CPNI
CPNI -Customer Proprietary Network Information
If you hold a private carrier license, you are required to file an annual compliance certification showing how your company protects its CPNI. This requirement is for both CMRS and PMRS private carrier licensees. As per FCC Docket 04-36 (Released 04/02/07), this compliance certification is due annually on March 1st beginning in 2008.
CPNI is data collected by telecommunications carriers that includes the numbers you call, when the calls are made and any particular services you may use such as call forwarding or voice mail. This information is collected in order for the telecommunications companies to provide the services you have requested and send you bills for them.
The FCC requires all carriers to take every reasonable precaution to prevent unauthorized disclosure of CPNI. FCC rule section §64.2009 sets forth procedures to safeguard the use of CPNI. These procedures include the following:
- Carriers must implement a system by which the status of a customer’s CPNI approval can be clearly established prior to the use of CPNI.
- Carriers must train their personnel as to when they are and are not authorized to use CPNI, and carriers must have a strict disciplinary process in place.
- All carriers are required to maintain records of their own and their affiliates’ sales and marketing campaigns that use their customers’ CPNI. All instances where CPNI was disclosed or provided to third parties, or where third parties were allowed access to CPNI must be recorded in accordance with the rules set forth in §64.2009(c).
- A supervisory review process regarding carrier compliance for outbound marketing situations must be established as per §64.2009(d). Carriers’ sales personnel must obtain supervisory approval of any proposed outbound marketing request for customer approval.
- A telecommunications carrier must have an officer, as an agent of the carrier, sign a compliance certificate on an annual basis stating that the officer has personal knowledge that the company has established operating procedures that are adequate to ensure compliance with the rules in Subpart U. The carrier must provide a statement accompanying the certificate explaining how its operating procedures ensure that it is or is not in compliance with the rules in this subpart. [Click HERE for a full copy of Subpart U]
- Carriers must provide written notice within five business days to the Commission of any instance where the opt-out mechanisms do not work properly.
[Click HERE for a full copy of §64.2009]
Compliance letters may be filed electronically using the Commissions Electronic Comment Filing System (ECFS) at the FCC or by filing paper copies. There are specific instructions for filing by paper which include having to submit five separate copies of each filing. The CPNI certification must include the following:
- An officer’s statement of personal knowledge that the company’s procedures ensure compliance with the rules.
- A statement accompanying the certificate explaining how the company’s procedures ensure compliance with the rules.
- An explanation of any actions taken against data brokers.
- A summary of all customer complaints concerning unauthorized release of CPNI.
For those of you who fall in the private carrier category, EWA has developed a “CPNI Kit” that contains sample templates which can be used to assist you in drawing up your compliance certification letters. This kit is available to EWA members. If you have any questions regarding the CPNI annual filing, please don’t hesitate to contact EWA/LAO.
