Click here for Adobe Acrobat version

******************************************************** 
                      NOTICE
********************************************************

This document was converted from Microsoft Word.

Content from the original version of the document such as
headers, footers, footnotes, endnotes, graphics, and page numbers
will not show up in this text version.

All text attributes such as bold, italic, underlining, etc. from the
original document will not show up in this text version.

Features of the original document layout such as
columns, tables, line and letter spacing, pagination, and margins
will not be preserved in the text version.

If you need the complete document, download the
Microsoft Word or Adobe Acrobat version.

*****************************************************************



                           Before the
                Federal Communications Commission
                     Washington, D.C. 20554




In the Matter of                 )
                                )
Alltel Corporation               )
                                )    File No. EB-06-TC-058
                                )
Apparent Liability for           )    NAL/Acct. No. 200632170002
Forfeiture                       )    FRN: 0012757787
                                )
                                )


           NOTICE OF APPARENT LIABILITY FOR FORFEITURE

Adopted: January 30, 2006               Released: January 30, 
2006

By the Chief, Enforcement Bureau:

I.   INTRODUCTION

     1.In this Notice of Apparent Liability for Forfeiture 
(``NAL''), we find that Alltel Corporation (``Alltel'') 
apparently violated section 64.2009(e) of the Commission's rules1 
by failing to have a corporate officer with personal knowledge 
execute an annual certificate stating that the company has 
established operating procedures adequate to ensure compliance 
with the Commission's rules governing protection and use of 
Customer Proprietary Network Information (``CPNI'').  Protection 
of CPNI is a fundamental obligation of all telecommunications 
carriers as provided by section 222 of the Communications Act of 
1934, as amended (``Communications Act'' or ``Act'').  Based upon 
our review of the facts and circumstances surrounding this 
apparent violation, and in particular the serious consequences 
that may flow from inadequate concern for and protection of CPNI, 
we propose a monetary forfeiture of $100,000 against Alltel for 
its apparent failure to comply with section 64.2009(e) of the 
Commission's rules.  

II.       BACKGROUND

     2.The Enforcement Bureau (``Bureau'') has been 
investigating the adequacy of procedures implemented by 
telecommunications carriers to ensure confidentiality of their 
subscribers' CPNI, based on concerns regarding the apparent 
availability to third parties of sensitive, personal subscriber 
information.  For example, some companies, known as ``data 
brokers,'' have advertised the availability of records of 
wireless subscribers' incoming and outgoing telephone calls for a 
fee.2  Data brokers have also advertised the availability of 
certain landline toll calls.3  

     3.As part of our inquiry into these issues, the Bureau 
directed several carriers, including Alltel, to submit their most 
recent certification prepared in compliance with section 
64.2009(e) of the Commission's rules.  On January 27, 2006, 
Alltel submitted a document in response to the Bureau's 
directive.  The document submitted by Alltel does not satisfy the 
requirements set forth in the rule.  Accordingly, we issue this 
proposed forfeiture.  

III.       DISCUSSION

     4.   Section 222 imposes the general duty on all 
telecommunications carriers to protect the confidentiality of 
their subscribers' proprietary information.4  The Commission has 
issued rules implementing section 222 of the Act.5  The 
Commission required carriers to establish and maintain a system 
designed to ensure that carriers adequately protected their 
subscribers' CPNI.  Section 64.2009(e) is one such requirement.  
Pursuant to section 64.2009(e):

          A telecommunications carrier must have an officer, 
          as an agent of the carrier, sign a compliance 
          certificate on an annual basis stating that the 
          officer has personal knowledge that the company 
          has established operating procedures that are 
          adequate to ensure compliance with the rules in 
          this subpart.  The carrier must provide a 
          statement accompanying the certificate explaining 
          how its operating procedures ensure that it is or 
          is not in compliance with the rules in this 
          subpart.6

     5.   On January 25, 2006, the Bureau directed Alltel, among 
other companies, to produce the most recent compliance 
certificate that it had prepared in compliance with section 
64.2009(e) of the Commission's rules.7  On January 27, 2006, 
Alltel provided a two-page document that in-house counsel for 
Alltel executed on January 27, 2006.  The document describes 
generally how Alltel uses CPNI.  The document, however, does not 
contain a statement by an officer ``that the officer has personal 
knowledge that [Alltel] has established operating procedures that 
are adequate to ensure compliance with the [CPNI] rules. . . .''  
Accordingly, Alltel's submission, on its face, does not comply 
with section 64.2009(e) of the Commission's rules.  Further, 
Alltel has not provided any additional information in response to 
our request demonstrating that it has otherwise complied with 
section 64.2009(e) of the Commission's rules by preparing and 
maintaining a compliant certificate.

