On February 14, 2025, the FCC’s Enforcement Bureau issued an Enforcement Advisory regarding the Customer Proprietary Network Information (CPNI) compliance requirements for telecommunications carriers (including local exchange carriers (LECs), interexchange carriers, and commercial mobile radio services (CMRS) providers, resellers, prepaid telecommunications providers, and calling card providers) and interconnected VoIP providers. The advisory emphasizes the importance of protecting consumers’ sensitive information and outlines the obligations under the CPNI rules, including obtaining customer consent for data use, preventing unauthorized access, and reporting security breaches.
Companies must file an annual CPNI compliance certification by March 3, 2025, with details on their data protection practices, any actions taken against data brokers, and consumer complaints. There were no other substantive changes from last year’s advisory.
Failure to comply may result in enforcement actions, “including monetary forfeitures of up to $251,322 for each violation or each day of a continuing violation, up to a maximum of $2,513,215.” There are no exemptions for small companies. The advisory provides a certification template and filing instructions to ensure compliance.
Please Contact Us if you have any questions.