CPNI filing for CMRS licensees.

[kenton]

If you are a commercial wireless communications provider you will have to file your CPNI certification before the March 1st deadline. For a copy of the public notice click http://www.landmobile.com/cpni/cpni.pdf
Its too late to file by mail. Those wanting to complete the filing must do so here http://www.fcc.gov/cgb/ecfs/

If you want a template go here http://www.landmobile.com/cpni/cpniformfill.doc

Word of warning, be very careful about filling the forms out. Some entities were fined upwards of $6000 for not submitting complete and detailed CPNI information.

[kenton]

The definition below defines who is required to file. I have
also attached links to the full FCC announcement.

Telecommunications service is defined in the Act as "the
offering of telecommunications for a fee directly to the
public, or to such classes of users as to be effectively
available directly to the public, regardless of the
facilities used." 47 U.S.C. S: 153(46).

http://www.fcc.gov/eb/Public_Notices/DA-09-240A1.html

http://fjallfoss.fcc.gov/edocs_public/attachmatch/DA-09-240A1.pdf

http://fjallfoss.fcc.gov/edocs_public/attachmatch/DA-09-240A1.doc

[kenton]

On August 30, 2005, EPIC filed a petition with the Commission asking the Commission to investigate telecommunications carriers’ current security practices and to initiate a rulemaking proceeding to consider establishing more stringent security standards for telecommunications carriers to govern the disclosure of CPNI (Customer Proprietary Network Information and Other Customer Information).

In particular, EPIC proposed that the Commission consider requiring the use of consumer-set passwords, creating audit trails, employing encryption, limiting data retention, and improving notice procedures.

On February 14, 2006, the Commission released the EPIC CPNI Notice, in which it sought comment on (a) the nature and scope of the problem identified by EPIC, including pretexting, and (b) what additional steps, if any, the Commission should take to protect further the privacy of CPNI.

Specifically, the Commission sought comment on the five EPIC proposals listed above.  In addition, the Commission tentatively concluded that it should amend its rules to require carriers annually to file their section 64.2009(e) certifications with the Commission.

It also sought comment on whether it should require carriers to obtain a customer’s opt-in consent before the carrier shares CPNI with its joint venture partners and independent contractors; whether to impose rules relating to how carriers verify customers’ identities; whether to adopt a set of security requirements that could be used as the basis for liability if a carrier failed to implement such requirements, or adopt a set of security requirements that a carrier could implement to exempt itself from liability; whether VoIP service providers or other IP-enabled service providers should be covered by any new rules the Commission adopts in the present rulemaking; and other specific proposals that might increase the protection of CPNI.

As a result the rules require carriers to: 

(1) implement a system by which the status of a customer’s CPNI approval can be clearly established prior to the use of CPNI;

(2) train their personnel as to when they are and are not authorized to use CPNI (and establish an express disciplinary process);

(3) maintain a record of instances in which CPNI has been disclosed or provided to third parties, or where third parties have been allowed access to CPNI, and to maintain such records for at least one year;

(4) establish a supervisory review process for “outbound” marketing campaigns under which sales personnel must obtain supervisory approval of proposed “outbound” marketing requests for customer approval;

(5) certify annually regarding its compliance with the Commission’s CPNI requirements and to make this certification publicly available.

[kenton]

This certification requires these exhibits:

1) a statement explaining how your company’s operating procedures ensure compliance with the FCC’s CPNI rules.

2)any statement of actions taken against data brokers

3) a summary of customer complaints regarding unauthorized release of CPNI.

4)A company officer with personal knowledge that the company has established operating procedures adequate to ensure compliance with the rules must also execute the certification, and place a copy of the certification and accompanying exhibits in the company’s CPNI Compliance Records.

What is CPNI?

In the United States, CPNI (Customer Proprietary Network Information) is information that telecommunications services acquire about their subscribers. It includes not only what services they use but their amount and type of usage. CPNI includes such information as optional services subscribed to, current charges, directory assistance charges, usage data, and calling patterns.

The CPNI rules do not prohibit the gathering and publishing of aggregate customer information nor the use of customer information for the purpose of creating directories.

[kenton]

The FCC says that if you have any questions about the CPNI filing you can call 202-418-0940