UPDATE (2018): The CPNI certification is back in 2018. Please refer to this article.
In a public notice released last week, the Federal Communications Commission confirmed that it will no longer require filing of the annual CPNI certification traditionally filed in March by telecommunications carriers and interconnected VoIP providers.
The FCC ordered the elimination of the CPNI certification as part of its recent release of new privacy rules for telecommunications carriers, interconnected VoIP providers, and broadband ISPs. The new rules require companies to provide notice to customers of their data collection activities, obtain consent prior to using or sharing data, implement reasonable data security measures, and report data breaches.
During 2017, the FCC has ordered a staggered transition to the new privacy rules. While the CPNI certification requirement is eliminated on January 3, 2017, many of the rules will not yet be implemented until as late as December 2017. Clients are reminded that during this transition, existing CPNI rules remain in effect.
Here is the full implementation timeline:
CPNI certification requirement eliminated – January 3, 2017
Take It or Leave It Offers Prohibited – January 3, 2017
Implement Reasonable Data Security – March 2, 2017
Follow Data Breach Notification Procedures – June 2, 2017*
Provide Notice to Customers – December 4, 2017*
Obtain Customer Consent – December 4, 2017*
Financial Incentive Rules – December 4, 2017*
Elements of the privacy order not otherwise mentioned come into effect on January 3, 2017.
*Implementation may take more time for the Paperwork Reduction Act review process.
Finally, we issue this compliance alert with a caveat: the incoming Trump administration has announced it intends to review and eliminate “unnecessary” regulations. It may be possible for existing CPNI rules to return, along with the annual certification reporting obligation. We urge clients to maintain the records necessary for completion of the annual CPNI certification, and to keep abreast of privacy developments and FCC guidance during the period of transition from CPNI rules to the new privacy rules.
To assist our clients with implementing the new privacy rules, our firm has prepared a step-by-step guide: the “Comprehensive Guide to Compliance with FCC and FTC Privacy Regulations: For Service Providers and Vendors in the Internet, Data and Communications Solutions Ecosystem.” If you are interested in purchasing the Guide, or if you have any questions about the new FCC privacy rules, please contact Linda McReynolds, CIPP/US, at firstname.lastname@example.org, or 703-714-1318, or Alexander Schneider, at email@example.com, or 703-714-1328.