The legislation also bars the FCC from addressing this issue in the future. Enforcing privacy is now shifted to the Federal Trade Commission.
Falcon predicts that at some point ISPs will push the envelope on selling this data and there will be pushback. “The day will come when the FCC will have to act because something so egregious happens,” he says.
Jonathan Hill, dean of the Seidenberg School of Computer Science and Information Systems at Pace University, is similarly concerned. “The Pandora’s box is now open, and we don’t know what’s going to fly out,” he says.
Businesses have other reasons to worry about the new law, Hill says. Most businesses have contracts with their providers that spell out limits on what they can do with browsing histories, but there are cracks that these restrictions could fall through. For example, telecommuters likely use their home internet service, so that consumer account would not be subject to the contract, Hill says.
He recommends that businesses review those contracts to be sure they restrict use of these histories.
ISPs are not allowed to sell information that is directly linked to an individual’s name, he says, but that data is stored by ISPs. The fear is that the data and the personal identification could somehow be hacked, he says.
Training of employees on safe browsing is important in general, he says. Traveling workers should avoid using airport Wi-Fi, he says, because glimpses of browsing and hence what the employee is interested in, can be hacked. Knowing that could be valuable to competitors, he says. “Don’t connect to airport Wi-Fi except with a VPN,” he says.
Omer Tene, vice president of research at the International Association of Privacy Professionals, is less concerned that ISPs will actually violate corporate privacy agreements, but he does recommend use of encryption or a VPN when connecting to corporate resources. “There are bigger threats out there than Verizon,” he says.
Sign up for CIO Asia eNewsletters.