PUBLIC NOTICE
Federal Communications Commission
445 12th St., S.W.
Washington, D.C. 20554
News Media Information 202 / 418-0500
Internet: http://www.fcc.gov
TTY: 1-888-835-5322
DA 11-159
January 28, 2011
Enforcement Advisory No. 2011-02
TELECOMMUNICATIONS CARRIERS AND INTERCONNECTED VOIP PROVIDERS REMINDED OF REQUIREMENT 
TO FILE ANNUAL REPORTS CERTIFYING COMPLIANCE WITH COMMISSION RULES PROTECTING 
CUSTOMER PROPRIERTARY NETWORK INFORMATION
ANNUAL CPNI CERTIFICATIONS DUE MARCH 1, 2011
Filing of 2010 Annual Customer Proprietary Network Information (CPNI) Certifications
EB Docket No. 06-36
Telecommunications carriers and interconnected VoIP providers must file annual reports certifying their compliance 
with the Commission’s rules protecting Customer Proprietary Network Information (CPNI).  CPNI includes some of the 
most sensitive personal information that carriers have about their customers as a result of their business relationship 
(e.g., phone numbers called; the frequency, duration, and timing of such calls; and any services purchased by the 
consumer, such as call waiting).  In prior years, many companies have failed to file, or have filed certificates that failed 
to comply with our rules in material respects.  Failure to file a timely and complete certification calls into question 
whether a company has properly complied with the rules requiring it to protect its customers’ sensitive information.  As 
a result, the Commission has initiated enforcement action against a large number of non-compliant companies to 
ensure adequate consumer protection and future compliance with these important regulatory requirements.  For 
example, last year, the Commission’s Enforcement Bureau took enforcement action against a number of entities for 
failing to file their certifications for 2009 and one or more prior years, proposing a $25,000 penalty against each, and 
sent warning letters to hundreds more.  
In order to promote more widespread compliance for the next round of certifications, the FCC’s Enforcement Bureau is 
issuing this Enforcement Advisory, No. 2011-02, to remind companies of their obligations and to provide guidance on 
how to prepare a certification that will comply with the Commission’s rules.1  
For the 2011 annual filing, the Enforcement Bureau has added an additional way for telecommunications carriers and 
interconnected VoIP providers to file their CPNI certifications.  Companies may file their certifications through a web 
application available at http://apps.fcc.gov/eb/CPNI.  This web based template will allow companies to complete and 
file their certifications including attachments electronically.  Companies may still file using the Commission’s Electronic 
Comment Filing System as well as by filing paper copies.    
We expect that this Advisory will lead to greater compliance with the rules.  At the same time, however, we emphasize 
that the CPNI rules provide important consumer protections and that we intend to continue to enforce them strictly.  
Companies are also reminded that failure to comply with the CPNI rules, including the annual certification requirement, 
 
1 By this Enforcement Advisory, the FCC’s Enforcement Bureau highlights certain obligations under the CPNI rules.  Failure to 
receive this notice does not absolve a provider of the obligation to meet the requirements of the Communications Act of 1934, as
amended, or the Commission’s rules and orders.  Companies should read the full text of the relevant CPNI rules at 47 C.F.R. § 
64.2001 et seq.
FCC ENFORCEMENT ADVISORY
may subject them to enforcement action, including monetary forfeitures of up to $150,000 for each violation or each 
day of a continuing violation, up to a maximum of $1,500,000.1 In this regard, false statements or misrepresentations 
to the Commission may be punishable by fine or imprisonment under Title 18 of the U.S. Code.
Attachments: (1) Frequently Asked Questions; (2) CPNI Certification Template; (3) Text of the CPNI rules.
Issued by: Chief, Enforcement Bureau 
 
1 47 U.S.C. § 503(b)(2)(B); see also 47 C.F.R. § 1.80(b)(2); Amendment of Section 1.80(b) of the Commission’s Rules, Adjustment 
of Forfeiture Maxima to Reflect Inflation, Order, 15 FCC Rcd 18221 (2000).
ATTACHMENT 1
FREQUENTLY ASKED QUESTIONS
The following frequently asked questions are addressed in this Enforcement Advisory: 
§ What are the CPNI rules, and where can I find them?
§ Who is required to file?
§ Is there an exemption for small companies?
§ What must be included in the filing?  
§ When are companies required to file the annual certification?
§ Is this the same as my form 499 filing or my USF filing?
§ What format should I use for my CPNI certification?
