********************************************************    
                         NOTICE
********************************************************

This document was converted from
WordPerfect to ASCII Text format.

Content from the original version of the document such as
headers, footers, footnotes, endnotes, graphics, and page numbers
will not show up in this text version.

All text attributes such as bold, italic, underlining, etc. from the
original document will not show up in this text version.

Features of the original document layout such as
columns, tables, line and letter spacing, pagination, and margins
will not be preserved in the text version.

If you need the complete document, download the
WordPerfect version or Adobe Acrobat version, if available.

*****************************************************************
                            Before the
                Federal Communications Commission
                      Washington, D.C. 20554

In the Matter of                   )
                              )
Implementation of the              )    CC Docket No. 96-115
Telecommunications Act of 1996:         )
                              )    
Telecommunications Carriers' Use        )    
of Customer Proprietary Network         )
Information and Other              )
Customer Information               )

                              ORDER


     Adopted:  September 23, 1998       Released:  September 24, 1998

By the Commission:


     1.   On February 26, 1998, the Commission released an Order ("CPNI Report and
Order") promulgating regulations to implement the statutory obligations of section 222 of the
Communications Act of 1934, as amended by the Telecommunications Act of 1996, which was
enacted to protect the confidentiality of customer proprietary network information (CPNI).  In
that order, the Commission established January 26, 1999 as the deadline by which all
telecommunications carriers must implement effective electronic safeguards to protect against
unauthorized access to CPNI.  For the reasons discussed below, we extend that deadline. 

I.   BACKGROUND

     2.   In the CPNI Report and Order, the Commission concluded that "all
telecommunications carriers must establish effective safeguards to protect against unauthorized
access to CPNI by their employees or agents, or by unaffiliated third parties."  Specifically, the
Commission required that carriers develop and implement software systems that "flag" customer
service records in connection with CPNI and that carriers maintain an electronic audit mechanism
("audit trail") that tracks access to customer accounts.  The Commission also required that
carriers' employees be trained as to when they can and cannot access customers' CPNI; that
carriers establish a supervisory review process that ensures compliance with CPNI restrictions
when conducting outbound marketing; and that each carrier submit a certification signed by a
current corporate officer attesting that he/she has personal knowledge that the carrier is in
compliance with our requirements on an annual basis.  Because the Commission anticipated that
carriers would need time to conform their data systems and operations to comply with the
software flags and electronic audit mechanisms required by the Order, enforcement of these
safeguards was deferred until eight months from when the rules became effective, specifically
January 26, 1999.

     3.   Following the release of the CPNI Report and Order, several petitioners sought
reconsideration of a variety of issues, including the decision to require carriers to implement the
use of software flags and audit trails.  We are currently reviewing these petitions.  In addition, a
number of carriers, representing virtually the entire industry affected by the CPNI rules, expressed
concern about meeting the January deadline.  GTE has also proposed some alternative methods
of implementing safeguards that GTE claims will accomplish the goals of the Act without unduly
burdening the industry.  

II.  DISCUSSION

     4.   We conclude that it serves the public interest to extend the deadline by which we
will begin to enforce our rules requiring software flags and electronic audit mechanisms so that
we may consider recent proposals to tailor our requirements more narrowly and to reduce
burdens on the industry while serving the purposes of the CPNI rules.  As an initial matter, we
note that all segments of the industry unanimously oppose these requirements as adopted.  We
emphasize that the circumstances presented here are both unique and compelling.  We recognize
that it will take time and effort to implement these requirements, and we believe that
postponement of compliance until the Commission provides additional guidance may promote
more efficient and effective deployment of resources spent on meeting the new CPNI
requirements set forth in the statute and our implementing rules.  By delaying the date of
enforcement until after the Commission acts upon reconsideration petitions, parties will have the
opportunity to comment on GTE's proposed alternatives or make proposals of their own.

     5.   We emphasize that this extension of time is only temporary and that ultimately
carriers will be required to comply with whatever electronic safeguards the Commission deems
appropriate in this proceeding.  We recognize that software flags and electronic audit mechanisms
may be more costly to implement when older systems are involved.  To the extent that new
systems are being deployed during the pendency of the reconsideration petitions, however, we
expect that carriers will install electronic flags and audit trails at the time the system is deployed in
order to avoid the increased cost of having to retrofit systems in the future to come into
compliance.  We also note that this extension applies only to the electronic safeguards
requirement, and that compliance with the rest of the rules elaborated in the CPNI Report and
Order is still required.  In particular, our action in this Order does not relieve carriers of the
underlying obligation to use CPNI in accordance with section 222 and the Commission's
implementing rules.

III. ORDERING CLAUSES

     6.   Accordingly, IT IS ORDERED, pursuant to sections 4(i) and 303(r) of the
Communications Act of 1934, as amended, 47 U.S.C.  154(i), and 303(r), and section 1.429(k)
of the Commission's rules, 47 C.F.R.  1.429(k), that we will not seek enforcement actions
against carriers regarding compliance with the CPNI software flagging and audit trail
requirements as set forth in 47 C.F.R.  64.2009(a) and (c) until six months after the release date
of the Commission's order on reconsideration addressing these issues in CC Docket No. 96-115.

                         FEDERAL COMMUNICATIONS COMMISSION




                         Magalie Roman Salas
                         Secretary