Cable Communications Policy Act of 1984 (CCPA)

The Cable Communications Policy Act (Public Law 98-549) protects the personal information of customers of cable service providers. It incorporates the provisions of the OECD Privacy Guidelines of 1980, and as such provides a model of a comprehensive privacy statute. (It also provides a model of the US's sector-by-sector approach to privacy law, unfortunately.)

Under the CCPA, cable companies must provide a written notice of privacy practices to each subscriber (customer) at the time of entering into a service contract and at least once a year thereafter. The privacy notice must specify:

  • the nature of the personally identifiable information that is or may be collected, and the uses to which it may be put;
  • the "nature, frequency and purpose" of any disclosure that may be made of such information, including identification of the persons to whom those disclosures may be made;
  • how long the information may be maintained by the cable service provider;
  • where and how the subscriber may have access to the information about him- or herself; and
  • the subscriber's right to bring legal action if the requirements of the law are not followed.

In general, cable service providers must obtain prior written or electronic consent from the subscriber before collecting any personal information. Consent is not required to obtain information "necessary to render cable services " (admittedly, a rather large exception); nor is it required for information used to detect unauthorized reception.

Disclosure also generally requires prior consent, with the same two exceptions for business necessity and detection of cable piracy. Disclosure of personal information without consent is also permitted pursuant to a court order. The subscriber must be notified, and offered an opportunity to appear and contest the order. Disclosures may not generally include information about the subscriber's particular selections of video programming. (Another law provides protections for information about individuals' selections of rented video materials.)

(Note that the CCPA's requirement for notice of court orders, as well as its high standard of "clear and convincing evidence" that the information is material to criminal investigation, may have been reset by the USA Patriot Act.)

As noted, a cable service customer must be given access to the personal information collected about him or her, "at reasonable times and at a convenient place." The subscriber must be provided with a reasonable opportunity to have any errors in that information corrected.

A cable service provider must destroy personal information when it is no longer needed for the purposes for which it was collected (and there are no pending requests for access). It must take appropriate steps to prevent unauthorized access of customers' personal information for as long as it is held.

Subscribers' rights for civil action if aggrieved by a violation of the CCPA include provisions for actual and punitive damages.

CCPA specifically includes such "other services" as "radio and wire communications," so it presumably reaches to information on customers of cable broadband internet connections. The provisions of the CCPA probably cannot be stretched to apply to direct broadcast satellite (DBS) companies that provide functionally similar services.

States are not preempted from enacting laws which provide greater privacy protections than the CCPA.

See also:

 

Last modified: 11-May-2005 [RC]

 
 

   © 2002-2006 Contributing authors and University of Miami School of Medicine