§ How do I file the CPNI certification?
§ What if I have questions?
What are the CPNI rules, and where can I find them?
Protection of CPNI is a fundamental obligation under section 222 of the Communications Act of 1934, as amended 
(Act). Consumers are understandably concerned about the security of the sensitive, personal data they provide to their 
service providers.  In recognition of these concerns, the Commission has issued rules requiring carriers and 
interconnected VoIP providers to establish and maintain systems designed to ensure that they adequately protect their 
subscribers’ CPNI.  Those rules also require that all companies subject to the CPNI rules file an annual certification 
documenting their compliance with the rules, and documenting any complaints or problems.  Companies must file 
these certifications with the Commission on or before March 1 each year.  
The CPNI rules are found at 47 C.F.R. § 64.2001 et seq.  A copy of the current version of the certification portion of the 
rules is attached to this Enforcement Advisory.  The attached version of the rules is current as of this date.  In the 
future, to ensure that you are aware of any changes to the rules, you are advised always to check the current version 
of the Code of Federal Regulations, which can be found at the Government Printing Office website, here:  
http://www.gpoaccess.gov/CFR/.
Who is required to file?
Telecommunications carriers and interconnected VoIP providers must file a CPNI certification each year.  
§ A “telecommunications carrier” is “any provider of telecommunications services,” except an aggregator.1  
47 U.S.C § 153(44).  Telecommunications service is defined in the Communications Act as “the offering of 
telecommunications for a fee directly to the public, or to such classes of users as to be effectively available 
directly to the public, regardless of the facilities used.”  47 U.S.C. § 153(46).  
§ Some examples of “telecommunications carriers” that must file an annual certification are:  local exchange 
carriers (LECs) (including incumbent LECs, rural LECs and competitive LECs), interexchange carriers, 
paging providers, commercial mobile radio services providers, resellers, prepaid telecommunications 
providers, and calling card providers.  This list is not exhaustive.  
§ “Interconnected VoIP providers” are companies that provide a service that: “(1) enables real-time, two-way 
voice communications; (2) requires a broadband connection from the user’s location; (3) requires Internet 
protocol-compatible customer premises equipment (CPE); and (4) permits users generally to receive calls 
 
1 Section 226 defines an aggregator as “any person that, in the ordinary course of its operations, makes telephones available to the 
public or transient users of its premises, for interstate telephone calls using a provider of operator services.”  47 U.S.C § 226(a)(2). 
that originate on the public switched telephone network and terminate calls to the public switched 
network.”  47 C.F.R. § 9.3.
Is there an exemption for small companies?
No, there is no exemption for small companies.  Section 64.2009(e) – the annual certification filing requirement –
applies regardless of the size of the company.  
What must be included in the filing?  
The certification must include all of the elements listed below:
§ an officer of the company must sign the compliance certificate; 
§ the officer must state in the certification that he or she has personal knowledge that the company has 
established operating procedures that are adequate to ensure compliance with the CPNI rules;
§ the company must provide a written statement accompanying the certification explaining how its operating 
procedures ensure that it is or is not in compliance with the CPNI rules;
§ the company must include an explanation of any actions taken against data brokers; and
§ the company must include a summary of all consumer complaints received in the prior year concerning 
unauthorized release of CPNI.    
In reviewing prior years’ filings, we have found a number of recurring deficiencies.  In particular, many companies: 
(1) fail to have the officer signing the certification affirmatively state that he or she has personal knowledge that the 
company has established operating procedures that are adequate to ensure compliance;
(2) fail to provide a statement accompanying the certification explaining how their operating procedures ensure 
that they are or are not in compliance with the rules.  Simply stating that the company has adopted operating 
procedures without explaining how compliance is being achieved does not satisfy this requirement;
(3) fail to state clearly whether any actions were taken against data brokers in the prior year (if there were no such 
actions, the company should include an affirmative statement of that fact, in order to make clear that it has 
provided the required information); and 
(4) fail to state clearly whether any customer complaints were received in the prior year concerning the 
unauthorized release of CPNI (if there were no such complaints, the company should include an affirmative 
statement of that fact, in order to make clear that it has provided the required information).  
In order to help companies ensure that their certifications contain all of the required information, we are providing a 
suggested template, attached to this Enforcement Advisory.  
When must my company file the annual certification?  
