PUBLIC NOTICE Federal Communications Commission 445 12th St., S.W. Washington, D.C. 20554 News Media Information 202 / 418-0500 Internet: http://www.fcc.gov TTY: 1-888-835-5322 DA 09-9 January 7, 2009 EB Provides Guidance on Filing of 2008 Annual Customer Proprietary Network Information (CPNI) Certifications Under 47 C.F.R. §64.2009(e) EB Docket No. 06-36 In this Public Notice, the Enforcement Bureau (Bureau) responds to requests for guidance on the suggested format and procedures for the filing of annual CPNI compliance certifications (CPNI Certifications) pursuant to 47 C.F.R. § 64.2009(e). CPNI Certifications must be filed annually between January 1 and March 1, in accordance with the procedures outlined below. Background. On April 2, 2007, the Commission released a Report and Order and Further Notice of Proposed Rulemaking in CC Docket No. 96-115 and WC Docket No. 04-36 (EPIC CPNI Order)1 in which the Commission strengthened its privacy rules, pursuant to section 222 of the Communications Act, as amended, by adopting additional safeguards to protect CPNI against unauthorized access and disclosure.2 One important change to the existing CPNI rules adopted in the EPIC CPNI Order is the requirement that all companies subject to the CPNI rules file annually, on or before March 1, a certification with the Commission pursuant to amended rule 47 C.F.R. § 64.2009(e).3 This collection has been approved by OMB under control number 30600715. Prior to the 2008 annual filings, the Bureau released a Public Notice providing a suggested template that filing entities could use to meet the annual certification filing requirement.4 1 Implementation of the Telecommunications Act of 1996: Telecommunications Carriers’ Use of Customer Proprietary Network Information and Other Customer Information; IP-Enabled Services, CC Docket No. 96-115; WC Docket No. 04-36, Report and Order and Further Notice of Proposed Rulemaking, 22 FCC Rcd 6927 (2007)(“EPIC CPNI Order”). 2 See 47 U.S.C. § 222. 3 47 C.F.R. § 64.2009(e) states: “A telecommunications carrier must have an officer, as an agent of the carrier, sign and file with the Commission a compliance certificate on an annual basis. The officer must state in the certification that he or she has personal knowledge that the company has established operating procedures that are adequate to ensure compliance with the rules in this subpart. The carrier must provide a statement accompanying the certification explaining how its operating procedures ensure that it is or is not in compliance with the rules in this subpart. In addition, the carrier must include an explanation of any actions taken against data brokers and a summary of all customer complaints received in the past year concerning the unauthorized release of CPNI. This filing must be made annually with the Enforcement Bureau on or before March 1 in EB Docket No. 06-36, for data pertaining to the previous calendar year.” 4 Public Notice, EB Provides Guidance on Filing on Annual Customer Proprietary Network Information (CPNI) Certifications Under 47 C.F.R. § 64.2009(e), 08-171 (Jan. 29, 2008). 2 Format of CPNI Certifications. The Bureau provides the attached suggested template that filing entities can use to meet the annual certification filing requirement of 47 C.F.R. § 64.2009(e). Use of this template is not mandatory, and any document that meets the requirements of the rule may be filed. Parties that elect to use the suggested template are encouraged to review the template carefully and to ensure that all fields are fully completed before submission. Filing procedures. All filings must reference EB Docket No. 06-36. All filings must be addressed to the Commission’s Secretary, Marlene H. Dortch, Office of the Secretary, Federal Communications Commission, 445 12th Street, SW, Suite TW-A325, Washington, DC 20554, and one (1) copy must be sent to Best Copy and Printing, Inc., 445 12th Street, Suite CY-B402, Washington, DC 20554, telephone 202-488-5300, facsimile 202- 488-5563, or via e-mail FCC@BCPIWEB.COM. Certifications may be filed: (1) using the Commission’s Electronic Comment Filing System (ECFS); (2) or by filing paper copies. § Electronic Filers: Certifications may be filed electronically using the Internet by accessing the ECFS: http://www.fcc.gov/cgb/ecfs/. Filers should follow the instructions provided on the website for submitting comments. § In completing the transmittal screen, filers should include their full name, U.S. Postal Service mailing address, and the applicable docket or