Posted at 9:33 AM ET, Feb. 25, 2009
The FCC has sent a message that it is serious about protecting telecommunications customer propietary network information (CPNI).
The FCC's Enforcement Bureau has proposed $12 million-plus in fines against 600-plus, mostly small telecommunications companies for failing to file their annual customer proprietary network compliance certificate. That is a form that certifies they have a plan for preventing phone call data from unauthorized access and disclosure by data brokers and others, including "an explanation of any actions taken against data brokers and a summary of all customer complaints received in the past year concerning the unauthorized release of CPNI."
Companies have to file annually, and all the cited companies failed to provide the information for 2007, or a sufficient explanation when the FCC asked where the form was, according to the bureau.
THe FCC fined each company $20,000, although it could assess up to a $130,000 fine per company. The FCC toughened its CPNI rules in 2007, and said it took into account that fact that this was the first year for compliance with the form, and the fact that most of the companies were small, in setting the fine amount.
"I have long stressed the importance of protecting the sensitive information that telecommunications carriers collect about their customers," said acting Chairman Michael Copps. "Carriers' obligation to annually certify that they have implemented a CPNI protection plan is essential to ensuring their compliance with the Commission's rules as well as our ability to monitor their compliance. The broad nature of this enforcement action hopefully will ensure substantial compliance with our CPNI rules going forward as the Commission continues to make consumer privacy protection a top priority."