Practice Groups Corporate/Securities Regulatory/Administrative Privacy, Internet& e-Commerce LitigationAntitrustIndustries Served Communications We have unparalleled depth and breadth in Cable Television, Telecommunications, Broadcasting and Internet, Privacy, and e-Commerce. EnergyRegulatory, Corporate and Securities expertise in the Electric, Natural Gas and Transportation industries. OtherWe also represent startup, established and international entities in a varied range of industries. Contact Us |
Breaking News
Enforcement Bureau Demands Customer Proprietary Network Information Compliance Certificates From All Telecommunications Carriers
February 1, 2006
Certifications Required By: Monday, February 6, 2006
Highlighting the availability of sensitive personal data such as wireless incoming and outgoing telephone call information for sale by data brokers, the FCC simultaneously: (1) released separate Notices of Apparent Liability for Forfeiture for $100,000 against AT&T Inc. and Alltel Corporation for failure to comply with the Customer Proprietary Network Information ("CPNI") compliance certification requirements; 1 and (2) reminded all telecommunications carriers to submit, on or before Monday, February 6, 2006, their CPNI compliance certificates as required by the Commission's rules.2
These actions underscore the Commission's stance "that there may be no more important obligation on a carrier's part than protection of its subscribers' proprietary information."3 The Commission's actions have implications for providers of traditional telecommunications services as well as providers of broadband voice service.
Section 222 of the Communications Act requires telecommunications carriers to maintain the confidentiality of CPNI obtained in their provision of telecommunications service, and provides for use and disclosure of such information only in limited circumstances.4 Carriers must certify their compliance with section 222 of the Act in accordance with the requirements set forth in section 64.2009(e) of the Commission's rules. Rule 64.2009(e) provides that "[a] telecommunications carrier must have an officer, as an agent of the carrier, sign a compliance certificate on an annual basis stating that the officer has personal knowledge that the company has established operating procedures that are adequate to ensure compliance with the rules..."5 In addition, the carrier must provide "a statement accompanying the certificate explaining how its operating procedures ensure that it is or is not in compliance with the rules ..."6
Cable operators providing "telecommunications services" subject to regulation under section 222 of the Act must certify compliance with the CPNI rules and verify that they have adequate security procedures in place to prevent improper disclosure of proprietary subscriber data. Although the CPNI rules do not currently apply to certain voice communications services that have been classified as information services by the FCC, the Commission currently is considering whether to extend CPNI-like privacy requirements to all broadband Internet service providers, which would include suppliers of VoIP service.7 Nevertheless, cable operators offering broadband voice services that have voluntarily adopted CPNI-type protections may want to ensure they have adequate security procedures in place to comply with those protections. Furthermore, to the extent that voice services are provided by a cable operator over a cable system, the more stringent subscriber privacy provisions of the Cable Act may continue to apply.
We would be pleased to respond to any questions relating to these matters.
1 See AT&T Inc., Notice of Apparent Liability for Forfeiture, DA 06-221 (rel. Jan. 30. 2006) ("AT&T NAL"); Alltel Corporation, Notice of Apparent Liability for Forfeiture, DA 06-220 (rel, Jan. 30, 2006) ("Alltel NAL").
2 See Enforcement Bureau Directs All Telecommunications Carriers to Submit CPNI Compliance Certifications, Public Notice, DA 06-223 (rel, Jan. 30,2006).
3 AT&T NAL at ~ 8; Alltel NAL at ~ 8.
7 See Appropriate Framework/or Broadband Access to the Internet over Wireline Facilities, Report and Order and Notice of Proposed Rulemaking, 20 FCC Rcd 14853, ~ 149 (2005).