47 C.F.R. S: 64.2009 Safeguards required for use of customer proprietary
network information.
(a) Telecommunications carriers must implement a system by which the
status of a customer's CPNI approval can be clearly established prior to
the use of CPNI.
(b) Telecommunications carriers must train their personnel as to when they
are and are not authorized to use CPNI, and carriers must have an express
disciplinary process in place.
(c) All carriers shall maintain a record, electronically or in some other
manner, of their own and their affiliates' sales and marketing campaigns
that use their customers' CPNI. All carriers shall maintain a record of
all instances where CPNI was disclosed or provided to third parties, or
where third parties were allowed access to CPNI. The record must include a
description of each campaign, the specific CPNI that was used in the
campaign, and what products and services were offered as a part of the
campaign. Carriers shall retain the record for a minimum of one year.
(d) Telecommunications carriers must establish a supervisory review
process regarding carrier compliance with the rules in this subpart for
outbound marketing situations and maintain records of carrier compliance
for a minimum period of one year. Specifically, sales personnel must
obtain supervisory approval of any proposed outbound marketing request for
customer approval.
(e) A telecommunications carrier must have an officer, as an agent of the
carrier, sign and file with the Commission a compliance certificate on an
annual basis. The officer must state in the certification that he or she
has personal knowledge that the company has established operating
procedures that are adequate to ensure compliance with the rules in this
subpart. The carrier must provide a statement accompanying the certificate
explaining how its operating procedures ensure that it is or is not in
compliance with the rules in this subpart. In addition, the carrier must
include an explanation of any actions taken against data brokers and a
summary of all customer complaints received in the past year concerning
the unauthorized release of CPNI. This filing must be made annually with
the Enforcement Bureau on or before March 1 in EB Docket No. 06-36, for
data pertaining to the previous calendar year.
(f) Carriers must provide written notice within five business days to the
Commission of any instance where the opt-out mechanisms do not work
properly, to such a degree that consumers' inability to opt-out is more
than an anomaly.
(1) The notice shall be in the form of a letter, and shall include the
carrier's name, a description of the opt-out mechanism(s) used, the
problem(s) experienced, the remedy proposed and when it will be/was
implemented, whether the relevant state commission(s) has been notified
and whether it has taken any action, a copy of the notice provided to
customers, and contact information.
(2) Such notice must be submitted even if the carrier offers other methods
by which consumers may opt-out.
By this Enforcement Advisory, the FCC's Enforcement Bureau highlights
certain obligations under the CPNI rules. Failure to receive this notice
does not absolve a provider of the obligation to meet the requirements of
the Communications Act of 1934, as amended, or the Commission's rules and
orders. Companies should read the full text of the relevant CPNI rules at
47 C.F.R. S: 64.2001 et seq.
47 U.S.C. S: 503(b)(2)(B); see also 47 C.F.R. S: 1.80(b)(2); Amendment of
Section 1.80(b) of the Commission's Rules, Adjustment of Forfeiture Maxima
to Reflect Inflation, Order, 15 FCC Rcd 18221 (2000).
Section 226 defines an aggregator as "any person that, in the ordinary
course of its operations, makes telephones available to the public or
transient users of its premises, for interstate telephone calls using a
provider of operator services." 47 U.S.C S: 226(a)(2).
Leave a comment