CPNI Rules: Crucial Considerations for Communications Providers
Have you ever considered the vast amount of information that passes through communications providers every day? Private, sensitive information flows through networks and phone lines in a constant stream. What measures are there to limit access to this information, and to records of calls and other analytics?
Telecommunications companies have access to considerable amounts of customer call information. This data can include sensitive personal information such as phone numbers called, as well as details about these calls such as date, time and frequency, in addition to other information.
To ensure privacy, the Federal Communications Commission promulgated regulations to restrict the use of customer proprietary network information or CPNI. But what is CPNI and how can it strengthen customer privacy?
For covered communications providers, compliance with CPNI provisions is crucially important. There are severe consequences for noncompliance, which can include enforcement action by the FCC and heavy fines.
Beyond avoiding the potential negative consequences of regulatory enforcement actions against communications providers, compliance is a benefit to customers. By protecting customer proprietary network information, companies can provide privacy assurances and ensure that information is not being illicitly used.
What Is CPNI?
Understanding regulations is often easier if their scope and goals are clear. The FCC enacted CPNI rules to limit unauthorized use of telecommunications data and records relating to call usage and business relationships between a provider and customer.
In practice, the regulations limit the information that communications companies can provide to marketing firms and creates parameters for when and how customer service representatives can share call details. The rules also restrict how communications providers can use their customers' data to sell them on additional services or to attempt to win back customers who might have switched providers.
Compliance generally involves creating and maintaining policies that ensure customer call information is protected. Telecommunications carriers and VoIP service providers are required to file an annual CPNI certification.
Who Is a Covered Provider Under CPNI Rules?
Generally, covered organizations include communications providers and carriers, including VoIP and mobile service providers. If your company offers telecommunications services to the public for a fee, you are covered and expected to comply. There is no exception for small businesses. Examples of businesses that must maintain compliance include calling card providers, prepaid call providers, local exchange carriers (LECs), interexchange carriers, and resellers.
On the VoIP front, companies that provide services that enable real-time, two-way voice communications over a broadband network from the user's location using Internet Protocol-compatible equipment are covered as well.
For some years, it seemed that the FCC was not prioritizing enforcement of these regulations, but over the past decade, these rules have become crucial guidelines for carriers and other covered entities. In 2016, a Broadband Privacy Order from the Obama administration halted CPNI compliance. In 2017, these rules were placed back into effect when the Broadband Privacy Order was overridden.
The annual compliance reports are due in March of the following year. Failure to abide by these regulations can be very costly. According to an FCC public notice, noncompliance can result in enforcement actions of nearly $200,000 a day. If not brought into compliance, fines can multiply and reach almost $2 million.
What Are the Rules of Compliance?
The privacy protection components of CPNI require carriers and interconnected VoIP providers to create and maintain processes and systems that are designed to protect customer information. The primary directives of the CPNI regulations further require covered businesses to first obtain customer approval before using, disclosing, or permitting access to CPNI for marketing purposes.
Also, carriers and VoIP providers are required to notify their customers of their right to control access to their call information. Beyond affirmative requirements regarding access and notification, covered entities must take steps to protect against unauthorized access of CPNI. There are also notification requirements in the event of a breach or leak of this information.
Working with a Trusted (and Compliant) Partner
If you are a covered organization, it is important for you to ensure that your unified communications solutions are compliant. 8x8 is a covered interconnected VoIP provider, and it is fully compliant.
At 8x8, our compliance helps secure yours. Our practices meet industry CPNI standards and comply with all regulations. With 8x8's Virtual Office and Virtual Contact Center solutions, you can rest assured that one layer of compliance is handled. As your business grows, your unified communications system needs to change. Make sure that compliance doesn't suffer at the hands of growth.
When it comes to security, 8x8 provides reliable and compliant cloud solutions at a demanding level rarely seen by other cloud providers. Don't take your chances with a subpar cloud-based telecom system. Call 1-866-879-8647 or fill out form below to speak with an 8x8 Product Specialist.