On Monday, March 2, 2020, the Commission released the Second Further Notice of Proposed Rulemaking (“FNPRM”) proposing an information-sharing framework to provide state and federal agencies with access to Network Outage Reporting System (“NORS”) and Disaster Information Reporting System (“DIRS”) information to improve their awareness of outages and their emergency response decisions. This item was adopted in the February Open Meeting (PS Docket No. 15-80).
The FNPRM seeks comment on sharing NORS and DIRS data with state and federal agencies. The Commission proposes to limit the types of agencies eligible to receive this direct data to agencies acting on behalf of the federal government; the fifty states; the District of Columbia; Tribal Nation governments; and US territories, and proposes to allow local entities to access this information on a case-by-case basis, and seeks comment on this approach. To safeguard access to NORS and DIRS filings, the Commission seeks comment on specific proposals to allow and limit direct access to the information, protect the confidentiality of the information with targeted safeguards, and allow for certain disclosures of the information.
The FNPRM anticipates that service providers will incur minimal if any burdens related to DIRS, but recognizes that sharing NORS filings with state agencies may require technical adjustments for service providers’ systems (as well the FCC’s internal systems). The FCC estimates that service providers will incur total initial set up costs of $3.2 million based on the estimate of 1,000 service providers incurring costs of $80 per hour and spending 40 hours to update or revise their software used to report multi-state outages to the Commission in NORS. The FNPRM seeks comment on these assessments, including estimated burdens and timelines.
The Commission notes its intent to provide service providers with sufficient time to adjust their NORS and DIRS filing processes to conform with any adopted rules in this proceeding and proposes that revised outage reports under this framework would be due by a date specified in a future public notice by the Public Safety and Homeland Security Bureau, which would announce that OMB has approved the revised information collections and the Commission has made the necessary changes to the NORS and DIRS databases.
The adopted FNPRM contains certain additional proposals from the previously circulated draft version of the FNPRM, specifically:
- Eligible State, Federal, and Tribal Nation Government Agencies – The FNPRM proposes that agency access to the NORS and DIRS information should be limited to public safety purposes only, and seeks comment on the Commission’s definition of “need to know” and any criteria to establish this standard. (¶ 23). The adopted FNPRM also asks whether it should exclude from eligibility agencies located in states that have diverted or transferred 911/Enhanced 911 (“E911”) fees for purposes other than for 911/E911, and if so, how it should address conditions of access for states that have inadequately responded to FCC inquiries related to their use of 911/E911 fees. (¶ 26).
- Confidentiality Protections – The FNPRM seeks comment on service providers’ current disclosure policies on NORS and DIRS information, and any future plans that service providers may have for releasing outage and infrastructure status information. (¶ 30).
- Safeguards for Direct Access to Filings – The FNPRM asks whether, as an alternative to limiting agency access filings, such access should be limited to timeframes relevant to specific disasters or other events for which those agencies are contemporaneously preparing or responding. (¶ 36).
- The FNPRM seeks comment on penalties that could deter any inappropriate disclosure of NORS/DIRS information and any other confidentiality measures for sharing information downstream. (¶ 39). It also asks what or any additional steps the Commission can take to mitigate risks of over-disclosure of confidential information to ensure that aggregated data is sufficiently anonymized prior to disclosure. (¶ 42-43, 46).
- The FNPRM seeks comment on how the additional agency uses of the data, specifically for multi-state outages, and asks whether Tribal Nation’s access to filings should be limited to certain territories. (¶ 48-49).
- The FNPRM also seeks additional comment on any FCC processing requirements or modifications to the databases that may be required as a result of these changes. (¶ 71).
Comments on the FNPRM are due 30 days after publication in the Federal Register.
Reply Comments are due 60 days after publication in the Federal Register.
Please Contact Us if you have any questions.