Click here for Adobe Acrobat version
Click here for Microsoft Word version
********************************************************
NOTICE
********************************************************
This document was converted from Microsoft Word.
Content from the original version of the document such as
headers, footers, footnotes, endnotes, graphics, and page numbers
will not show up in this text version.
All text attributes such as bold, italic, underlining, etc. from the
original document will not show up in this text version.
Features of the original document layout such as
columns, tables, line and letter spacing, pagination, and margins
will not be preserved in the text version.
If you need the complete document, download the
Microsoft Word or Adobe Acrobat version.
*****************************************************************
Before the
Federal Communications Commission
Washington, D.C. 20554
)
)
)
In the Matter of ) File No. EB-09-TC-163
T2 Communications, LLC ) NAL/Acct. No. 200932170122
Apparent Liability for Forfeiture ) FRN: 0009725748
)
)
)
NOTICE OF APPARENT LIABILITY FOR FORFEITURE
Adopted: February 24, 2009 Released: February 24, 2009
By the Chief, Enforcement Bureau:
I. INTRODUCTION
1. In this Notice of Apparent Liability for Forfeiture ("NAL"), we find
that T2 Communications, LLC ("T2 Communications" or "Company") apparently
willfully or repeatedly violated section 222 of the Communications Act of
1934, as amended (the "Act"), section 64.2009(e) of the Commission's rules
and the Commission's EPIC CPNI Order. Protection of CPNI is a fundamental
obligation of all telecommunications carriers as provided by section 222
of the Act. Based upon our review of the facts and circumstances
surrounding this apparent violation, we find that T2 Communications is
apparently liable for a monetary forfeiture in the amount of one thousand
dollars ($1,000). T2 Communications will have the opportunity to submit
further evidence and arguments in response to this NAL to show that no
forfeiture should be imposed or that some lesser amount should be
assessed.
II. BACKGROUND
2. Section 222 imposes the general duty on all telecommunications carriers
to protect the confidentiality of their subscribers' proprietary
information. The Commission has issued rules implementing section 222 of
the Act. The Commission required carriers to establish and maintain a
system designed to ensure that carriers adequately protected their
subscribers' CPNI. Section 64.2009(e) is one such requirement.
3. In 2006, some companies, known as "data brokers," advertised the
availability of records of wireless subscribers' incoming and outgoing
telephone calls for a fee. Data brokers also advertised the availability
of records of certain landline toll calls. On April 2, 2007, the
Commission strengthened its privacy rules with the release of the EPIC
CPNI Order, which adopts additional safeguards to protect CPNI against
unauthorized access and disclosure. The EPIC CPNI Order was directly
responsive to the actions of databrokers, or pretexters, to obtain
unauthorized access to CPNI. The EPIC CPNI Order and amended rule 47
C.F.R. S: 64.2009(e) require that all companies subject to the CPNI rules
file annually, on or before March 1, a certification with the Commission
that certifies to the company's compliance with the Commission's CPNI
rules and provides an accompanying statement explaining how the company's
procedures ensure that the company is or is not in compliance with the
CPNI rules. Additionally, companies must now provide "an explanation of
any actions taken against data brokers and a summary of all customer
complaints received in the past year concerning the unauthorized release
of CPNI."
III. DISCUSSION
4. On February 6, 2008, T2 Communications filed its annual CPNI compliance
certificate with the Commission. The Bureau has determined that the CPNI
compliance certificate filed by T2 Communications does not meet the
requirements of section 64.2009(e) of the Commission's rules. The
Commission's rules require that telecommunications carriers file their
annual compliance certification with the Bureau on or before March 1.
Thus, on March 1, T2 Communications had a non-compliant CPNI certification
on file with the Commission. In particular, T2 Communications has failed
to submit an annual CPNI compliance certificate that provides an
explanation of any actions taken against data brokers. Accordingly, T2
Communications' submission, on its face, does not comply with section
64.2009(e) of the Commission's rules. We conclude that T2 Communications
is in apparent violation of section 222 of the Act, section 64.2009(e) of
the Commission's rules and the Commission's EPIC CPNI Order. For this
apparent violation, we propose a forfeiture.
