On Oct. 29, the FCC's Privacy and Data Protection Task Force (Task Force) announced a Memorandum of Understanding (MOU) between the FCC's Enforcement Bureau and the California Privacy Protection Agency (CPPA). The purpose of this MOU is to “ensure both agencies can align their efforts to best protect consumer privacy, ensure businesses and consumers are well-informed about their rights and obligations, and enforce privacy laws.”

The CPPA has the responsibility of enforcing the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), and has begun issuing enforcement advisories and taking other actions to ensure compliance with the CCPA/CPRA and its regulations.

The FCC is no stranger to federal-state coordination, as it has existing privacy and data protection partnerships with the attorney generals of several states. The announcement notes that the FCC's work with its state partners has resulted in “measurable results in the robocalling space to scale efforts to protect consumers.”

The Task Force was created by FCC Chairman Jessica Rosenworcel to address privacy and data protection issues subject to the FCC's authority under the Communications Act. Some of the privacy and data protection activities highlighted by the Task Force include SIM swapping scams, port-out fraud, and data breaches. In fact, the FCC has recently revised its rules to require carriers to refine their authentication practices and take other measures to protect customers from fraud schemes. 

Similarly, as reported here, the FCC has secured “Consumer Privacy Upgrades” with T-Mobile, AT&T, and TracFone. 

The regulatory landscape for privacy and information security is evolving rapidly, and the FCC/CPPA partnership demonstrates regulators' commitment to enforcing compliance with these requirements.  

We will continue to monitor the FCC and the CPPA regarding their rulemaking and enforcement activities (whether individual or coordinated) in the areas of privacy and information security.