Customer Proprietary Network Information (CPNI) Rules
In September 2008, the Enforcement Bureau of the FCC sent letters of inquiry to thousands of communications providers for suspected violations of the agency’s privacy or “customer proprietary network information” (CPNI) rules. All covered communications providers – including wireless service providers, prepaid long-distance providers, postpaid long-distance providers and VoIP providers, among others – must have policies and procedures in place to ensure compliance with FCC CPNI regulatory obligations.
It is vitally important for your business to ensure that you are in compliance with the CPNI rules. Telecom lawyer Ben Bronston can help you ensure that you meet these CPNI requirements. Call today at 888.469.0579 to set up a consultation.
Providers must implement systems that will achieve full CPNI compliance or they may face serious enforcement liability and consequences. One of the most important requirements of the FCC’s new rules is that providers now must file annually a written privacy policy with the FCC by March 1 of every year. This written privacy policy must describe the procedures and procedure changes implemented by the provider to prevent the unauthorized disclosure of CPNI during the past calendar year.
To fulfill this requirement, a provider should design and implement procedures that comply with the FCC’s CPNI rules, and that also are tailored to match its business practices. However, for a provider to avoid potential liability, it should design and implement procedures that also include any additional precautions to prevent the unauthorized disclosure of CPNI. The FCC views the explicit requirements set forth by its rules as only the minimum threshold for compliance and has stated that it expects providers to take any additional steps to protect the privacy of CPNI that are feasible for the provider.
Providers also must file a CPNI certificate with the FCC by March 1 of every year. This certificate must be signed by an officer of the provider and must state that this officer has personal knowledge that the company has established policies that ensure compliance with the FCC’s CPNI regulations. The certification also must contain details of any customer complaints during the past year related to the unauthorized release of CPNI and details of any actions taken by the company during the past year against information brokers.