IV. FORFEITURE AMOUNT
5. Section 503(b) of the Communications Act authorizes the Commission to
assess a forfeiture of up to $130,000 for each violation of the Act or of
any rule, regulation, or order issued by the Commission under the Act. The
Commission may assess this penalty if it determines that the carrier's
noncompliance is "willful or repeated." For a violation to be willful, it
need not be intentional. In exercising our forfeiture authority, we are
required to take into account "the nature, circumstances, extent, and
gravity of the violation and, with respect to the violator, the degree of
culpability, any history of prior offenses, ability to pay, and such other
matters as justice may require." In addition, the Commission has
established guidelines for forfeiture amounts and, where there is no
specific base amount for a violation, retained discretion to set an amount
on a case-by-case basis.
6. The Commission's forfeiture guidelines do not address the specific
violation at issue in this proceeding. In determining the proper
forfeiture amount in this case, however, we are guided by the principle
that protection of subscribers' proprietary information is an important
carrier obligation. Consumers are understandably concerned about the
security of their sensitive, personal data that they must entrust to their
various service providers, whether they are financial institutions or
telephone companies. Given consumers' continued concern about the security
of this data, and evidence that the data appears to be available to third
parties, we must take serious steps to ensure that carriers implement
necessary and adequate measures to protect their subscribers' CPNI, as
required by the Commission's existing CPNI rules.
7. In prior actions in 2006, the Commission issued Notices of Apparent
Liability for Forfeiture proposing forfeitures in the amount of $100,000
against carriers for violations of the Commission's CPNI rules. Under the
rules operative at that time, carriers were not required to file the
annual certification with the Commission but instead were required to make
the certificate available to the Commission upon request. The Commission's
investigations demonstrated that some companies appeared to pay little
heed to rules which placed a duty upon them to maintain certifications and
make the representations therein that processes were in place to protect
CPNI without the further scrutiny of the Commission. Accordingly, a
substantial forfeiture was proposed.
8. As explained above, the Commission strengthened the CPNI rules in 2007,
in part, as a response to earlier investigations, and imposed, among other
things, the requirement that carriers submit the annual certifications to
the Commission rather than rely solely on non-filed carrier certifications
and representations of compliance with the rules, without further
scrutiny. We have conducted an extensive review of the certifications
filed with the Commission to satisfy the March 1, 2008, filing deadline,
as well as examined failures to satisfy the filing requirement all
together. Informed by this analysis and our earlier investigations, we
revise our forfeiture approach and adopt a maximum proposed forfeiture of
$10,000 for the submission of an annual CPNI certification that fails to
meet the requirements of section 64.2009(e). This revised proposed
forfeiture is based on a number of factors. Specifically, we have
considered compliance overall based on our review of the annual
submissions; the expanded scope of the new rule to require additional
types of information to be produced; and, the amount of forfeiture
necessary to have the intended deterrent effect. With respect to this
latter factor, we note that the vast majority of the companies affected
are smaller companies. Given this fact, and that this is the first year of
the filing requirement, we believe that the goal of deterring future
non-compliance with respect to the required elements of section 64.2009(e)
will be met by issuing proposed forfeitures consistent with the maximum
amount proposed herein. We take noncompliance with our CPNI rules very
seriously. To the extent that we determine that the forfeiture approach
adopted herein does not have the intended deterrent effect, future
noncompliance will face more severe penalties.
9. In determining the appropriate proposed forfeiture, we are cognizant
that certain violations are more technical in nature and do not greatly
inhibit the Commission's ability to judge the effectiveness of a company's
CPNI policies while others are more substantive in nature and limit the
usefulness of the certification in determining overall compliance with the
rules. In this case, T2 Communications has apparently failed to submit an
annual CPNI compliance certificate that provides an explanation of any
actions taken against data brokers. Based on the nature of this
noncompliance and all the facts and circumstances present in this case, we
believe the proposed forfeiture of one thousand dollars ($1,000) is
warranted.