     6.   We conclude that Alltel has apparently failed to comply 
with the requirement that it have an officer certify on an annual 
basis that the officer has personal knowledge that Alltel has 
established operating procedures adequate to ensure compliance 
with the Commission's CPNI rules.  For this apparent violation, 
we propose a forfeiture.

IV.  FORFEITURE AMOUNT

     7.   Section 503(b) of the Communications Act authorizes the 
Commission to assess a forfeiture of up to $130,000 for each 
violation of the Act or of any rule, regulation, or order issued 
by the Commission under the Act.8  The Commission may assess this 
penalty if it determines that the carrier's noncompliance is 
``willful or repeated.''9  For a violation to be willful, it need 
not be intentional.10  In exercising our forfeiture authority, we 
are required to take into account ``the nature, circumstances, 
extent, and gravity of the violation and, with respect to the 
violator, the degree of culpability, any history of prior 
offenses, ability to pay, and such other matters as justice may 
require.''11  In addition, the Commission has established 
guidelines for forfeiture amounts and, where there is no specific 
base amount for a violation, retained discretion to set an amount 
on a case-by-case basis.12

     8.   The Commission's forfeiture guidelines do not address 
the specific violation at issue in this proceeding.  In 
determining the proper forfeiture amount in this case, however, 
we are guided by the principle that there may be no more 
important obligation on a carrier's part than protection of its 
subscribers' proprietary information.  Consumers are increasingly 
concerned about the security of their sensitive, personal data 
that they must entrust to their various service providers, 
whether they are financial institutions or telephone companies.  
Given the increasing concern about the security of this data, and 
evidence that the data appears to be widely available to third 
parties, we must take aggressive, substantial steps to ensure 
that carriers implement necessary and adequate measures to 
protect their subscribers' CPNI, as required by the Commission's 
existing CPNI rules.  In this case, Alltel has apparently not 
taken its obligations seriously, as evidenced by the apparent 
absence of the required compliance certification.  Based on all 
the facts and circumstances present in this case, we believe a 
proposed forfeiture of $100,000 is warranted.13

     9.   Alltel will have the opportunity to submit further 
evidence and arguments in response to this NAL to show that no 
forfeiture should be imposed or that some lesser amount should be 
assessed.14   

V.   CONCLUSION AND ORDERING CLAUSES

     10.  We have determined that Alltel has apparently violated 
Section 64.2009(e) of the Commission's rules by failing to 
prepare and maintain a certification in compliance with the rule. 
We find Alltel apparently liable for $100,000.

     11.  ACCORDINGLY, IT IS ORDERED THAT, pursuant to Section 
503(b) of the Communications Act of 1934, as amended,15 Section 
1.80(f)(4) of the Commission's rules,16 and authority delegated 
by Sections 0.111 and 0.311 of the Commission's rules,17 Alltel 
IS LIABLE FOR A MONETARY FORFEITURE in the amount of one hundred 
thousand dollars ($100,000) for willfully or repeatedly violating 
Section 64.2009 of the Commission's rules, by failing to prepare 
and maintain a certificate that complies with 64.2009(e).

     12.  IT IS FURTHER ORDERED THAT, pursuant to section 1.80 of 
the Commission's Rules, within thirty days of the release date of 
this NOTICE OF APPARENT LIABILITY, Alltel SHALL PAY the full 
amount of the proposed forfeiture or SHALL FILE a written 
statement seeking reduction or cancellation of the proposed 
forfeiture.

     13.  Payment of the forfeiture must be made by check or 
similar instrument, payable to the order of the Federal 
Communications Commission.  The payment must include the 
NAL/Acct. No. and FRN No. referenced above.  Payment by check or 
money order may be mailed to Federal Communications Commission, 
P.O. Box 358340, Pittsburgh, PA 15251-8340.  Payment by overnight 
mail may be sent to Mellon Bank/LB 358340, 500 Ross Street, Room 
1540670, Pittsburgh, PA 15251.  Payment by wire transfer may be 
made to ABA Number 043000261, receiving bank Mellon Bank, and 
account number 911-6106.  Requests for payment of the full amount 
of this NAL under an installment plan should be sent to Chief, 
Credit and Management Center, 445 12th Street, S.W., Washington, 
D.C.  20554.
     14.  IT IS FURTHER ORDERED that a copy of this Order shall 
be sent by Certified Mail, Return Receipt Requested to Alltel 
Corporation.




