Click here for Adobe Acrobat version
Click here for Microsoft Word version

******************************************************** 
                      NOTICE
********************************************************

This document was converted from Microsoft Word.

Content from the original version of the document such as
headers, footers, footnotes, endnotes, graphics, and page numbers
will not show up in this text version.

All text attributes such as bold, italic, underlining, etc. from the
original document will not show up in this text version.

Features of the original document layout such as
columns, tables, line and letter spacing, pagination, and margins
will not be preserved in the text version.

If you need the complete document, download the
Microsoft Word or Adobe Acrobat version.

*****************************************************************



                                                                     DA 10-91

                                                             January 15, 2010

                                             Enforcement Advisory No. 2010-01

       PLEASE READ THE FOLLOWING INFORMATION CAREFULLY; IT CONCERNS YOUR
       OBLIGATIONS AS A TELECOMMUNICATIONS CARRIER OR INTERCONNECTED VOIP
        PROVIDER. IF YOU DID NOT RECEIVE SIX (6) PAGES, INCLUDING THREE
      ATTACHMENTS, YOU SHOULD CONTACT THE FCC ENFORCEMENT BUREAU AT (202)
                   418-7450 OR 1-800-CALL-FCC FOR ASSISTANCE.

                  ANNUAL CPNI CERTIFICATIONS DUE MARCH 1, 2010

     Filing of 2009 Annual Customer Proprietary Network Information (CPNI)
                                 Certifications

                              EB Docket No. 06-36

   Telecommunications carriers and interconnected VoIP providers must file
   annual reports certifying their compliance with the Commission's rules
   protecting Customer Proprietary Network Information (CPNI). CPNI includes
   some of the most sensitive personal information that carriers have about
   their customers as a result of their business relationship (e.g., phone
   numbers called; the frequency, duration, and timing of such calls; and any
   services purchased by the consumer, such as call waiting). In prior years,
   many companies have failed to file, or have filed certificates that failed
   to comply with our rules in material respects. Failure to file a timely
   and complete certification calls into question whether a company has
   properly complied with the rules requiring it to protect its customers'
   sensitive information. As a result, the Commission has initiated
   enforcement action against a large number of non-compliant companies to
   ensure adequate consumer protection and future compliance with these
   important regulatory requirements.

   In order to promote more widespread compliance for the next round of
   certifications, the FCC's Enforcement Bureau is issuing this Enforcement
   Advisory, No. 2010-01, to remind companies of their obligations and to
   provide guidance on how to prepare a certification that will comply with
   the Commission's rules.

   We expect that this Advisory will lead to greater compliance with the
   rules. At the same time, however, we emphasize that the CPNI rules provide
   important consumer protections and that we intend to continue to strictly
   enforce them. Companies are also reminded that failure to comply with the
   CPNI rules, including the annual certification requirement, may subject
   them to enforcement action, including monetary forfeitures of up to
   $150,000 for each violation or each day of a continuing violation, up to a
   maximum of $1,500,000. In this regard, false statements or
   misrepresentations to the Commission may be punishable by fine or
   imprisonment under Title 18 of the U.S. Code.

   Attachments: (1) Frequently Asked Questions; (2) CPNI Certification
   Template; (3) Text of the CPNI rules.

                                         Issued by: Chief, Enforcement Bureau

                                                                 ATTACHMENT 1

                           FREQUENTLY ASKED QUESTIONS

   The following frequently asked questions are addressed in this Enforcement
   Advisory:

     * What are the CPNI rules, and where can I find them?

     * Who is required to file?

     * Is there an exemption for small companies?

     * What must be included in the filing?

     * When are companies required to file the annual certification?

     * Is this the same as my form 499 filing or my USF filing?

     * What format should I use for my CPNI certification?

     * How do I file the CPNI certification?

     * What if I have questions?

   What are the CPNI rules, and where can I find them?

   Protection of CPNI is a fundamental obligation under section 222 of the
   Communications Act of 1934, as amended (Act). Consumers are understandably
   concerned about the security of the sensitive, personal data they provide
   to their service providers. In recognition of these concerns, the
   Commission has issued rules requiring carriers and interconnected VoIP
   providers to establish and maintain systems designed to ensure that they
   adequately protect their subscribers' CPNI. Those rules also require that
   all companies subject to the CPNI rules file an annual certification
   documenting their compliance with the rules, and documenting any
   complaints or problems. Companies must file these certifications with the
   Commission on or before March 1 each year.