The 2011 annual certification filing (for calendar year 2010) is due no sooner than January 1, 2011, but no later 
than, March 1, 2011.  You may not file before January 1, 2011, because your certification must contain data pertaining 
to the entire previous calendar year.  Certifications filed before January 1, 2011 do not comply with the rules.  If you 
filed too soon, you must re-file by March 1 with a new certification that covers the entire calendar year 2010.  If you 
filed after January 1, 2011, we recommend that you review your certification to ensure that it complies with all the 
necessary information (including the required attachments and explanations) and refile if needed.
Is this the same as my form 499 filing or my USF filing?
No, the annual CPNI certification filing is different from form 499 filings or USF filings.
What format should I use for my CPNI certification?
A suggested template is attached to this Enforcement Advisory.  See Attachment 2.  This template was designed to 
ensure that companies will be in compliance with the annual certification filing requirement of 47 C.F.R. § 64.2009(e) if 
they complete it fully and accurately.  Use of this template is not mandatory, and companies may use any format that 
fulfills the requirements of the rule.  If you elect to use the suggested template, we encourage you to review the 
template carefully and to ensure that all fields are fully completed before submission.  
How do I file the CPNI certification?
Certifications may be filed:  (1) using the Commission’s Electronic Comment Filing System (ECFS); (2) by filing paper 
copies, or (3) by filing through the Commission’s web based application. Paper filings and filings submitted through  
ECFS must reference EB Docket No. 06-36 and must be addressed to the Commission’s Secretary, Marlene H. 
Dortch, Office of the Secretary, Federal Communications Commission, 445 12th Street, SW, Suite TW-A325, 
Washington, DC 20554, and one (1) copy must be sent to Best Copy and Printing, Inc., 445 12th Street, Suite CY-
B402, Washington, DC 20554, telephone 202-488-5300, facsimile 202-488-5563, or via e-mail FCC@BCPIWEB.COM. 
Under no circumstances should copies of certifications be sent to the Enforcement Bureau, or to any individuals within 
the Enforcement Bureau.  
§ ECFS Electronic Filers:  Certifications may be filed electronically using the Internet by accessing 
the ECFS:  http://www.fcc.gov/cgb/ecfs/.  Filers should follow the instructions provided on the 
website for submitting their certifications.  
§ In completing the transmittal screen, filers should include their full name, U.S. Postal Service 
mailing address, and the applicable docket or rulemaking number.  
§ Web Based Electronic Filers: Certifications may be filed through the web application located at 
http://apps.fcc.gov/eb/CPNI.  Filers should follow the instructions provided on the website for 
submitting their certifications.  
§ Paper Filers:  Parties who choose to file by paper must file an original and four copies of each 
filing.  Filings can be sent by hand or messenger delivery, by commercial overnight courier, or by 
first-class or overnight U.S. Postal Service mail (although we continue to experience delays in 
receiving U.S. Postal Service mail).  All filings must be addressed to the Commission’s Secretary, 
Office of the Secretary, Federal Communications Commission.
§ The Commission’s contractor will receive hand-delivered or messenger-delivered paper filings for 
the Commission’s Secretary at FCC headquarters, 445 12th Street, SW, Room TW-A325, 
Washington, DC  20554.  The filing hours at this location are 8:00 a.m. to 7:00 p.m.  All hand 
deliveries must be held together with rubber bands or fasteners.  Any envelopes must be disposed 
of before entering the building.
§ Commercial overnight mail (other than U.S. Postal Service Express Mail and Priority Mail) must be 
sent to 9300 East Hampton Drive, Capitol Heights, MD  20743.
§ U.S. Postal Service first-class, Express, and Priority mail should be addressed to 445 12th Street, 
SW, Washington DC  20554.
People with Disabilities:  To request materials in accessible formats for people with disabilities (braille, large print, 
electronic files, audio format), send an e-mail to fcc504@fcc.gov or call the Consumer & Governmental Affairs Bureau 
at 202-418-0530 (voice), 202-418-0432 (tty).
What if I have questions?
For further information regarding the annual certification filing, contact any of the following individuals in the 
Telecommunications Consumers Division, Enforcement Bureau: Edward Hayes (202) 418-7994, Donna Cyrus (202) 
418-7325, Mika Savir (202) 418-0384, or Kimberly Wild (202) 418-1324.  
