The US telecommunications regulator has banned telephone and mobile phone operators from releasing customer records over the phone without a password in an effort to protect against the practice of “pretexting”.
Pretexting – gaining a phone customer's call or account records by pretending to be that customer – has become a major concern, highlighted last year by the spying scandal surrounding computer giant Hewlett-Packard.
HP announced that its hired investigators had used pretexting to gain access to reporters' and board members' phone records in an effort to find the source of board leaks. The company later settled a lawsuit against it for $14.5m (£7.25m)
New rules from the Federal Communications Commission will prohibit pretexting and also require US operators to notify customers immediately when there are changes to their accounts, such as a new password, new address or newly opened online account.
"The unauthorised disclosure of consumers' private calling records is a significant privacy invasion," FCC chair Kevin Martin said. "Compliance with our consumer protection regulations is not optional for any telephone service provider. We need to take whatever actions are necessary to enforce these requirements to secure the privacy of personal and confidential information of American customers."
The FCC order also requires operators to notify customers and law enforcement officials if there has been an unauthorised disclosure of phone records. Carriers will also be required to obtain explicit consent from a customer before disclosing phone records.
Providers of both traditional voice and Voice over Internet Protocol (VoIP) service are covered by the new rules.
US president George Bush signed a bill creating criminal penalties for pretexting in January.