   The CPNI rules are found at 47 C.F.R. S: 64.2001 et seq. A copy of the
   current version of the certification portion of the rules is attached to
   this Enforcement Advisory. The attached version of the rules is current as
   of this date. In the future, to ensure that you are aware of any changes
   to the rules, you are advised always to check the current version of the
   Code of Federal Regulations, which can be found at the Government Printing
   Office website, here: http://www.gpoaccess.gov/CFR/.

   Who is required to file?

   Telecommunications carriers and interconnected VoIP providers must file a
   CPNI certification each year.

     * A "telecommunications carrier" is "any provider of telecommunications
       services," except an aggregator. 47 U.S.C S: 153(44).
       Telecommunications service is defined in the Communications Act as
       "the offering of telecommunications for a fee directly to the public,
       or to such classes of users as to be effectively available directly to
       the public, regardless of the facilities used." 47 U.S.C. S: 153(46).

     * Some examples of "telecommunications carriers" that must file an
       annual certification are: local exchange carriers (LECs) (including
       incumbent LECs, rural LECs and competitive LECs), interexchange
       carriers, paging providers, commercial mobile radio services
       providers, resellers, prepaid telecommunications providers, and
       calling card providers. This list is not exhaustive.

     * "Interconnected VoIP providers" are companies that provide a service
       that: "(1) enables real-time, two-way voice communications; (2)
       requires a broadband connection from the user's location; (3) requires
       Internet protocol-compatible customer premises equipment (CPE); and
       (4) permits users generally to receive calls that originate on the
       public switched telephone network and terminate calls to the public
       switched network." 47 C.F.R. S: 9.3.

   Is there an exemption for small companies?

   No, there is no exemption for small companies. Section 64.2009(e) - the
   annual certification filing requirement - applies regardless of the size
   of the company.

   What must be included in the filing?

   The certification must include all of the elements listed below:

     * an officer of the company must sign the compliance certificate;

     * the officer must state in the certification that he or she has
       personal knowledge that the company has established operating
       procedures that are adequate to ensure compliance with the CPNI rules;

     * the company must provide a written statement accompanying the
       certification explaining how its operating procedures ensure that it
       is or is not in compliance with the CPNI rules;

     * the company must include an explanation of any actions taken against
       data brokers; and

     * the company must include a summary of all consumer complaints received
       in the prior year concerning unauthorized release of CPNI.

   In reviewing prior years' filings, we have found a number of recurring
   deficiencies. In particular, many companies:

   (1) fail to have the officer signing the certification affirmatively state
   that he or she has personal knowledge that the company has established
   operating procedures that are adequate to ensure compliance;

   (2) fail to provide a statement accompanying the certification explaining
   how their operating procedures ensure that they are or are not in
   compliance with the rules. Simply stating that the company has adopted
   operating procedures without explaining how compliance is being achieved
   does not satisfy this requirement;

   (3) fail to state clearly whether any actions were taken against data
   brokers in the prior year (if there were no such actions, the company
   should include an affirmative statement of that fact, in order to make
   clear that it has provided the required information); and

   (4) fail to state clearly whether any customer complaints were received in
   the prior year concerning the unauthorized release of CPNI (if there were
   no such complaints, the company should include an affirmative statement 
   of that fact, in order to make clear that it has provided the required
   information).

   In order to help companies ensure that their certifications contain all of
   the required information, we are providing a suggested template, attached
   to this Enforcement Advisory.

   When must my company file the annual certification?

   The filing for 2009 is due no sooner than January 1, 2010, but no later
   than, March 1, 2010. You may not file before January 1, 2010, because your
   certification must contain data pertaining to the entire previous calendar
   year. Certifications filed before January 1, 2010 do not comply with the
   rules. If you filed too soon, you must re-file by March 1 with a new
   certification that covers the entire calendar year 2009. If you filed
   after January 1, 2010, we recommend that you review your certification to
   ensure that it complies with all the necessary information (including the
   required attachments and explanations) and refile if needed.

   Is this the same as my form 499 filing or my USF filing?

   No, the annual CPNI certification filing is different from form 499
   filings or USF filings.

   What format should I use for my CPNI certification?

   A suggested template is attached to this Enforcement Advisory. See
   Attachment 2. This template was designed to ensure that companies will be
   in compliance with the annual certification filing requirement of 47
   C.F.R. S: 64.2009(e) if they complete it fully and accurately. Use of this
   template is not mandatory, and companies may use any format that fulfills
   the requirements of the rule. If you elect to use the suggested template,
   we encourage you to review the template carefully and to ensure that all
   fields are fully completed before submission.

   How do I file the CPNI certification?

