As we previously advised, the Federal Communications Commission (FCC) reinstated its customer proprietary network information (“CPNI”) rules governing the privacy obligations of telecommunications and VoIP service providers under Section 222. As a result, the annual certification for calendar year 2017 must be filed with the FCC by March 1, 2018. The FCC recently issued a Public Notice reminding service providers of this obligation and admonishing them that it has taken aggressive enforcement actions in this area against many service providers for failure to comply with the CPNI rules. The Notice makes clear that the Commission has authority to impose penalties of just under $200,000 for each day of a violation, up to a maximum of nearly $2 million, for failure to comply with the CPNI rules. Accordingly, every telecommunications and interconnected VoIP service provider (including wireless, cable telephony, and even paging and calling card providers) must once again execute and file an annual certification of its compliance with the FCC’s CPNI rules.
Clients that have filed annual CPNI certifications in the past may recall that no certification was required in 2017 because the FCC had eliminated the annual certification requirement when it adopted new CPNI rules as part of its 2016 broadband privacy rulemaking. However, following the 2016 presidential and congressional elections, in 2017 Congress repealed the new FCC privacy framework in its entirety, invoking its authority under the Congressional Review Act. See our July 5, 2017 advisory. This legislative action had the practical impact of reinstating the prior CPNI rules, including the annual officer certification requirement. The FCC followed suit by formally reinstating these rules in September 2017. As a result, all of the “old” CPNI rules, including the annual certification filing requirement, are back in effect.
Read the full analysis here.