LAW OFFICES OF THOMAS K. CROWE, P.C.
LEGAL ALERT
Clients and Interested Parties:
On March 26, 2007, the FCC’s Enforcement
Bureau (“Bureau”) released Notices of
Apparent Liability and Forfeiture (“NALs”)
against Amp’d Mobile (“Amp’d”), CTC
Communications Corporation (“CTC”) and
Easterbrooke Cellular Corporation (“Easterbrooke”)
for apparent violations of the FCC’s
customer proprietary network information
(“CPNI”) rules. Although the specific
deficiencies varied, in each case the
Bureau proposed to assess a forfeiture of
$100,000, based in particular on “the
serious consequences that may flow from
inadequate concern for and protection of
CPNI.” The scope of the investigations
that led to these penalties suggests that
the Bureau is taking a far more aggressive
approach to policing the CPNI rules. All
carriers, including long distance
resellers, wireless providers, MVNOs and
prepaid calling card providers, should
review and assess their potential CPNI
liability.
Background
CPNI is the personally identifiable
information that is created by a
customer’s relationship with a
communications provider. It includes the
information on a customer’s bill and
call-identifying information. Section
64.2009(e) of the FCC’s rules requires all
telecommunications carriers to have an
officer sign a compliance certificate each
year affirming the officer’s personal
knowledge that the company maintains
operating procedures that ensure
compliance with the CPNI rules. There
must also be an accompanying statement
that describes how the operating
procedures ensure compliance. Carriers
must keep CPNI certifications on file and
available to the public during regular
business hours. Although the CPNI rules
do not require annual filing at the FCC,
last February the Bureau (as part of an
enforcement investigation) required
carriers to submit the certifications on
only one week’s notice. (See our
Legal Alert dated January 31, 2006.)
In the March 26 NALs, the Bureau
underscored the seriousness with which it
takes the protection of CPNI from such
threats as “data brokers,” which offer to
obtain telecommunications customer
information for a fee. This followed NALs
issued by the FCC’s Enforcement Bureau in
January 2006 which proposed to assess
$100,000 penalties against AT&T, Inc. and
Alltel Corporation for apparent violations
of Section 64.2009(e). (AT&T and Alltel
subsequently settled these proceedings by
entering into consent decrees with the FCC
that included voluntary contributions to
the U.S. Treasury.) In setting the
proposed forfeiture amounts in the three
current cases, the Bureau stated that it
is “guided by the principle that there may
be no more important obligation on a
carrier’s part than protection of its
subscribers’ proprietary information.”
Violations
In each case, the Bureau sent a Letter of
Inquiry (“LOI”) to the company requesting
the compliance certificates for each of
the last five years that the company was
required to retain under Section
64.2009(e). According to one NAL, Amp’d
failed to provide the required statement
accompanying the certificate explaining
how its operating procedures ensure that
it is in compliance with the CPNI rules.
The company’s response stated that its
operating procedures ensure that Amp’d is
in compliance with the rules, but it did
not state how those procedures ensure
compliance. CTC’s apparent violation
involved not only CTC itself but three
affiliates that it acquired in 2005. None
of the documents that CTC submitted in
response to the LOI contained a statement
that a company officer had personal
knowledge that CTC and the affiliates
maintained operating procedures sufficient
to ensure compliance with the CPNI rules,
as required by Section 64.2009(e).
Finally, Easterbrooke was found to have
violated the CPNI rules when it responded
to the NAL by noting that it had no
written compliance certificates for the
previous five years, but that it did have
policies and procedures during that time
for CPNI compliance. The Bureau found
this to be a violation on its face of
Section 64.2009(e), which requires actual
certificates. All three companies will
have opportunities to present evidence and
arguments that the proposed forfeitures
should be reduced or not imposed at all.
Compliance
These three NALs indicate that the Bureau
is taking a harder line against CPNI
violations. The Bureau has sent LOIs to
several carriers, potentially at random.
Therefore, carriers which have not done so
should review their CPNI compliance
status, especially with respect to the
certification requirements in Section
64.2009(e). If an LOI is received,
contact communications counsel
immediately.
In addition, unlike the investigations of
AT&T and Alltel in January 2006, the Amp’d,
CTC and Easterbrooke LOIs requested each
carrier’s compliance certificates and
supporting statements for the previous
five years. Although carriers should be
aware of past compliance over at least the
past five years because the Bureau can use
evidence of past noncompliance to increase
the forfeiture amount, the FCC is only
permitted to impose forfeitures for
violations occurring within the past
year. Therefore, carriers should be
primarily concerned with current
compliance and compliance over the past
year.
Please contact us if you have any
questions.
Thomas K. Crowe, Principal "firm@tkcrowe.com"
Joshua T. Guyan, Associate
Law Offices of Thomas K. Crowe, P.C.
1250 24th Street, N.W.
Suite 300
Washington, D.C. 20037
(202)
263-3640 (voice)
(202) 263-3641 (fax)
www.tkcrowe.com
This Legal Alert is provided for informational purposes only,
and is intended neither to provide nor to
substitute for legal advice. This Legal
Alert may be forwarded or redistributed on
the condition that complete attribution of
authorship is included (covering author
name(s), firm name and address and all
included contact information).
