This week, the Federal Communications Commission announced a broad consumer privacy enforcement action against over 600 telecommunications carriers. The Commission issued notices of liability against carriers that failed to certify compliance with regulations governing the protection of Consumer Proprietary Network Information (“CPNI”) and carriers that filed inadequate certifications. The Commission proposed fines of $20,000 against carriers that failed to file the required certification and up to $10,000 against carriers whose certifications were non-compliant.
CPNI is information that carriers collect concerning the quantity, technical configuration, type, destination, location and amount of use of a telecommunications service by a customer. CPNI also includes information of the type contained in telephone bills. FCC regulations require carriers to establish and maintain systems designed to ensure adequate protection of CPNI. The regulations further require carries to certify their compliance annually and provide an accompanying statement explaining how their procedures ensure compliance. Carriers also must provide a summary of customer complaints received in the past year concerning unauthorized releases of CPNI.
The FCC’s acting chairman, Michael J. Copps, stated that consumer privacy protection is a top priority for the Commission. The Commission views the annual certification as essential for ensuring that carriers protect the sensitive information that they collect about customers and the Commission’s ability to monitor compliance. Mr. Copps expressed hope that the scale of this enforcement action will facilitate compliance with CPNI rules going forward.