How can you report incidents of CPNI exposure
|
 Show
An official website of the United States government Official websites use .gov Secure .gov websites use HTTPS
Breadcrumb
The US Secret Service (USSS) and the Federal Bureau of Investigation (FBI) co-sponsor and manage the Customer Proprietary Network Information (CPNI) reporting website, which is a tool for telecommunications carriers to report a breach of its customer proprietary network information to law enforcement. The USSS and the FBI conducted this Privacy Impact Assessment (PIA) because the CPNI reporting website contains personally identifiable information (PII).
Collections Privacy Impact Assessments (PIA)Keywords PrivacyPrivacy Impact Assessment (PIA)Topics PrivacyLast Updated: 09/07/2022 Was this page helpful? Yes No This page was not helpful because the content has too little information has too much information is confusing is out-of-date Customer proprietary network information (CPNI) is the data collected by telecommunications companies about a consumer's telephone calls.[1] It includes the time, date, duration and destination number of each call, the type of network a consumer subscribes to, and any other information that appears on the consumer's telephone bill. Telemarketers or customer service agents working on behalf of telephone companies must go through an additional customer authentication layer (typically a PIN, or last four of the stored payment method) and ask for the customer's consent prior to accessing the billing information or before using or sharing that information for any purpose, including but not limited to, offering an up-sell or any change of services. Usually, this is done at the beginning of a call from the telemarketer to the telephone subscriber. Description[edit]The U.S. Telecommunications Act of 1996 granted the Federal Communications Commission (FCC) authority to regulate how customer proprietary network information (CPNI) can be used and to enforce related consumer information privacy provisions.[2] The rules in the 2007 FCC CPNI Order further restrict CPNI use and created new notification and reporting requirements. The rules in the 2007 CPNI Order include:
Note that as long as an affiliate is "communications" related, the FCC has ruled that CPNI is under an opt-out approach (can be shared without your explicit permission). A phone company is permitted to sell all information on you, such as numbers you call, when you called them, where you were when you called them, or any other personally identifying information. CPNI would normally require a warrant for law enforcement agencies, but it can be freely sold to "communications" related companies.[3] One can verify this by checking rule 64.2007(b)(1) and footnote 137 in the 2007 CPNI order. One can call up a phone company and opt out by requesting that they do not share CPNI information. In the case of Verizon Wireless, for example, the company states that on the one hand, "Your privacy is an important priority at Verizon Wireless", and on the other hand, states that Verizon shares CPNI "among our affiliates and parent companies (including Vodafone) and their subsidiaries unless you advise us not to". and states that it shares "URLs (such as search terms) of websites you visit when you use our wireless service, the location of your device ("location information"), and your use of [Application software [applications] and features" as well as other "information about your use of Verizon products and services (such as data and calling features, device type, and amount of use), as well as demographic and interest categories (such as gender, age range, sports fan, frequent diner, or pet owner)" with other non-affiliated companies, and does allow customers to request that such sharing not be done via an online form, and it is unclear whether Verizon considers some or all such "online" requests to be about CPNI or as legally binding as "call-based" requests about CPNI.[4] The 2007 CPNI Order does not revise all CPNI rules. For example, the rule revisions adopted in the Order do not limit a carrier's ability to use CPNI to perform billing and collections functions, restrict CPNI use to effect maintenance and repair activity, or impact responses to lawful subpoenas. Fines for failure to comply with CPNI rules can be substantial. Since 2006, the FCC, focusing on one rule regarding internal annual compliance certificates, proposed over $1 million in fines and those fines are not necessarily indicative of the fines the FCC could propose. The FCC is authorized to impose fines of up to $150,000 for each rule violation or each day of a continuing violation up to a maximum of $1.5 million for each continuing violation.[5] The rules adopted in the Order are effective either six months after the Order is published in the Federal Register or on receipt of Office of Management and Budget approval of the new rules depending on which event is later. (Order at ¶61) See also[edit]
References[edit]
6389881560 External links[edit]
What is needed to authenticate a CPNI online?Customer Authentication
by having the Customer provide a pre-established password and/or PIN; by calling the Customer back at the telephone number associated with the services purchased; by emailing the Customer the requested information to the Customer's email address of record; or.
Is CPNI customers search history?Internet use, websites visited, search history or apps used are not protected CPNI because the company is acting as an information services provider not subject to these laws. The location of a cellphone is sometimes protected by CPNI and sometimes not.
How does Verizon protects CPNI?The protection of your information is important to us, and you have a right, and we have a duty, under federal law, to protect the confidentiality of your CPNI. We may use and share your CPNI among our affiliates and agents to offer you services that are different from the services you currently purchase from us.
What regulation governs CPNI?The U.S. Telecommunications Act of 1996 granted the Federal Communications Commission (FCC) authority to regulate how customer proprietary network information (CPNI) can be used and to enforce related consumer information privacy provisions.
|
