedom. The proliferation of government and business records over which we have no control limits our ability to control our personal lives. Often we do not know that these records even exist. We are certainly unable to determine who has access to them.49

The right to privacy protected by the California Constitution applies to collection and dissemination of information by businesses as well as by the government.50

An enormous body of state statutory and decisional law further reflects the importance accorded privacy rights in California. The fact that the Legislature expressly provided that a violation of Public Utilities Code § 2891 "is a grounds for a civil suit by the aggrieved residential subscriber against the telephone... corporation and its employees responsible for the violation"51 underscores the importance accorded privacy interests under California law.

Telephone consumers' interest in keeping communication over the telephone network confidential is protected by, inter alia, Public Utilities Code §§ 2885, 7903, 7905, and 7906.52 The interest in controlling the disclosure of information about the subscriber to third parties is protected by Public Utilities Code §§ 761.5, 2891-2894.10. The right not to be disturbed by unwanted telephone solicitations is protected by Public Utilities Code §§ 2871-2876 (regulating automatic dialing-announcing devices) and § 2894.10, and by the recently enacted California law prohibiting unsolicited and unwanted telephone solicitations, Bus. & Prof. Code §§ 17591-17595, the Do Not Call law.53

The privacy rules in G.O. ___, Part 3, protect the privacy interests, both informational and autonomy, of individual California telephone subscribers, particularly residential subscribers, primarily by gathering together, explaining, and implementing the applicable provisions of the Public Utilities Code. The rules also alert carriers and consumers to some of the other laws and regulations that protect customers' privacy interests, such as the regulations establishing the federal Do Not Call list, and directs carriers to comply with all applicable privacy laws.

For example, explanatory comments to the rules alert carriers and consumers to the federal Telephone Consumer Protection Act of 1991 (47 U.S.C. § 227), the Telemarketing and Consumer Fraud and Abuse Prevention Act (15 U.S.C. §§ 6101-6108), and the federal Do Not Call list.54 The comments note that California law (Business & Professions Code §§ 17590-17595) also prohibits telephone solicitation calls to California telephone numbers on the federal Do Not Call list.

In their comments on earlier versions of these rules, certain carriers have argued that we lack authority to adopt privacy rules, based on (1) federal preemption and (2) the United States Supreme Court's jurisprudence regarding protection of commercial speech under the First Amendment. We now turn to those issues.

Federal Preemption

Section 222 of the Telecommunications Act ("Privacy of Customer Information") protects confidential subscriber information. That statute requires carriers to obtain a subscriber's "approval" before disclosing the subscriber's customer proprietary network information (CPNI) to third parties, subject to certain exceptions. CPNI includes information carriers may derive from providing telephone services to a subscriber, for example, records of calls made and received and information about calling patterns. The statute does not specify in what form approval may be obtained; that issue was left to the FCC to determine. The FCC interpreted "approval" to mean informed consent, and after a lengthy rulemaking proceeding, issued regulations requiring that consent be obtained by an opt-in method.55

The FCC's regulations, as amended in 1999, required a carrier to obtain a subscriber's affirmative consent before using or disclosing CPNI for any purpose other than initiating, providing, billing, and collecting for the type of service (local exchange, long-distance, or wireless) that a carrier provided to that customer. Carriers were allowed to infer permission to use CPNI to provide the services requested and to market related services, such as custom calling features, but had to obtain a customer's express approval to market a different type of service (e.g., a carrier that provided only local exchange service to a subscriber would have to obtain the subscriber's express approval to market long distance or wireless service to that customer). This "total service approach" was intended to allow carriers to use CPNI to serve their customers with relative ease and to market related services to existing customers, but not to leverage their existing customer base to gain a competitive advantage in new markets.

U.S. West challenged these regulations, arguing that they violated the company's commercial speech rights protected by the First Amendment. In a split decision that has been widely criticized by legal scholars, the United States Court of Appeals for the Tenth Circuit struck down the opt-in requirement of the CPNI regulations on First Amendment grounds. The Tenth Circuit decision did not prohibit the use of an opt-in approach but rather found that, based on the record before it, the FCC had failed to satisfy its burden of showing that the customer approval regulations restrict no more speech than necessary to serve the asserted state interests.56

Upon remand, the FCC modified the opt-in provisions in the CPNI regulations.57 The revised rules allow carriers to obtain a customer's knowing consent to the use of CPNI in order to market communications-related services by means of either opt-in or opt-out approval procedures. Carriers wishing to disclose CPNI to unrelated third parties or to carrier affiliates that do not provide communications-related services must obtain express customer consent by means of an opt-in method.58 In its order, the FCC expressly acknowledged that states may, consistent with the First Amendment, develop opt-in requirements based on the state record. The FCC declined to impose a blanket preemption policy barring the states from adopting opt-in requirements. Furthermore, the FCC stated that when states adopt CPNI rules that are more restrictive than those adopted by the FCC, it will decline "to apply any presumption that such requirements would be vulnerable to preemption."59 The FCC explained:


