10. Providing Customer Information
Pacific Bell from time to time hires outside vendors, such as telemarketing organizations, to contact its customers for sales or other reasons. In doing so, Pacific Bell necessarily provides the outside vendors the names and phone numbers of the customers. In some cases, the lists are created for a particular purpose, such as customers with Caller ID Complete Blocking. Pacific Bell also uses its corporate affiliates that are part of the SBC family of companies to answer customer service calls; these affiliates also have access to customer information.
Complainants object to this sharing of information as violating federal and state law regarding customer privacy. Specifically, UCAN states that 47 U.S.C. § 222 requires Pacific Bell to "protect the confidentiality of proprietary information of . . . customers." UCAN also states that customer proprietary information includes "information that relates to the quantity, technical configuration, type, destination, and amount of use . . . that is made available to the carrier by the customer solely by virtue of the carrier-customer relationship." (Hearing Exhibit 4.) UCAN also states that § 2891 prohibits Pacific Bell from providing customer information, including credit or financial information which services the customer purchases, to "any other person or corporation."
The outside vendors, Pacific Bell states, are acting as its agents in performing certain tasks. Pacific Bell states that it does not divulge to outside vendors unlisted numbers or numbers of customers that have asked Pacific Bell not to be contacted by these vendors. Pacific Bell concludes that it is in full compliance with the 1996 Telecommunications Act and the Federal Communications Commission (FCC) regulations, which explicitly address the use of customer information and of sales agents and affiliates in making sales.
Complainants have not alleged that the information disclosed to agents or corporate affiliates was used for any purpose other than marketing Pacific Bell's products, or that the agents or affiliates failed to keep the information secure. Complainants have not responded to Pacific Bell's statements that it is operating in compliance with the FCC's requirements for affiliates and vendors. Under the Total Service Approach adopted by the FCC, the determination of whether a telecommunications corporation may share customer information among its corporate family turns on the scope of the service provided, not the corporate structure.15 Complainants presented no analysis of this requirement.
Complainants next object to Pacific Bell's sharing of information with SBC Operations, Inc. call centers on both "incoming and outgoing" calls. However, complainants do not address the exception to CPNI restrictions for inbound calls found in 47 U.S.C. § 222(d)(3).
While Pacific Bell has made customer information available to other persons or corporations, those persons or corporations, both outside vendors and corporate affiliates, have been under the direction of Pacific Bell and have been conducting Pacific Bell's business. Complainants have not provided us a citation to an FCC order that prohibits such commonplace arrangements. We note also that no complaint has been filed with the FCC regarding this alleged violation of federal law and regulatory policy.
We turn next to California law on privacy of customer information. Section 2891 prohibits all California telephone corporations from making available to "any other person or corporation" various types of customer information, including customer calling patterns and financial information.16 UCAN alleges that Pacific Bell has violated this statute because it has shared such information with its corporate affiliates and unaffiliated vendors. Pacific Bell responded that it has the right to provide such information to its agents for use on Pacific Bell's behalf. Pacific Bell cites no statute or Commission decision for this proposition.
We observe that UCAN has not alleged that the third parties, whether corporate affiliates or not, were conducting business on behalf of any entity other than Pacific Bell. UCAN appears to be objecting to the mere availability of customer information to these third parties, not the use of the information. Similarly, UCAN has not alleged that Pacific Bell was inadequately supervising the third parties, nor has UCAN alleged any security failures by the third parties.
UCAN's reading of § 2891 - that a telephone corporation must obtain customer consent before sharing the information with anyone - would render the corporation powerless because a corporation can only act through natural persons. Under that reading, Pacific Bell, the corporation, would need customer consent in order to share customer information even with its employees, who are "persons" within the meaning of the statute. Such a narrow reading of the statute would also have the effect of prohibiting Pacific Bell from engaging in the commonplace business practice of hiring outside vendors.17
For the reasons stated above, UCAN has not established a claim under 47 U.S.C. § 222. As we do not adopt UCAN's interpretation of § 2891, the facts alleged by UCAN fail to support a claim under that statute.
15 See Implementation of the Telecommunications Act of 1996; Telecommunications Carriers' Use of Customer Proprietary Network Information and Other Customer Information, Second Report and Order and Further Notice of Proposed Rulemaking, FCC 98-27 (Feb. 19, 1998) at ¶ 51. 16 Section 2891(d) contains 10 exemptions from the statute, none of which are applicable here. 17 While the statute shows no intent to prohibit such practices, we note that Pacific Bell's responsibility to maintain the confidentiality of its customers' information requires that it ensure that outside vendors use the information only for Pacific Bell purposes, securely maintain the information while in their possession, and return all copies when their Pacific Bell work is completed.
