Telecommunications carriers and interconnected Voice over Internet Protocol (VoIP) providers (collectively, voice service providers, or VSPs) must file annual CPNI certifications confirming compliance with the FCC’s customer proprietary network information (CPNI) rules during the prior calendar year. The 2024 CPNI certification filing must be submitted to the FCC by March 3, 2025.
To maintain the privacy and security of CPNI, VSPs are required to establish and maintain systems to ensure CPNI is protected from unauthorized access, use or disclosure, and must file an annual certification documenting (i) their compliance with the rules, (ii) any complaints received from consumers regarding CPNI, and (iii) any actions taken against data brokers. If there were no such actions, VSPs must include an affirmative statement of that fact to make clear they have provided the required information.
CPNI information includes, but is not limited to, information such as phone numbers called by a consumer; the frequency, duration, and timing of such calls; the location of a mobile device when in active mode; and any services purchased by the consumer (such as call waiting and voicemail). VSP personnel must be trained as to when they are and are not authorized to use or disclose CPNI.
VSPs and their personnel should be trained or refreshed on their obligations to: (1) obtain customers’ approval to use, disclose, or permit access to their CPNI for marketing or other purposes; (2) notify customers of their right to restrict the use of their CPNI; (3) take reasonable measures to discover and protect against attempts to gain unauthorized access to CPNI; (4) notify law enforcement and affected customers of a breach of CPNI.
VSPs that fail to comply with the FCC’s CPNI rules, including filing a timely and complete certification, may be subject to FCC enforcement action, including monetary forfeitures.
If you would like assistance preparing and/or filing your annual CPNI compliance certification and/or reviewing your companies’ CPNI Compliance Manual, contact an attorney in our Privacy, Data Protection, and Cybersecurity or Broadband, Spectrum, and Communications Infrastructure practice groups.
© 2025 Lerman Senter
Legal Disclaimer | Privacy Policy
Website design by Beth Singer Design | Website development by The Modern Firm