rulemaking number. Parties may also submit an electronic comment by Internet e-mail. To get filing instructions, filers should send an e-mail to ecfs@fcc.gov, and include the following words in the body of the message, “get form.” A sample form and directions will be sent in response. § Paper Filers: Parties who choose to file by paper must file an original and four copies of each filing. Filings can be sent by hand or messenger delivery, by commercial overnight courier, or by first-class or overnight U.S. Postal Service mail (although we continue to experience delays in receiving U.S. Postal Service mail). All filings must be addressed to the Commission’s Secretary, Office of the Secretary, Federal Communications Commission. § The Commission’s contractor will receive hand-delivered or messenger-delivered paper filings for the Commission’s Secretary at 236 Massachusetts Avenue, NE., Suite 110, Washington, DC 20002. The filing hours at this location are 8:00 a.m. to 7:00 p.m. All hand deliveries must be held together with rubber bands or fasteners. Any envelopes must be disposed of before entering the building. § Commercial overnight mail (other than U.S. Postal Service Express Mail and Priority Mail) must be sent to 9300 East Hampton Drive, Capitol Heights, MD 20743. § U.S. Postal Service first-class, Express, and Priority mail should be addressed to 445 12th Street, SW, Washington DC 20554. People with Disabilities: To request materials in accessible formats for people with disabilities (braille, large print, electronic files, audio format), send an e-mail to fcc504@fcc.gov or call the Consumer & Governmental Affairs Bureau at 202-418-0530 (voice), 202-418-0432 (tty). Filings and comments are also available for public inspection and copying during regular business hours at the FCC Reference Information Center, Portals II, 445 12th Street, SW, Room CY-A257, Washington, DC, 20554. They may also be purchased from the Commission’s duplicating contractor, Best Copy and Printing, Inc., Portals II, 445 12th Street, SW, Room CY-B402, Washington, DC, 20554, telephone 202-488-5300, facsimile 202-488-5563, or via e-mail FCC@BCPIWEB.COM. For further information regarding the annual certification filing contact the following individuals in the Telecommunications Consumers Division, Enforcement Bureau: Robert Somers, (202) 418-1483, Edward Hayes, (202) 418-7994, Donna Cyrus, (202) 418-7325, or Marcy Greene, (202) 418-2410. 3 Annual 47 C.F.R. § 64.2009(e) CPNI Certification EB Docket 06-36 Annual 64.2009(e) CPNI Certification for [year] Date filed: [date] Name of company(s) covered by this certification: [company] Form 499 Filer ID: [provide ID(s)] Name of signatory: [name] Title of signatory: [title] I, [name of officer signing certification], certify that I am an officer of the company named above, and acting as an agent of the company, that I have personal knowledge that the company has established operating procedures that are adequate to ensure compliance with the Commission’s CPNI rules. See 47 C.F.R. § 64.2001 et seq. Attached to this certification is an accompanying statement explaining how the company’s procedures ensure that the company [is/ is not] in compliance with the requirements set forth in section 64.2001 et seq. of the Commission’s rules [attach accompanying statement]. The company [has/has not] taken any actions (proceedings instituted or petitions filed by a company at either state commissions, the court system, or at the Commission against data brokers) against data brokers in the past year. Companies must report on any information that they have with respect to the processes pretexters are using to attempt to access CPNI , and what steps companies are taking to protect CPNI. If affirmative: [Provide explanation of any actions taken against data brokers] The company [has/has not] received any customer complaints in the past year concerning the unauthorized release of CPNI (number of customer complaints a company has received related to unauthorized access to CPNI, or unauthorized disclosure of CPNI, broken down by category or complaint, e.g., instances of improper access by employees, instances of improper disclosure to individuals not authorized to receive the information, or instances of improper access to online information by individuals not authorized to view the information). If affirmative: [Provide summary of all customer complaints received in the past year concerning the unauthorized release of CPNI.] Signed _____________________________ [signature]