|
Warning: Immediate Action Required by All
Providers of Telephone or VoIP Services to Comply with New FCC
CPNI Rules
FCC Issuing $100,000+ Fines to
Violators
By James
M. Smith and Paul
B. Hudson
[November 2007]
As we have advised previously,
on or about Dec. 8, 2007,1
every company that provides telephone-type
services—including interconnected VoIP service providers,
as well as cable television operators that offer a telephony
product and traditional telecommunications carriers (wireline
CLECs, IXCs, and ILECs, and wireless carriers)—will become
subject to new, expanded FCC regulations designed to protect
the privacy of customer telephone records (customer proprietary
network information or CPNI).2
This is to remind our clients that the compliance deadline is
fast approaching. Specifically, every such provider
must, among other things:
- have written CPNI compliance policies, employee training
programs and other operating and disciplinary procedures in
place to implement the new rules by this effective date;
- institute customer authentication and password protections,
according to new and highly detailed FCC specifications, prior
to giving customers access to various types of account information
and other subscriber records, either during customer-initiated
calls or through online access;
- adhere to new requirements for notifying customers of changes
in account information;
- comply with detailed customer approval requirements prior
to many types of uses or disclosures of CPNI, including a
new requirement of express “opt-in” customer consent
before sharing CPNI with independent contractors or joint
venture partners;
- starting Feb. 29, 2008 and annually thereafter, file with
the FCC a certificate by an officer of the company attesting
to his/her personal knowledge of the company's implementation
of adequate CPNI compliance procedures, along with a summary
of those compliance procedures and descriptions of any customer
CPNI complaints and actions taken against “data brokers;"
- institute new procedures to promptly notify specific contacts
at law enforcement agencies of “breaches” of customer
CPNI, and thereafter (but only after a specified waiting period)
notify affected customers of such breaches; and
- comply with new and specific record-keeping obligations.
Failure to comply with any of these expanded requirements
will expose service providers to significant monetary penalties.
In the past several months, the FCC has proposed forfeitures
of a minimum of $100,000 even for minor CPNI violations by small
companies, such as a failure to execute an annual officer certification.
We have been advised by the FCC’s Enforcement Bureau that
the Commission will aggressively seek to identify and penalize
companies that do not comply with the revised rules and make
the required filings.
The very specific details of the new FCC rules will require
at least some operational policy changes for most providers.
For example, the new requirement that online access to CPNI
be password-protected may at first appear to be a simple rule,
but many companies will have to make changes to their processes
for the initial establishment of customer passwords, which must
rely on an authentication process such as a PIN that is not
based on biographical or account information.
While these new and stringent requirements apply to all providers
of telephone-type services, interconnected VoIP providers will
become subject to both the pre-existing CPNI rules and these
new requirements for the first time as of the December effective
date.
We are working closely with numerous providers to implement
solutions to assure complete compliance with the new FCC requirements,
including the drafting of compliance plans and preparation of
employee training materials. Whether you are newly subject to
CPNI obligations or have operated for years under earlier versions
of the rules, we strongly recommend that you have your new CPNI
compliance plans prepared or reviewed by counsel experienced
in CPNI compliance. We would be happy to assist you or answer
any questions you may have. For further information, please
contact one of the below DWT attorneys or your primary DWT relationship
attorney.
Footnotes
1
The rule changes will take effect on the later
of Dec. 8, 2007 or upon OMB approval. As a practical matter,
providers should plan to be in compliance by Dec. 8, as OMB
approval could come at any time prior to that date.
2
CPNI is defined as “(A) information that
relates to the quantity, technical configuration, type, destination,
location, and amount of use of a telecommunications service
subscribed to by any customer. . .; and (B) information contained
in the bills pertaining to telephone exchange service or telephone
toll service received by a customer . . . .” It includes
the time, date, duration and destination number of each telephone
call, the list of optional call-related features to which a
customer subscribes, and any other information that appears
on the consumer’s telephone bill except name, address
and telephone number.
For more information, please contact:
This advisory is a publication of Davis Wright Tremaine LLP.
Our purpose in publishing this advisory is to inform our clients
and friends of recent legal developments. It is not intended,
nor should it be used, as a substitute for specific legal advice
as legal counsel may be given only in response to inquiries
regarding particular situations.
Copyright
© 2007, Davis Wright Tremaine LLP.
return
to bulletins main page |
