CPNI Rules Reinstated for Voice and VoIP Providers

The Federal Communications Commission (“FCC” or “Commission”) recently provided guidance that the Customer Proprietary Network Information (“CPNI”) rules that implemented Section 222 of the Communications Act for voice and Voice over Internet Protocol (“VoIP”) providers, which were in effect prior to the 2016 Broadband Privacy Order, have become effective again following the resolution of disapproval of the Broadband Privacy Order. The fully reinstated CPNI rules require these providers to resume filing the annual CPNI compliance certification on March 1 each year, beginning in 2018.

In general, the CPNI rules require providers to: 1) have safeguards to protect the use of, disclosure of, and access to CPNI, which includes, among other things, training personnel on when they are and are not authorized to use CPNI, and having a system for obtaining customer approval to use their CPNI; 2) comply with notice and approval provisions for use, disclosure, and access to CPNI, which includes written notification to customers and obtaining customer approval for the use of their CPNI; and 3) notify law enforcement of breaches of customers’ CPNI.

As a reminder, broadband Internet access service (“BIAS”) providers remain subject to the customer privacy provisions in Section 222 pursuant to the 2015 Open Internet Order and the FCC’s enforcement advisory, in which the FCC encourages BIAS providers to employ effective privacy protections in line with their privacy policies and the core tenets of basic privacy protections.

Please contact Sarah Aceves (saceves@hermanwhiteaker.com) or Robin Tuttle (rtuttle@hermanwhiteaker.com) if you would like a more detailed refresher of the CPNI rules.