ATTACHMENT 2
Annual 47 C.F.R. § 64.2009(e) CPNI Certification Template
EB Docket 06-36
Annual 64.2009(e) CPNI Certification for [Insert year] covering the prior calendar year [Insert year]
1. Date filed: [Insert date]
2. Name of company(s) covered by this certification: [Insert company name]
3. Form 499 Filer ID:  [Provide relevant ID number(s)]
4. Name of signatory: [Insert name]
5. Title of signatory: [Insert title of corporate officer]
6. Certification:
I, [Insert name of officer signing certification], certify that I am an officer of the company named 
above, and acting as an agent of the company, that I have personal knowledge that the company has 
established operating procedures that are adequate to ensure compliance with the Commission’s CPNI rules.  
See 47 C.F.R. § 64.2001 et seq.
Attached to this certification is an accompanying statement explaining how the company’s procedures 
ensure that the company is in compliance with the requirements (including those mandating the adoption of 
CPNI procedures, training, recordkeeping, and supervisory review) set forth in section 64.2001 et seq. of the 
Commission’s rules. 
The company [has/has not] taken actions (i.e., proceedings instituted or petitions filed by a company 
at either state commissions, the court system, or at the Commission against data brokers) against data 
brokers in the past year.  [NOTE:  If you reply in the affirmative, provide an explanation of any actions taken 
against data brokers.]
The company [has/has not] received customer complaints in the past year concerning the 
unauthorized release of CPNI  [NOTE: If you reply in the affirmative, provide a summary of such complaints.   
This summary must include the number of complaints, broken down by category or complaint, e.g., instances 
of improper access by employees, instances of improper disclosure to individuals not authorized to receive 
the information, or instances of improper access to online information by individuals not authorized to view the 
information.]
The company represents and warrants that the above certification is consistent with 47. C.F.R. § 1.17 
which requires truthful and accurate statements to the Commission.  The company also acknowledges that 
false statements and misrepresentations to the Commission are punishable under Title 18 of the U.S. Code 
and may subject it to enforcement action.
Signed _____________________________ [Signature of an officer, as agent of the carrier]
Attachments: Accompanying Statement explaining CPNI procedures
Explanation of actions taken against data brokers (if applicable)
Summary of customer complaints (if applicable)
ATTACHMENT 3
47 C.F.R. § 64.2009   Safeguards required for use of customer proprietary network 
information.
(a) Telecommunications carriers must implement a system by which the status of a customer's CPNI 
approval can be clearly established prior to the use of CPNI.
(b) Telecommunications carriers must train their personnel as to when they are and are not authorized to 
use CPNI, and carriers must have an express disciplinary process in place.
(c) All carriers shall maintain a record, electronically or in some other manner, of their own and their 
affiliates' sales and marketing campaigns that use their customers' CPNI. All carriers shall maintain a 
record of all instances where CPNI was disclosed or provided to third parties, or where third parties were 
allowed access to CPNI. The record must include a description of each campaign, the specific CPNI that 
was used in the campaign, and what products and services were offered as a part of the campaign. 
Carriers shall retain the record for a minimum of one year.
(d) Telecommunications carriers must establish a supervisory review process regarding carrier 
compliance with the rules in this subpart for outbound marketing situations and maintain records of carrier 
compliance for a minimum period of one year. Specifically, sales personnel must obtain supervisory 
approval of any proposed outbound marketing request for customer approval.
(e) A telecommunications carrier must have an officer, as an agent of the carrier, sign and file with the 
Commission a compliance certificate on an annual basis. The officer must state in the certification that he 
or she has personal knowledge that the company has established operating procedures that are 
adequate to ensure compliance with the rules in this subpart. The carrier must provide a statement 
accompanying the certificate explaining how its operating procedures ensure that it is or is not in 
compliance with the rules in this subpart. In addition, the carrier must include an explanation of any 
actions taken against data brokers and a summary of all customer complaints received in the past year 
concerning the unauthorized release of CPNI. This filing must be made annually with the Enforcement 
Bureau on or before March 1 in EB Docket No. 06-36, for data pertaining to the previous calendar year.
(f) Carriers must provide written notice within five business days to the Commission of any instance 
where the opt-out mechanisms do not work properly, to such a degree that consumers' inability to opt-out 
is more than an anomaly.
(1) The notice shall be in the form of a letter, and shall include the carrier's name, a description of 
the opt-out mechanism(s) used, the problem(s) experienced, the remedy proposed and when it will 
be/was implemented, whether the relevant state commission(s) has been notified and whether it has 
taken any action, a copy of the notice provided to customers, and contact information.    
(2) Such notice must be submitted even if the carrier offers other methods by which consumers 
may opt-out.