CPNI Compliance Certification Filings
The FCC issued a reminder to telecommunications carriers and interconnected VoIP providers of the obligation to file an annual certification confirming compliance with the FCC’s Customer Proprietary Network Information (“CPNI”) rules by March 1, 2024. The CPNI rules require providers to protect CPNI from unauthorized access, use, or disclosure. Certification filings can be made in the Commission’s Electronic Comment Filing System (“ECFS”) or the FCC’s web-based application. Providers are reminded that failure to file could result in monetary forfeitures of up to $244,958 for each violation.
Updated FCC Data Breach Notification Rules
The FCC adopted updated data breach notification rules last year to ensure that telecommunications carriers, interconnected VoIP providers, and telecommunications relay services (“TRS”) providers adequately safeguard sensitive customer information (Vol. XX, Issue 51). The bulk of the updated rules will take effect on March 13. The FCC updated the rules on account of an increase in the frequency and severity of data breaches, notably, by expanding the types of personal identification information subject to the rules and expanding the definition of “breach”. Carriers and TRS providers must notify the Commission of breaches through the existing central reporting facility but are no longer required to notify customers if customers are not reasonably likely to be harmed or the breach only involves encrypted data and the encryption key was not also accessed, used, or disclosed.
Comments Sought on Multilingual Wireless Emergency Alerts
The FCC is seeking comment on mechanisms to implement multilingual Wireless Emergency Alerts (“WEA”), as required by the Commission’s rules. Multilingual WEAs are meant to provide life-saving information to the millions of people living in the United States who do not primarily speak English or Spanish or have a disability and require accessible WEA formats. The Commission proposes a set of pre-translated messages in English, the 13 most spoken languages in the United States, and American Sign Language (“ASL”), pre-installed and stored on devices offered by participating Commercial Mobile Service (“CMS”) providers, among other things. Comments and reply comments will be due 30 and 60 days after publication of the Public Notice in the Federal Register, respectively.
Robocall and Robotext Rules Update
The FCC adopted rules to clarify and strengthen consumers rights under the Telephone Consumer Protection Act (“TCPA”) to grant and revoke consent to receive robocalls and robotexts. The Commission reiterates that revocation of consent can be made in any reasonable manner, requires callers to honor do-not-call and consent revocation requests within a reasonable time not to exceed 10 business days, and limits text senders to a one-time text message confirming receipt of a consumer request that no further text messages be sent. The Commission also confirmed that revocation of consent only applies to those robocalls and robotexts for which consent is required under the TCPA.
Thomas B. Magee, Tracy P. Marshall, Sean A. Stokes, and Wesley K. Wright contributed to this article.