Our state counterparts do bring particular expertise to the table regarding competitive conditions and consumer protection issues in their jurisdictions, and privacy regulation as part of general consumer protection is not a uniquely federal matter. We decline, therefore, to apply any presumption that we will necessarily preempt more restrictive requirements.60

Instead, the FCC decided that it would exercise preemptive authority on a case-by-case basis. The FCC stated that it may preempt state regulation of intrastate telecommunications matters "where such regulation would negate the commission's exercise of its lawful authority because regulation of the interstate aspects of the matter cannot be severed from regulation of the intrastate aspects."61

In light of the FCC's decision not to apply a blanket preemption policy barring states from adopting privacy regulations that are more protective of consumers than the CPNI regulations, and not to adopt a presumption that such regulations are preempted, there is no reason to assume that our state rules implementing state law will be preempted.

First Amendment

Some carriers, citing U.S. West, have argued in comments that a rule requiring carriers to obtain prior consent from a subscriber by means of an opt-in method before disclosing the subscriber's confidential information to third parties violates the First Amendment. We have considered these arguments and have reached two conclusions. First, we do not agree that our rule violates the First Amendment. Second, state law already requires carriers to obtain written, opt-in consent from residential subscribers, and we are bound to uphold that law.62

Public Utilities Code § 2891 requires carriers to obtain a residential telephone subscriber's written consent before disclosing confidential subscriber information "to any other person or corporation." Thus, in enacting this legislation, the California Legislature adopted a written opt-in approval requirement for residential telephone subscribers.

Section 2891 was enacted in 1986 in response to a wave of complaints from Pacific Bell customers about disclosure of their subscriber information to third parties for marketing purposes. While debating the bill that became § 2891, the Legislature considered both opt-in and opt-out alternatives. Specifically, it considered Pacific Bell's contention that an opt out alternative could raise $7 million that could be used to subsidize local telephone rates. Apparently, the Legislature accepted the bill proponents' view that "the amount was insignificant compared to the intrusion on customer's privacy."63 Legislators noted that the opt-in approach was necessary because "two of the problems telephone customers complained about when Pacific initiated the sales program was [sic] that they were not adequately informed before the program began, and that they had to return a confusing form if they did not want to participate."64 Clearly, the Legislature considered the opt-out approach and rejected it.65

Commercial Speech Protection under Central Hudson

We do not agree with those carriers who have argued that our privacy rules violate their First Amendment rights to engage in commercial speech.

In Central Hudson Gas & Electric Co. v. Public Services Commission (1980), 477 U.S. 557, the United States Supreme Court set forth a four-part test for determining when government regulation of commercial speech is permissible.66 The reviewing court must determine:

1. Whether commercial speech concerns lawful activity and is not misleading (unlawful or misleading speech is not protected by the First Amendment);

2. Whether there is a substantial state interest;

3. Whether the regulation directly advances that interest; and

4. Whether the regulation is no more extensive than necessary to serve the governmental interest (subsequent cases have elaborated on this requirement, sometimes described as a "reasonable fit" between the state interest and the regulation).

The Part 3 privacy rules do not violate carriers' First Amendment rights under the Central Hudson test for the following reasons. First, the requirement that commercial solicitations be truthful and not misleading is not subject to First Amendment protection. Second, the state's interest in protecting telephone consumers' privacy rights is substantial. The importance of the privacy interests is reflected in Article I, § 1 of the California Constitution and in the privacy statutes discussed above, particularly Public Utilities Code §§ 2891-2894.10. This Commission has a longstanding precedent "acknowledg[ing] that our fellow citizens place a high value in the protection of their interest in individual privacy." (In Re Pacific Bell (1992), 44 Cal. P.U.C. 2d 694, 708 (D.92-06-065)). This acknowledgement reflects the high numbers of California citizens who pay a premium for unlisted numbers. Similarly, the pronounced public interest in the federal Do Not Call registry affords evidence of both the intensity and substantiality of the public's concern.67 The rules directly advance this state interest in protecting privacy interests by requiring carriers to obtain express, written consent from their residential subscribers before disclosing their subscribers' confidential information for marketing purposes. Protection of this information is necessary, among other reasons, because customers of telephone companies essentially have no choice but to provide confidential information to those companies in order to receive service, the indispensability of which is rarely questioned. Finally, the opt-in method (rather than an opt-out method, preferred by carriers such as U.S. West) is necessary for effective protection of residential subscribers. The California Legislature considered both methods and concluded that opt-out would not be an effective means of protecting residential subscribers' privacy interests. Subsequent experience with opt-out methods adopted in other consumer protection laws demonstrate that this conclusion was well-founded.

Conclusion

We have endeavored to fashion rules that will protect consumers' privacy interests effectively within the framework of the state Constitution and state laws. In response to comments, the June 2002 draft decision made many clarifying changes to the first draft of the rules. The version we adopt today likewise responds to additional comments and suggestions submitted by the parties. Definitions were revised and added. In addition, the rules have been reorganized so that they are more similar in structure and organization to the FCC's CPNI rules.

