FCC Seeks Guidance on Need for New CPNI Rules
In a Tues. notice of proposed rulemaking, the FCC asked a battery of questions about steps the Commission could take to protect customer proprietary network information (CPNI). The Commission at least broaches the possibility of a number of mandates wireless carriers decry as burdensome. An FCC press release on the NPRM preceded the document itself by a week.
Sign up for a free preview to unlock the rest of this article
Communications Daily is required reading for senior executives at top telecom corporations, law firms, lobbying organizations, associations and government agencies (including the FCC). Join them today!
The FCC wants comment on proposals made last summer in a petition by the Electronic Privacy Information Center. In is press release the FCC indicated it tentatively had decided it should make carriers file annual compliance certificates, plus summaries of consumer complaints received the previous year on unauthorized release of CPNI and actions taken (CD Feb 12 p1).
“There weren’t any real surprises,” a carrier source said. “The FCC stuck pretty close to what EPIC asked for. Now we'll just have to see if the Commission thinks other steps are necessary.”
The Commission asks if it should require carriers to keep records of instances in which customer records are accessed, including whether information was disclosed, and to whom. It notes carriers have argued that data trails are too costly to maintain. The Commission wants to know what steps carriers are already taking, with an eye on whether a requirement would mean significantly more work. “Do most carriers routinely log disclosure of CPNI to subscribers as well as to third parties?,” the FCC said. “We ask commenters to assess the benefits and burdens of this requirement, including on small telecommunications carriers.”
The FCC asks about the advisability of requiring carriers to adopt a customer-set password system, requiring knowledge of passwords for access to data. “Would requiring the use of passwords materially increase the security of CPNI?” the FCC asks. The FCC asks if it should require carriers to encrypt CPNI data, to purge data when no longer required to resolve billing disputes, and to notify customers when their CPNIs’ security may have been breached.
The FCC seeks insight into methods used by data brokers to get cellphone information. “We seek comment generally on how CPNI is maintained and secured by carriers and how data brokers are able to obtain CPNI from carriers,” the Commission said. “Specifically, how is CPNI being made available to unauthorized third parties? Who is able to obtain unauthorized access to CPNI, and for what range of purposes?”