10. T2 Communications will have the opportunity to submit further evidence
and arguments in response to this NAL to show that no forfeiture should be
imposed or that some lesser amount should be assessed. For example, T2
Communications may present evidence that it has compelling, financial
arguments to reduce the proposed forfeiture or that it has maintained a
history of overall compliance. The Commission will fully consider any such
arguments made by T2 Communications in its response to this NAL.
V. ordering clauses
11. We have determined that T2 Communications, LLC, by failing to submit
an annual CPNI compliance certificate that provides an explanation of any
actions taken against data brokers, has apparently willfully or repeatedly
violated Section 222 of the Act, section 64.2009(e) of the Commission's
rules and the Commission's EPIC CPNI Order. We find T2 Communications
apparently liable for a forfeiture of one thousand dollars ($1,000).
12. ACCORDINGLY, IT IS ORDERED THAT, pursuant to Section 503(b) of the
Communications Act of 1934, as amended, Section 1.80(f)(4) of the
Commission's rules, and authority delegated by Sections 0.111 and 0.311 of
the Commission's rules, T2 Communications, LLC IS LIABLE FOR A MONETARY
FORFEITURE in the amount of one thousand dollars ($1,000) for willfully or
repeatedly violating Section 222 of the Act, section 64.2009(e) of the
Commission's rules and the Commission's EPIC CPNI Order by failing to
submit a compliant annual CPNI certificate.
13. IT IS FURTHER ORDERED THAT, pursuant to section 1.80 of the
Commission's rules, within thirty (30) days of the release date of this
Notice of Apparent Liability for Forfeiture, T2 Communications, LLC SHALL
PAY the full amount of the proposed forfeiture or SHALL FILE a written
statement seeking reduction or cancellation of the proposed forfeiture.
14. Payment of the forfeiture must be made by check or similar instrument,
payable to the order of the Federal Communications Commission. The payment
must include the NAL/Account Number and FRN Number referenced above.
Payment by check or money order may be mailed to Federal Communications
Commission, P.O. Box 979088, St. Louis, MO 63197-9000. Payment by
overnight mail may be sent to U.S. Bank - Government Lockbox #979088,
SL-MO-C2-GL, 1005 Convention Plaza, St. Louis, MO 63101. Payment by wire
transfer may be made to ABA Number 021030004, receiving bank TREAS/NYC,
and account number 27000001. For payment by credit card, an FCC Form 159
(Remittance Advice) must be submitted. When completing the FCC Form 159,
enter the NAL/Account number in block number 23A (call sign/other ID), and
enter the letters "FORF" in block number 24A (payment type code). T2
Communications will also send electronic notification on the date said
payment is made to Johnny.drake@fcc.gov. Requests for full payment under
an installment plan should be sent to: Chief Financial Officer --
Financial Operations, 445 12th Street, S.W., Room 1-A625, Washington,
D.C. 20554. Please contact the Financial Operations Group Help Desk at
1-877-480-3201 or Email: ARINQUIRIES@fcc.gov with any questions regarding
payment procedures.
15. The response, if any, must be mailed both to the Office of the
Secretary, Federal Communications Commission, 445 12th Street, SW,
Washington, DC 20554, ATTN: Enforcement Bureau - Telecommunications
Consumers Division, and to Marcy Greene, Deputy Chief, Telecommunications
Consumers Division, Enforcement Bureau, Federal Communications Commission,
445 12th Street, SW, Washington, DC 20554, and must include the NAL/Acct.
No. referenced in the caption.
16. The Commission will not consider reducing or canceling a forfeiture in
response to a claim of inability to pay unless the petitioner submits: (1)
federal tax returns for the most recent three-year period; (2) financial
statements prepared according to generally accepted accounting practices;
or (3) some other reliable and objective documentation that accurately
reflects the petitioner's current financial status. Any claim of inability
to pay must specifically identify the basis for the claim by reference to
the financial documentation submitted.
17. IT IS FURTHER ORDERED that a copy of this Notice of Apparent Liability
for Forfeiture shall be sent by Certified Mail Return Receipt Requested
and First Class Mail to the Company at 301 Hoover Boulevard, Suite 100,
Holland, Michigan 49423 and National Registered Agents, Inc., 1090 Vermont
Avenue, N.W., Washington, DC 20005.