Compliance Timeframe

We expect that it will be necessary for carriers to evaluate their current information handling practices, and some will need to adjust them and train staff in order to comply with the new privacy rules. We have allowed carriers 120 days to come into full compliance with new G.O. ___, including Part 3. This adjustment period does not excuse any carrier from compliance with any currently applicable requirements, including provisions of the Public Utilities Code, tariff rules, and prior Commission decisions and orders.

45 § 2891(a). 46 Am. Acad. of Pediatrics v. Lungren, 16 Cal. 4th 307, 328 (1997). 47 California Constitution, Article I, § 1. 48 White v. Davis, 13 Cal. 3d 757, 767 (1975). 49 Id. at 233 (quoting November 1972 state election brochure). 50 Am. Acad. of Pediatrics v. Lungren, 16 Cal. 4th 307, 328 (1997); Hill v. National Collegiate Athletic Assn., 7 Cal. 4th 1, 20 (1994). 51 §2891(e). 52 See also Penal Code §§ 631, 632, 637, 637.1, 641. 53 Legislative mandates to protect privacy interests of utility customers are found throughout the Public Utilities Code. In addition to §§ 2891-2894.10, which specifically address various aspects of privacy protection for telephone users, see, e.g., § 393(f)(7) (protects confidentiality of Electric Service Providers' customer information); § 497.5(c)(5) (requiring adequate privacy protection rules as a condition of granting telephone corporations an exemption from the tariff requirement); § 761.5 (protecting confidentiality of customer information obtained from centralized credit check system);  § 7906 (need for telephone corporations to ensure privacy of communications over their networks). See also Code of Civil Procedure § 1985.3(f) (requiring subpoena to obtain personal records maintained by telephone corporations). 54 Regulations issued by the Federal Trade Commission (16 C.F.R. Part 310) and the FCC (47 C.F.R § 64.1200) established the Do Not Call list. As of February 2004, consumers nationwide had placed approximately 55 million telephone numbers on the list. On February 17, 2004, the Tenth Circuit rejected a First Amendment challenge to the Do Not Call list brought by telemarketing companies. Mainstream Mktg. Servs. v. FTC, 2004 U.S. App. LEXIS 2564 (U.S. App., 2004). 55 See former 47 C.F.R. §§ 64.001-64.2007. 56 U.S. West, Inc. v. FCC (10th Cir. 1999), 182 F.3d 1224, at 1239. 57 Further Order, Implementation of the Telecommunications Act of 1996: Telecommunications Carrier's Use of Customer Proprietary Network Information and Other Customer Information; and Implementation of the Non-Accounting Safeguards of Sections 271 and 272 of the Communications Act of 1934, as amended (July 16, 2002), Third Report and Order And Third Further Notice of Proposed Rulemaking ("CPNI Order 2"). 58 CPNI Order 2, pp. 15 - 31, 31-50. 59 CPNI Order 2, pp. 31, 70. 60 Id., p. 32, 71. 61 CPNI Order 2, pp. 31-34, 69-74. 62 California Constitution, Article III, §3.5 provides: § 3.5.  Limitation on powers of administrative agencies.
An administrative agency, including an administrative agency created by the Constitution or an initiative statute, has no power:
    (a) To declare a statute unenforceable, or refuse to enforce a statute, on the basis of it being unconstitutional unless an appellate court has made a determination that such statute is unconstitutional;
    (b) To declare a statute unconstitutional;
    (c) To declare a statute unenforceable, or to refuse to enforce a statute on the basis that federal law or federal regulations prohibit the enforcement of such statute unless an appellate court has made a determination that the enforcement of such statute is prohibited by federal law or federal regulations. This provision represents an explicit constitutional disincentive to any attempt to harmonize Public Utilities Code § 2891's provisions on CPNI with those of the Federal Communications Commission in the absence of a clearly applicable appellate decision that renders §2891's provisions constitutionally suspect. Because we believe that the facts in U.S. West, Inc. v. FCC (10th Cir. 1999), 182 F.3d 1224, cert. denied, 530 U.S. 1213 (2000), are distinguishable from our CPNI statute, we would decline to do so, even if the burden on carriers of having to comply with an FCC standard in most jurisdictions and a California standard here could be ameliorated by an attempt at harmonization of the two provisions. 63 See Legislative history of AB 3382, AB 3382 Analysis, p.2. 64 See Legislative history of AB 3382, Assembly Committee on Utilities and Commerce, Comments, April 8,1986, p.2. 65 The California Legislature has acted to protect the privacy of telephone subscribers in other statutes, including § 2891.1, which protects the information of subscribers with unlisted numbers. Privacy in telecommunications is also protected by California Business and Professions Code § 16606, which protects customer lists of answering services as trade secrets, and by other statutes, some of which are cited above. 66 The test is only applicable if it is in fact speech that is being regulated. It is by no means certain that disclosure of confidential customer information for marketing purposes constitutes speech. 67 See footnote 7, supra.

Previous PageTop Of PageNext PageGo To First Page