Consumer privacy is a hot topic in many arenas. At the FCC, consumer privacy is protected by the Commission's "customer proprietary network information" ("CPNI") rules. Today, the FCC released another CPNI enforcement item, but surprisingly, it was the first enforcement item in 2010 not related to a carrier's filing of its annual CPNI certification statement.
Today's action is a consent decree with Verizon Communications, Inc's regulated telecommunications operating entities. In the case, Verizon had self-reported a failure of its databases to track customers who had opted out of CPNI-based marketing. Verizon reported that it discovered a discrepancy in the total number of customers in its opt-out database. Verizon attributed the discrepancy to the absence of opt out records from seven weeks over a period of two years. Verizon reported the problem to the FCC, which launched an inquiry into Verizon's procedures.
Verizon does not admit or deny liability in the consent decree, but it agreed to pay $90,000 to resolve the case. In addition, Verizon agreed to a compliance plan to ensure future compliance with the CPNI opt-out procedures. The Compliance Plan obligates Verizon to:
- perform monthly validation tests,
- perform a weekly check for transaction errors,
- perform validation tests prior to implementing any material changes to its systems,
- enhance its employee training procedures, and
- add CPNI compliance to its compliance management processes.
The consent decree applies to all Verizon entities. However, the consent decree exempts the Verizon entities to be sold to Frontier Communications Corporation. In a footnote, the FCC explained that Frontier committed to implement the "best practices" employed by Frontier and the Verizon entities. Relying on this commitment, the Bureau determined that it would exempt Frontier form the obligations "upon Frontier providing the Bureau with a copy of [its post-acquisition] practices and procedures."