Telecom Law Monitor : Washington D.C. Telecom Lawyer & Attorney : Kelley Drye & Warren Law Firm : New York, Chicago, Connecticut, New Jersey, Brussels

In February 2009, the FCC proposed $20,000 fines against 600 carriers for failing to file their annual CPNI certifications.   The problem with issuing 600 fines of $20,000 each?  The FCC actually has to issue orders in all 600 cases.  That process has turned into a bureaucratic quagmire, but -- finally -- there are signs that the FCC is making progress toward resolving the cases.

The Commission got off to a good start:  In the summer of 2009, it released 58 orders canceling forfeitures (based on proof that the entity either filed on time or was not required to file) or settling cases against, primarily, very small telcos.  After September 1, 2009, however, the FCC did not release another order resolving the Omnibus CPNI forfeitures for almost a year. 

Beginning in June of this year, the pace picked up again.  Since June 11, the FCC has issued over 40 orders resolving the Omnibus CPNI NALs.  One order canceled 15 NALs, again because the entities provided sufficient proof of timely filing.  The rest have been settlements of the NALs.  They follow essentially the same form:  (1) the carrier agrees to implement a Compliance Plan; (2) for two years, the carrier agrees to provide a copy of its CPNI certifications to the Enforcement Bureau; and (3) the carrier pays a small settlement amount.  Thus far, the settlements have ranged from a few hundred dollars to a few thousand dollars -- far below the $20,000 proposed.

By my count, the FCC has resolved about 110 cases.  It has just under 500 left to go.

• Email This
• Print
• Trackbacks
• Share Link

Consumer privacy is a hot topic in many arenas.  At the FCC, consumer privacy is protected by the Commission's "customer proprietary network information" ("CPNI") rules.  Today, the FCC released another CPNI enforcement item, but surprisingly, it was the first enforcement item in 2010 not related to a carrier's filing of its annual CPNI certification statement.

Today's action is a consent decree with Verizon Communications, Inc's regulated telecommunications operating entities.  In the case, Verizon had self-reported a failure of its databases to track customers who had opted out of CPNI-based marketing.  Verizon reported that it discovered a discrepancy in the total number of customers in its opt-out database.  Verizon attributed the discrepancy to the absence of opt out records from seven weeks over a period of two years.  Verizon reported the problem to the FCC, which launched an inquiry into Verizon's procedures. 

Verizon does not admit or deny liability in the consent decree, but it agreed to pay $90,000 to resolve the case.  In addition, Verizon agreed to a compliance plan to ensure future compliance with the CPNI opt-out procedures.  The Compliance Plan obligates Verizon to:

• perform monthly validation tests,
• perform a weekly check for transaction errors,
• perform validation tests prior to implementing any material changes to its systems,
• enhance its employee training procedures, and
• add CPNI compliance to its compliance management processes.

The consent decree applies to all Verizon entities.  However, the consent decree exempts the Verizon entities to be sold to Frontier Communications Corporation.  In a footnote, the FCC explained that Frontier committed to implement the "best practices" employed by Frontier and the Verizon entities.  Relying on this commitment, the Bureau determined that it would exempt Frontier form the obligations "upon Frontier providing the Bureau with a copy of [its post-acquisition] practices and procedures." 

• Email This
• Print
• Trackbacks
• Share Link

As of COB yesterday, 3070 unique CPNI submissions were made in the FCC's annual CPNI certification docket.  That number is almost the same as the 3,107 CPNI filers in 2009.  However, it still is about 500 fewer than the number of active USF filers, according to USAC's most recent report, and is over 3,000 entities fewer than USAC has in its filer database.  It looks like the FCC's Enforcement Bureau will still have some work to do to track down potential CPNI violators.

For those who failed to file the certificiations, be warned that last year, the FCC released an Omnibus CPNI NAL proposing to fine over 600 carriers $20,000 each for failing to file the required annual certification or for filing a non-compliant certification.  This year, the fine has increased to $25,000, at least according to two NALs released late last week (available here and here).  No, this is not an inflationary increase.  Instead, the Bureau reasoned that carriers were on notice of the requirement and had failed to file in past years as well.  Therefore, the action this year was more culpable and deserving of a higher fine.

If you didn't file your 2010 CPNI certification, you should do so soon.

• Email This
• Print
• Trackbacks
• Share Link

What:   Annual CPNI Certification pursuant to Section 64.2009.   Carriers must certify that their procedures comply with the FCC's privacy rules, disclose complaints about CPNI breaches and identify actions taken against pretexters.  The certification must be signed by an officer of the company and based on the officer's personal knowledge.  In addition, the certification must be accompanied by a statement describing the company's CPNI policies and explaining how those policies comply with the rules. 

Where:  Certifications are to be filed in FCC docket no. 06-36.

When:  Due by March 1, 2010

Who must file:  All telecommunications carriers and all interconnected VoIP providers.  Filing obligation applies to carriers who are de minimis for USF purposes.  Filing obligation does not apply to private carriers. 

WARNING:  Last year, the FCC proposed base fines of $20,000 to companies that failed to file certifications or that filed certifications that did not comply with the rules.

• Email This
• Print
• Trackbacks
• Share Link

On February 24, the FCC announced its first major CPNI enforcement actions since the new CPNI rules went into effect in April 2007. In an Omnibus CPNI NAL, the Enforcement Bureau proposed fines of $20,000 each against over 600 telecommunications carriers that failed to file their annual CPNI certifications on time. Knowledgeable staffers tell us that the 600 carriers include those who filed certifications significantly after the deadline as well as those who never filed the 2008 certification. The respondents have 30 days to respond to the NAL.

The Bureau also released over a dozen smaller NALs for various deficiencies in carrier certifications. The deficiencies were hyper-technical: failures to state whether actions were taken against pretexters or failures to state whether the carrier received any CPNI complaints.

Update: It appears that a number of late-filers received citations instead of fines. Some have all the luck.

• Email This
• Print
• Trackbacks
• Share Link