   All filings must reference EB Docket No. 06-36. All filings must be
   addressed to the Commission's Secretary, Marlene H. Dortch, Office of the
   Secretary, Federal Communications Commission, 445 12th Street, SW, Suite
   TW-A325, Washington, DC 20554, and one (1) copy must be sent to Best Copy
   and Printing, Inc., 445 12th Street, Suite CY-B402, Washington, DC 20554,
   telephone 202-488-5300, facsimile 202-488-5563, or via e-mail
   FCC@BCPIWEB.COM. Under no circumstances should copies of certifications be
   sent to the Enforcement Bureau, or to any individuals within the
   Enforcement Bureau. Certifications may be filed: (1) using the
   Commission's Electronic Comment Filing System (ECFS); or (2) by filing
   paper copies.

     * Electronic Filers: Certifications may be filed electronically using
       the Internet by accessing the ECFS: http://www.fcc.gov/cgb/ecfs/.
       Filers should follow the instructions provided on the website for
       submitting their certifications.

     * In completing the transmittal screen, filers should include their full
       name, U.S. Postal Service mailing address, and the applicable docket
       or rulemaking number.

     * Paper Filers: Parties who choose to file by paper must file an
       original and four copies of each filing. Filings can be sent by hand
       or messenger delivery, by commercial overnight courier, or by
       first-class or overnight U.S. Postal Service mail (although we
       continue to experience delays in receiving U.S. Postal Service mail).
       All filings must be addressed to the Commission's Secretary, Office of
       the Secretary, Federal Communications Commission.

     * The Commission's contractor will receive hand-delivered or
       messenger-delivered paper filings for the Commission's Secretary at
       FCC headquarters, 445 12th Street, SW, Room TW-A325, Washington, DC
       20554. The filing hours at this location are 8:00 a.m. to 7:00 p.m.
       All hand deliveries must be held together with rubber bands or
       fasteners. Any envelopes must be disposed of before entering the
       building.

     * Commercial overnight mail (other than U.S. Postal Service Express Mail
       and Priority Mail) must be sent to 9300 East Hampton Drive, Capitol
       Heights, MD 20743.

     * U.S. Postal Service first-class, Express, and Priority mail should be
       addressed to 445 12th Street, SW, Washington DC 20554.

   People with Disabilities: To request materials in accessible formats for
   people with disabilities (braille, large print, electronic files, audio
   format), send an e-mail to fcc504@fcc.gov or call the Consumer &
   Governmental Affairs Bureau at 202-418-0530 (voice), 202-418-0432 (tty).

   What if I have questions?

   For further information regarding the annual certification filing, contact
   any of the following individuals in the Telecommunications Consumers
   Division, Enforcement Bureau: Edward Hayes (202) 418-7994, Donna Cyrus
   (202) 418-7325, Mika Savir (202) 418-0384, Kimberly Wild (202) 418-1324,
   or Marcy Greene (202) 418-2410.

                                                                 ATTACHMENT 2

           Annual 47 C.F.R. S: 64.2009(e) CPNI Certification Template

                                EB Docket 06-36

   Annual 64.2009(e) CPNI Certification for [Insert year] covering the prior
   calendar year [Insert year]

   1. Date filed: [Insert date]

   2. Name of company(s) covered by this certification: [Insert company name]

   3. Form 499 Filer ID: [Provide relevant ID number(s)]

   4. Name of signatory: [Insert name]

   5. Title of signatory: [Insert title of corporate officer]

   6. Certification:

   I, [Insert name of officer signing certification], certify that I am an
   officer of the company named above, and acting as an agent of the company,
   that I have personal knowledge that the company has established operating
   procedures that are adequate to ensure compliance with the Commission's
   CPNI rules. See 47 C.F.R. S: 64.2001 et seq.

   Attached to this certification is an accompanying statement explaining how
   the company's procedures ensure that the company is in compliance with the
   requirements (including those mandating the adoption of CPNI procedures,
   training, recordkeeping, and supervisory review) set forth in section
   64.2001 et seq. of the Commission's rules.

   The company [has/has not] taken actions (i.e., proceedings instituted or
   petitions filed by a company at either state commissions, the court
   system, or at the Commission against data brokers) against data brokers in
   the past year. [NOTE: If you reply in the affirmative, please provide an
   explanation of any actions taken against data brokers.]

   The company [has/has not] received customer complaints in the past year
   concerning the unauthorized release of CPNI [NOTE: If you reply in the
   affirmative, please provide a summary of such complaints. This summary
   should include number of complaints, broken down by category or complaint,
   e.g., instances of improper access by employees, instances of improper
   disclosure to individuals not authorized to receive the information, or
   instances of improper access to online information by individuals not
   authorized to view the information.]

