Customer proprietary network information (CPNI) is the
data
In the pursuit of knowledge, data (; ) is a collection of discrete values that convey information, describing quantity, quality, fact, statistics, other basic units of meaning, or simply sequences of symbols that may be further interpret ...
collected by
telecommunications companies
A telephone company, also known as a telco, telephone service provider, or telecommunications operator, is a kind of communications service provider (CSP), more precisely a telecommunications service provider (TSP), that provides telecommunicat ...
about a consumer's telephone calls. It includes the time, date, duration and destination number of each call, the type of network a consumer subscribes to, and any other information that appears on the consumer's
telephone bill.
Telemarketer
Telemarketing (sometimes known as inside sales, or telesales in the UK and Ireland) is a method of direct marketing in which a salesperson solicits prospective customers to buy products or services, either over the phone or through a subsequen ...
s or customer service agents working on behalf of telephone companies must go through an additional customer authentication layer (typically a PIN, or last four of the stored payment method) and ask for the customer's consent prior to accessing the billing information or before using or sharing that information for any purpose, including but not limited to, offering an up-sell or any change of services. Usually, this is done at the beginning of a call from the telemarketer to the telephone subscriber.
Description
The U.S.
Telecommunications Act of 1996
The Telecommunications Act of 1996 is a United States federal law enacted by the 104th United States Congress on January 3, 1996, and signed into law on February 8, 1996, by President Bill Clinton. It primarily amended Chapter 5 of Title 47 of ...
granted the
Federal Communications Commission
The Federal Communications Commission (FCC) is an independent agency of the United States federal government that regulates communications by radio, television, wire, satellite, and cable across the United States. The FCC maintains jurisdicti ...
(FCC) authority to regulate how customer proprietary network information (CPNI) can be used and to enforce related consumer information privacy provisions. The rules in the 200
FCC CPNI Orderfurther restrict CPNI use and created new notification and reporting requirements.
The rules in the 2007 CPNI Order include:
* Limits the information which carriers may provide to third-party marketing firms without first securing the affirmative consent of their customers
* Defines when and how customer service representatives may share call details
* Creates new notification and reporting obligations for carriers (including
identity verification procedures)
* Verification process must MATCH what is shown with the company placing the call.
Note that as long as an affiliate is "communications" related, the FCC has ruled that CPNI is under an opt-out approach (can be shared without your explicit permission). A phone company is permitted to sell all information on you, such as numbers you call, when you called them, where you were when you called them, or any other personally identifying information. CPNI would normally require a warrant for law enforcement agencies, but it can be freely sold to "communications" related companies. One can verify this by checking rule 64.2007(b)(1) and footnote 137 in the 2007 CPNI order. One can call up a phone company and opt out by requesting that they do not share CPNI information. In the case of
Verizon Wireless
Verizon is an American wireless network operator that previously operated as a separate division of Verizon Communications under the name Verizon Wireless. In a 2019 reorganization, Verizon moved the wireless products and services into the div ...
, for example, the company states that on the one hand, "Your privacy is an important priority at Verizon Wireless", and on the other hand, states that Verizon shares CPNI "among our affiliates and parent companies (including
Vodafone
Vodafone Group plc () is a British multinational telecommunications company. Its registered office and global headquarters are in Newbury, Berkshire, England. It predominantly operates services in Asia, Africa, Europe, and Oceania.
, Vod ...
) and their
subsidiaries
A subsidiary, subsidiary company or daughter company is a company owned or controlled by another company, which is called the parent company or holding company. Two or more subsidiaries that either belong to the same parent company or having a sa ...
unless you advise us not to". and states that it shares "
URLs (such as search terms) of websites you visit when you use our wireless service, the location of your device ("location information"), and your use of
pplication software [applicationsand features" as well as other "information about your use of Verizon products and services (such as data and calling features, device type, and amount of use), as well as demographic and interest categories (such as gender, age range, sports fan, frequent diner, or pet owner)" with other non-affiliated companies, and does allow customers to request that such sharing not be done via an online form, and it is unclear whether Verizon considers some or all such "online" requests to be about CPNI or as legally binding as "call-based" requests about CPNI.
The 2007 CPNI Order does not revise all CPNI rules. For example, the rule revisions adopted in the Order do not limit a carrier's ability to use CPNI to perform billing and collections functions, restrict CPNI use to effect maintenance and repair activity, or impact responses to lawful subpoenas.
Fines for failure to comply with CPNI rules can be substantial. Since 2006, the FCC, focusing on one rule regarding internal annual compliance certificates, proposed over $1 million in fines and those fines are not necessarily indicative of the fines the FCC could propose. The FCC is authorized to impose fines of up to $150,000 for each rule violation or each day of a continuing violation up to a maximum of $1.5 million for each continuing violation.
[{{Cite web, url=https://www.fcc.gov/document/fcc-enforcement-advisory-voip-cpni, title=FCC Enforcement Advisory VOIP CPNI, date=13 December 2015] The rules adopted in the Order are effective either six months after the Order is published in the ''Federal Register'' or on receipt of Office of Management and Budget approval of the new rules depending on which event is later. (Order at ¶61)
See also
* Call detail record
* Electronic Communications Privacy Act (ECPA)
*
Internet Protocol Detail Record In telecommunications, an IP Detail Record (IPDR) provides information about Internet Protocol (IP)-based service usage and other activities that can be used by operations support systems (OSSes) and business support systems (BSSes). The content ...
*
Mobile identity management
Mobile identity is a development of online authentication and digital signatures, where the Subscriber Identity Module, SIM card of one’s mobile phone works as an identity tool. Mobile identity enables legally binding authentication and transac ...
*
Pen register
A pen register, or dialed number recorder (DNR), is an electronic device that records all numbers called from a particular telephone line. The term has come to include any device or program that performs similar functions to an original pen regi ...
*
Telecommunications data retention Data retention defines the policies of persistent data and records management for meeting legal and business data archival requirements. Although sometimes interchangeable, it is not to be confused with the Data Protection Act 1998.
The differen ...
References
6389881560
External links
CPNI Information*
ttp://hraunfoss.fcc.gov/edocs_public/attachmatch/FCC-07-22A1.pdf FCC CPNI Order - April 2, 2007www.fcc.gov - Protecting Your Telephone Calling Records
Telemarketing
Telephony
Telecommunications economics
Privacy of telecommunications