VoIP and Cybersecurity Regulation

The United States is intensifying its consideration of cybersecurity issues. Congress has introduced legislation that would require the president to establish or designate a cybersecurity panel to advise the president on United States cybersecurity status, vulnerability, and response. The president also has released a cyberspace policy review plan, which outlines the president’s strategy to appointment a cybersecurity coordination official charged with preparation of policies to secure the national information and communications infrastructure, as well as cybersecurity response plans.

The Federal Trade Commission also has adopted recently cybersecurity regulations, often called the “red flag” rules, which will require certain entities, including some VoIP providers, to undertake measures against identity theft. The rules require “creditors” holding “covered accounts” to develop and use an identity theft prevention program to help the entity identify, detect and respond to “red flags,” which may indicate identity theft has occurred. The FTC (News - Alert)’s new rules apply to companies that bill for services in arrears, offer installment payment plans, or otherwise defer payment for goods or services. Covered entities can include VoIP providers, carriers, ISPs, and even equipment vendors, depending on how they manage customer accounts and billing. At the request of Congress, the FTC has delayed the enforcement of the “red flag” rules until June 1, 2010. .tmcnet.com