   The company represents and warrants that the above certification is
   consistent with 47. C.F.R. S: 1.17 which requires truthful and accurate
   statements to the Commission. The company also acknowledges that false
   statements and misrepresentations to the Commission are punishable under
   Title 18 of the U.S. Code and may subject it to enforcement action.

   Signed _____________________________ [Signature of an officer, as agent of
   the carrier]

   Attachments: Accompanying Statement explaining CPNI procedures

   Explanation of actions taken against data brokers (if applicable)

   Summary of customer complaints (if applicable)

                                                                 ATTACHMENT 3

   47 C.F.R. S: 64.2009 Safeguards required for use of customer proprietary
   network information.

   (a) Telecommunications carriers must implement a system by which the
   status of a customer's CPNI approval can be clearly established prior to
   the use of CPNI.

   (b) Telecommunications carriers must train their personnel as to when they
   are and are not authorized to use CPNI, and carriers must have an express
   disciplinary process in place.

   (c) All carriers shall maintain a record, electronically or in some other
   manner, of their own and their affiliates' sales and marketing campaigns
   that use their customers' CPNI. All carriers shall maintain a record of
   all instances where CPNI was disclosed or provided to third parties, or
   where third parties were allowed access to CPNI. The record must include a
   description of each campaign, the specific CPNI that was used in the
   campaign, and what products and services were offered as a part of the
   campaign. Carriers shall retain the record for a minimum of one year.

   (d) Telecommunications carriers must establish a supervisory review
   process regarding carrier compliance with the rules in this subpart for
   outbound marketing situations and maintain records of carrier compliance
   for a minimum period of one year. Specifically, sales personnel must
   obtain supervisory approval of any proposed outbound marketing request for
   customer approval.

   (e) A telecommunications carrier must have an officer, as an agent of the
   carrier, sign and file with the Commission a compliance certificate on an
   annual basis. The officer must state in the certification that he or she
   has personal knowledge that the company has established operating
   procedures that are adequate to ensure compliance with the rules in this
   subpart. The carrier must provide a statement accompanying the certificate
   explaining how its operating procedures ensure that it is or is not in
   compliance with the rules in this subpart. In addition, the carrier must
   include an explanation of any actions taken against data brokers and a
   summary of all customer complaints received in the past year concerning
   the unauthorized release of CPNI. This filing must be made annually with
   the Enforcement Bureau on or before March 1 in EB Docket No. 06-36, for
   data pertaining to the previous calendar year.

   (f) Carriers must provide written notice within five business days to the
   Commission of any instance where the opt-out mechanisms do not work
   properly, to such a degree that consumers' inability to opt-out is more
   than an anomaly.

   (1) The notice shall be in the form of a letter, and shall include the
   carrier's name, a description of the opt-out mechanism(s) used, the
   problem(s) experienced, the remedy proposed and when it will be/was
   implemented, whether the relevant state commission(s) has been notified
   and whether it has taken any action, a copy of the notice provided to
   customers, and contact information.

   (2) Such notice must be submitted even if the carrier offers other methods
   by which consumers may opt-out.

   By this Enforcement Advisory, the FCC's Enforcement Bureau highlights
   certain obligations under the CPNI rules. Failure to receive this notice
   does not absolve a provider of the obligation to meet the requirements of
   the Communications Act of 1934, as amended, or the Commission's rules and
   orders. Companies should read the full text of the relevant CPNI rules at
   47 C.F.R. S: 64.2001 et seq.

   47 U.S.C. S: 503(b)(2)(B); see also 47 C.F.R. S: 1.80(b)(2); Amendment of
   Section 1.80(b) of the Commission's Rules, Adjustment of Forfeiture Maxima
   to Reflect Inflation, Order, 15 FCC Rcd 18221 (2000).

   Section 226 defines an aggregator as "any person that, in the ordinary
   course of its operations, makes telephones available to the public or
   transient users of its premises, for interstate telephone calls using a
   provider of operator services." 47 U.S.C S: 226(a)(2).

   PUBLIC NOTICE

                                  Page 1 of 3

                                  Page 1 of 1

                                  Page 1 of 1

                            FCC ENFORCEMENT ADVISORY

   Federal Communications Commission

   445 12th St., S.W.

   Washington, D.C. 20554

                                        News Media Information 202 / 418-0500

                                                 Internet: http://www.fcc.gov

                                                          TTY: 1-888-835-5322