Customer Proprietary Network Information (“CPNI”) Certifications must be filed with the FCC by March 1, 2011.
Under the FCC’s rules, all providers of telecommunications and interconnected VoIP services must file a CPNI Certification with the FCC which describes, in detail, the policies and procedures a service provider has instituted to safeguard CPNI and any instance of a CPNI-related breach that occurred over the past year.
Before filing the CPNI Certification, all affected service providers should ensure they are in compliance with the FCC’s CPNI rules. This is particularly important because CPNI Certifications must be signed by an Officer of the company under penalty of perjury. Therefore, in anticipation of the March 1st deadline, our firm advises affected clients to review their internal policies and procedures regarding the protection and use of CPNI before executing and filing a CPNI Certification with the FCC (see Compliance Audits and Compliance Documentsbelow for details on how our Firm can assist).
Remember, even telecommunications service providers who lacked access to and/or did not use CPNI during the past year are advised of their duty to file a CPNI Certification with the FCC. If a service provider is registered with the FCC, i.e., possesses either an FCC Filer ID or FCC Registration Number, remittance of a compliant CPNI Certification is highly recommended.
COMPLIANCE AUDITS
If you are uncertain about the FCC’s CPNI Rules or the specific steps your company must take to ensure compliance, our firm is available to assist. The CommLaw Group routinely conducts audits of our clients’ CPNI protection and use procedures. Our standard legal fee schedule for performing a CPNI Compliance Audit is set forth below:
| CPNI Compliance Audit Legal Fee Schedule
First-Time CPNI Compliance Audit: $500 – $1,500 Refresher CPNI Compliance Audit: $250 – $500 Fees are based on good faith estimates; actual cost may vary slightly depending on the size and scope of each particular client’s organization and circumstances revealed during the audit process. |
A CPNI Compliance Audit will not only confirm your company’s compliance during the prior calendar year and identify areas that require further attention prior to the filing of a CPNI Certification, an Audit will also help your company ensure full compliance with the FCC’s CPNI rules in future years, thereby making prospective compliance with the annual CPNI Certification requirement easier, faster, and less costly.
Clients who have not authored a CPNI Certification in past years should contact our firm as soon as possible so we can conduct an audit, prepare and file a compliant CPNI Certification. Clients who submitted a CPNI Certification last year should still conduct an internal review to ensure continued compliance with CPNI rules before authorizing the filing of a CPNI Certification, which must be filed under oath and penalty of perjury.
Company Policies & Procedures Manual
In addition to or in lieu of a compliance audit, our firm can provide your company with documents which will help implement, comply with, and enforce FCC-compliant CPNI policies and procedures throughout your organization.
| Develop Your Own CPNI Policies & Procedures Manual
Company-specific CPNI Policies & Procedures Manual : $1,000-$2,500 CPNI Policies & Procedures Template: $300 Fees are based on good faith estimates; actual cost may vary slightly depending on the size and scope of each particular client’s organization and circumstances revealed during the audit process. |
CLIENT ACTION ITEMS:
C&R Services Subscribers: Clients currently subscribed to Compliance & Reporting Service (“C&R Service”) will be contacted shortly to prepare for the upcoming CPNI Certification deadline. C&R Service clients who have questions about CPNI compliance, or would like to schedule an audit, should contact Chris Canter directly at cac@commlawgroup.com or by telephone: 703-714-1308.
Non-Subscribers: Clients not currently subscribed to C&R Services, but who require assistance with the preparation and filing of the CPNI Certification, may contact either Jonathan Marashlian at jsm@commlawgroup.com or Chris Canter at cac@commlawgroup.com to schedule an audit and make appropriate arrangements to ensure timely filing.
ADDITIONAL BACKGROUND INFORMATION:
Definition of CPNI
Under federal law, CPNI is certain customer information obtained by a telecommunications provider during the course of providing telecommunications services (including interconnected VoIP) to a customer. This includes information relating to the quantity, technical configuration, type, destination, location, and amount of use of a telecommunications service subscribed to by any customer of a telecommunications carrier.
Examples of CPNI include information typically available from call detail records (“CDRs”), such as the types of services purchased by a customer, numbers called, duration of calls, directory assistance charges, and calling patterns. CPNI does not include names, addresses, and telephone numbers, because that information is considered subscriber list information under applicable law.
CPNI Protection Procedures
Under the FCC’s rules governing CPNI, all providers of telecommunications services and interconnected VoIP service providers are required to file a CPNI Certification with the FCC annually. The CPNI Certification must outline all the steps a service provider took during the previous year to prevent unauthorized access to CPNI. Specific CPNI protection procedures include, but are not limited to:
- Enacting strict controls regulating the use of and access to CPNI
- Notifying customers about access to CPNI
- Training employees about safeguarding CPNI
- Protecting CPNI used in sales and marketing campaigns
- Notifying the FCC and law enforcement agencies of unauthorized CPNI access
- Establishing “opt-in/ opt-out” procedures for the use of CPNI by third parties
Affected service providers must also inform the FCC about any instance of unauthorized access to CPNI and formal procedures taken to prosecute “pretexters,” or third parties who attempt to illegally gain access to customer information.
The CPNI Certification must be signed by a corporate officer, attesting that the officer has personal knowledge that the company has established adequate operating procedures to ensure CPNI compliance.
Enforcement Penalties
The FCC’s CPNI regulations must be taken seriously. Over the past several years, the FCC issued several forfeitures in excess of $100,000 against carriers for allegedly failing to comply with existing CPNI requirements. In recent years, over 660 service providers were fined $20,000 each, and several dozen more were fined between $2,000 and $6,000 for a variety of minor deficiencies.
Our firm expects that the FCC will continue to monitor CPNI compliance just as stringently in the upcoming year. For this reason, all companies providing telecommunications and interconnected VoIP services should file a fully-compliant CPNI Certification in a timely manner.
[1]Fees based on good faith estimates; actual cost may vary slightly depending on the size and scope of each particular client’s organization and circumstances revealed during the audit process.