FEDERAL COMMUNICATIONS COMMISSION
Kris Anne Monteith
Chief, Enforcement Bureau
47 U.S.C. S: 222.
47 C.F.R. S: 64.2009(e).
Implementation of the Telecommunications Act of 1996: Telecommunications
Carriers' Use of Customer Proprietary Network Information and Other
Customer Information; IP-Enabled Services, CC Docket No. 96-115; WC Docket
No. 04-36, Report and Order and Further Notice of Proposed Rulemaking, 22
FCC Rcd 6927, 6953 (2007) ("EPIC CPNI Order"); aff'd sub nom. Nat'l Cable
& Telecom. Assoc. v. FCC, No. 07-132, (D.C. Cir. Decided Feb. 13, 2009).
CPNI is defined as information that relates to the quantity, technical
configuration, type, destination, location, and amount of use of a
telecommunications service subscribed to by any customer of a
telecommunications carrier, and that is made available to the carrier by
the customer solely by virtue of the customer-carrier relationship. See 47
U.S.C. S: 222(h)(1)(A); 47 C.F.R. S: 64.2003(d)
See 47 U.S.C. S: 503(b)(4)(A). The Commission has authority under this
section of the Act to assess a forfeiture penalty against a common carrier
if the Commission determines that the carrier has "willfully or
repeatedly" failed to comply with the provisions of the Act or with any
rule, regulation, or order issued by the Commission under the Act. The
section provides that the Commission must assess such penalties through
the use of a written notice of apparent liability or notice of opportunity
for hearing.
47 U.S.C. S: 503(b)(4)(C); 47 C.F.R. S: 1.80(f)(3).
Section 222 of the Communications Act, 47 U.S.C S: 222, provides that:
"Every telecommunications carrier has a duty to protect the
confidentiality of proprietary information of, and relating to, other
telecommunications carriers, equipment manufacturers, and customers,
including telecommunication carriers reselling telecommunications services
provided by a telecommunications carrier." Prior to the 1996 Act, the
Commission had established CPNI requirements applicable to the enhanced
services operations of AT&T, the Bell Operating Companies ("BOCs"), and
GTE, and the customer premises equipment ("CPE") operations of AT&T and
the BOCs, in the Computer II, Computer III, GTE Open Network Architecture
("ONA"), and BOC CPE Relief proceedings. See Implementation of the
Telecommunications Act of 1996: Telecommunications Carriers' Use of
Customer Proprietary Network Information and Other Customer Information
and Implementation of Non-Accounting Safeguards of Sections 271 and 272 of
the Communications Act of 1934, as amended, CC Docket Nos. 96-115 and
96-149, Second Report and Order and Further Notice of Proposed Rulemaking,
13 FCC Rcd 8061, 8068-70, para. 7 (1998) ("CPNI Order") (describing the
Commission's privacy protections for confidential customer information in
place prior to the 1996 Act).
See CPNI Order. See also Implementation of the Telecommunications Act of
1996: Telecommunications Carriers' Use of Customer Proprietary Network
Information and Other Customer Information and Implementation of the
Non-Accounting Safeguards of Sections 271 and 272 of the Communications
Act of 1934, as amended, CC Docket Nos. 96-115 and 96-149, FCC 99-223,
Order on Reconsideration and Petitions for Forbearance 14 FCC Rcd 14409
(1999); 2000 Biennial Regulatory Review -- Review of Policies and Rules
Concerning Unauthorized Changes of Consumers' Long Distance Carriers, CC
Docket No. 00-257, Third Report and Order and Third Further Notice of
Proposed Rulemaking, 17 FCC Rcd 14860 (2002); EPIC CPNI Order, supra. n.3.
See, e.g., http://www.epic.org/privacy/iei/.
See id.
EPIC CPNI Order, 22 FCC Rcd 6927.
Id. at 6928.
