The FCC’s Enforcement Bureau reminds telecommunications carriers and interconnected Voice over Internet Protocol (VoIP) providers of their obligation to file their annual certification documenting compliance with the Customer Proprietary Network Information (CPNI) rules by March 1, 2021. The protection of CPNI is of paramount importance, as it includes sensitive personal information that carriers collect about their customers during the course of their business relationship (e.g., telephone numbers of calls made and received; the frequency, duration, location, and timing of such calls; and any services purchased by the consumer, such as call waiting and voicemail). The Commission’s rules seek to ensure that CPNI is adequately protected from unauthorized access, use, or disclosure. (story continues below)
Failure to file a timely and complete certification calls into question whether a company has complied with the rules requiring it to protect the privacy and security of its customers’ sensitive information. Telecommunications carriers and interconnected VoIP providers can satisfy their certification filing obligation in several ways, as described in Attachment 1.
Because the CPNI rules provide important consumer protections, the Commission has taken enforcement action against telecommunications carriers and interconnected VoIP providers that failed to comply with the requirements, and we intend to continue to enforce the rules. Companies are reminded that failure to comply with the CPNI rules, including the annual certification requirement, may subject them to enforcement action, including monetary forfeitures of up to $207,314 for each violation or each day of a continuing violation, up to a maximum of $2,073,133.