FCC has carved out new rules in order to offer extra protection to consumers. It has gone ahead and strengthened the privacy rules so that the data of the customer remains secure and is not misused. This follows the federal legislation for banning pretexting. The privacy rules are targeted at phone companies which also includes VoIP. From now on phone companies cannot release phone records of customers until and unless the customer calls and gives a password. This way the data of the customer wouldn't reach any wrong hand. Also to offer further protection companies are also required to inform the customer in case of changes in address, password or online customer account.

Given below are the additional measures for strengthening customer data:

• Carrier Authentication Requirements. Carriers are prohibited from releasing a customer's phone call records when a customer calls the carrier except when the customer provides a password. If a customer does not provide a password, carriers may not release the customer's phone call records except by sending it to an address of record or by the carrier calling the customer at the telephone of record. Carriers are required to provide mandatory password protection for online account access. Carriers are permitted to provide all customer proprietary network information (CPNI), including customer phone call records, to customers based on in-store contact with a valid photo ID.
• Notice to Customer of Account Changes. Carriers are required to notify the customer immediately when the following are created or changed: (1) a password; (2) a back-up for forgotten passwords; (3) an online account; or (4) the address of record.
• Notice of Unauthorized Disclosure of CPNI: A notification process is established for both law enforcement and customers in the event of a CPNI breach.
• Joint Venture and Independent Contractor Use of CPNI: Consent rules are modified to require carriers to obtain explicit consent from a customer before disclosing a customer's CPNI to a carrier's joint venture partners or independent contractors for the purposes of marketing communications-related services to that customer.
• Annual CPNI Certification: Certification rules are amended to require carriers to file with the Commission an annual certification, including an explanation of any actions taken against data brokers and a summary of all consumer complaints received in the previous year regarding the unauthorized release of CPNI.
• CPNI Regulations Applicable to Providers of Interconnected VoIP Service:CPNI rules are extended to cover providers of interconnected voice over Internet Protocol (VoIP) service.
• Business Customers: In limited circumstances, carriers may bind themselves contractually to authentication regimes other than those adopted in this Order for services they provide to their business customers that have a dedicated account representative and contracts that specifically address the carrier's protection of CPNI.

Though security has been strengthened but companies are not required to send any notification to the customer in case any breach has happened therefore the mandate has received a lot of criticism and that too from a number of FCC commissioners.