                    FEDERAL COMMUNICATIONS COMMISSION



                    Kris A. Monteith
                                                                 
Chief, Enforcement Bureau



_________________________

1 See 47 C.F.R. §64.2009(e).
2 See, e.g. http://www.epic.org/privacy/iei/.
3 See id.
4 Section 222 of the Communications Act, 47 U.S.C § 222, provides 
that:  ``Every telecommunications carrier has a duty to protect 
the confidentiality of proprietary information of, and relating 
to, other telecommunications carriers, equipment manufacturers, 
and customers, including telecommunication carriers reselling 
telecommunications services provided by a telecommunications 
carrier.'' 
5 In the Matter of Implementation of the Telecommunications Act 
of 1996: Telecommunications Carriers' Use of Customer Proprietary 
Network Information and Other Customer Information and 
Implementation of the Non-Accounting Safeguards of Sections 271 
and 272 of the Communications Act of 1934, as amended, CC Docket 
Nos. 96-115 and 96-149, FCC 98-27, Order and Further Notice of 
Proposed Rulemaking, 13 FCC Rcd 8061 (1998) (``CPNI Order'').  
See also, In the Matter of Implementation of The 
Telecommunications Act Of 1996 Telecommunications Carriers' Use 
Of Customer Proprietary Network Information And Other Customer 
Information; CC Docket No. 96-115, Implementation Of The Non-
Accounting Safeguards Of Sections 271 And 272 Of The 
Communications Act Of 1934, As Amended CC Docket No. 96-149, FCC 
99-223, Order on Reconsideration and Petitions for Forbearance 14 
FCC Rcd 14409 (1999), Released September 3, 1999; see also In The 
Matter Of Implementation Of The Telecommunications Act Of 
1996:Telecommunications Carriers' Use Of Customer Proprietary 
Network Information And Other Customer Information; CC Docket No. 
96-115 Implementation Of The Non-Accounting Safeguards Of 
Sections 271 And 272 Of The Communications Act Of 1934, As 
Amended CC Docket No. 96-149, 2000 Biennial Regulatory Review -- 
Review Of Policies And Rules Concerning Unauthorized Changes Of 
Consumers' Long Distance Carriers CC Docket No. 00-257 FCC 02-214 
Third Report and Order and Third Further Notice of Proposed 
Rulemaking, 17 FCC Rcd 14860 (2002).
6 47 C.F.R. § 64.2009(e).
7 47 C.F.R. §64.2009.
8 Section 503(b)(2)(B) provides for forfeitures against common 
carriers of up to $130,000 for each violation or each day of a 
continuing violation up to a maximum of $1,325,000 for each 
continuing violation.  47 U.S.C. § 503(b)(2)(B).  See Amendment 
of Section 1.80 of the Commission's Rules and Adjustment of 
Forfeiture Maxima to Reflect Inflation, 15 FCC Rcd 18221 (2000); 
Amendment of Section 1.80 of the Commission's Rules and 
Adjustment of Forfeiture Maxima to Reflect Inflation, 19 FCC Rcd 
10945 (2004) (increasing maximum forfeiture amounts to account 
for inflation).
9 47 U.S.C. § 503(b)(1)(B). See 47 U.S.C. § 503(b)(4)(A). The 
Commission has authority under this section of the Act to assess 
a forfeiture penalty against a common carrier if the Commission 
determines that the carrier has ``willfully or repeatedly'' 
failed to comply with the provisions of the Act or with any rule, 
regulation, or order issued by the Commission under the Act.  The 
section provides that the Commission must assess such penalties 
through the use of a written notice of apparent liability or 
notice of opportunity for hearing.  Here, as described above, 
Alltel's actions were willful as it apparently failed to prepare 
the required compliance certification. 
10 Southern California Broadcasting Co., 6 FCC Rcd 4387 (1991).
11    See 47 U.S.C. § 503(b)(2)(D); see also The Commission's 
Forfeiture Policy Statement and Amendment of Section 1.80 of the 
Commission's Rules, 12 FCC Rcd 17087 (1997) (``Forfeiture Policy 
Statement''); recon. denied, 15 FCC Rcd 303 (1999).

12 Forfeiture Policy Statement, 12 FCC Rcd 17098-99, ¶ 22.
13 47 U.S.C. § 503(b)(4)(A).
14   47 U.S.C. § 503(b)(4)(C); 47 C.F.R. § 1.80(f)(3).

15 47 U.S.C. § 503(b).
16 47 U.S.C. § 1.80(f)(4).
17 47 C.F.R. §§ 0.111, 0.311.