Id. at 6953; 47 C.F.R. S: 64.2009(e). Prior to the issuance of the EPIC
CPNI Order, carriers were required to maintain in their files an annual
CPNI Certification that certified to the company's compliance with the
Commission's CPNI rules and provided an accompanying statement explaining
how the company's procedures ensure that the company is or is not in
compliance with the CPNI rules. The rule also required carriers to make
the certification available upon request.
22 FCC Rcd at 6953. Specifically, pursuant to section 64.2009(e): A
telecommunications carrier must have an officer, as an agent of the
carrier, sign and file with the Commission a compliance certificate on an
annual basis. The officer must state in the certification that he or she
has personal knowledge that the company has established operating
procedures that are adequate to ensure compliance with the rules in this
subpart. The carrier must provide a statement accompanying the
certification explaining how its operating procedures ensure that it is or
is not in compliance with the rules in this subpart. In addition, the
carrier must include an explanation of any actions taken against data
brokers and a summary of all customer complaints received in the past year
concerning the unauthorized release of CPNI. This filing must be made
annually with the Enforcement Bureau on or before March 1 in EB Docket No.
06-36, for data pertaining to the previous calendar year. 47 C.F.R. S:
64.2009(e).
Section 503(b)(2)(B) provides for forfeitures against common carriers of
up to $130,000 for each violation or each day of a continuing violation up
to a maximum of $1,325,000 for each continuing violation. 47 U.S.C. S:
503(b)(2)(B). See Amendment of Section 1.80 of the Commission's Rules and
Adjustment of Forfeiture Maxima to Reflect Inflation, 15 FCC Rcd 18221
(2000); Amendment of Section 1.80 of the Commission's Rules and Adjustment
of Forfeiture Maxima to Reflect Inflation, 19 FCC Rcd 10945 (2004)
(increasing maximum forfeiture amounts to account for inflation).
47 U.S.C. S: 503(b)(1)(B) (the Commission has authority under this section
of the Act to assess a forfeiture penalty against a common carrier if the
Commission determines that the carrier has "willfully or repeatedly"
failed to comply with the provisions of the Act or with any rule,
regulation, or order issued by the Commission under the Act); see also 47
U.S.C. S: 503(b)(4)(A) (providing that the Commission must assess such
penalties through the use of a written notice of apparent liability or
notice of opportunity for hearing).
Southern California Broadcasting Co., 6 FCC Rcd 4387 (1991).
See 47 U.S.C. S: 503(b)(2)(D); see also The Commission's Forfeiture Policy
Statement and Amendment of Section 1.80 of the Commission's Rules, 12 FCC
Rcd 17087 (1997) ("Forfeiture Policy Statement"); recon. denied, 15 FCC
Rcd 303 (1999).
Forfeiture Policy Statement, 12 FCC Rcd 17098-99, P: 22.
See, e.g., AT&T, Inc., Notice of Apparent Liability for Forfeiture, 21 FCC
Rcd 751 (Enf. Bur. 2006); Alltel Corp., Notice of Apparent Liability for
Forfeiture, 21 FCC Rcd 746 (Enf. Bur. 2006); Cbeyond Communications LLC,
Notice of Apparent Liability for Forfeiture, 21 FCC Rcd 4316 (Enf. Bur.
2006).
See n.14.
Because the EPIC CPNI Order took effect on December 8, 2007, the new
reporting requirements were only in effect from that date until the end of
the calendar year.
The Commission retains the discretion to impose a higher forfeiture in
cases of future noncompliance.
47 U.S.C. S: 503(b)(4)(A).
47 U.S.C. S: 503(b)(4)(C); 47 C.F.R. S: 1.80(f)(3).
47 C.F.R. S: 1.80(b)(4) (discussing factors the Commission or its designee
will consider in deciding appropriate forfeiture amount).
47 U.S.C. S: 503(b).
47 U.S.C. S: 1.80(f)(4).
47 C.F.R. S:S: 0.111, 0.311.
47 C.F.R. S: 1.80.
(Continued from previous page)
(continued....)
Federal Communications Commission DA 09-383
2
2
Federal Communications Commission DA 09-383