[Congressional Bills 109th Congress]
[From the U.S. Government Publishing Office]
[S. 2264 Introduced in Senate (IS)]


109th CONGRESS
  2nd Session
                                S. 2264

To provide enhanced consumer protection from unauthorized sales and use 
 of confidential telephone information by amending the Communications 
     Act of 1934, prohibiting certain practices, and providing for 
 enforcement by the Federal Trade Commission and States, and for other 
                               purposes.


_______________________________________________________________________


                   IN THE SENATE OF THE UNITED STATES

                            February 9, 2006

   Mr. Pryor (for himself and Mr. Nelson of Florida) introduced the 
 following bill; which was read twice and referred to the Committee on 
                 Commerce, Science, and Transportation

_______________________________________________________________________

                                 A BILL


 
To provide enhanced consumer protection from unauthorized sales and use 
 of confidential telephone information by amending the Communications 
     Act of 1934, prohibiting certain practices, and providing for 
 enforcement by the Federal Trade Commission and States, and for other 
                               purposes.

    Be it enacted by the Senate and House of Representatives of the 
United States of America in Congress assembled,

SECTION 1. SHORT TITLE; TABLE OF CONTENTS.

    (a) Short Title.--This Act may be cited as the ``Consumer Phone 
Record Security Act of 2006''.
    (b) Table of Contents.--The table of contents for this Act is as 
follows:

Sec. 1. Short title; table of contents.
Sec. 2. Fraud and related activity in connection with obtaining 
                            customer proprietary network information.
Sec. 3. Enforcement by Federal Trade Commission.
Sec. 4. Concurrent enforcement by Federal Communications Commission.
Sec. 5. Enforcement by States.
Sec. 6. Consumer redress.
Sec. 7. Protection of customer proprietary network information.

SEC. 2. FRAUD AND RELATED ACTIVITY IN CONNECTION WITH OBTAINING 
              CUSTOMER PROPRIETARY NETWORK INFORMATION.

    (a) Unauthorized Access or Use of CPNI.--It is unlawful for any 
person--
            (1) to obtain, or attempt to obtain, an individual's 
        customer proprietary network information without authorization 
        from the individual to whom the information relates by--
                    (A) making false or fraudulent statements or 
                representations to an employee or customer of a 
                telecommunications carrier;
                    (B) providing false documentation to a 
                telecommunications carrier; or
                    (C) accessing customer accounts of a 
                telecommunications carrier via the Internet; or
            (2) to cause, or attempt to cause, an individual's customer 
        proprietary network information to be disclosed to any other 
        person without authorization from the individual to whom the 
        information relates.
    (b) Unauthorized Sale of Customer Proprietary Network 
Information.--Except as otherwise authorized by law, it is unlawful for 
any person to sell, or offer for sale, customer proprietary network 
information without affirmative written authorization from the 
individual to whom the information relates.
    (c) Solicitation To Obtain Customer Proprietary Network 
Information.--It is unlawful for any person to request that another 
person obtain customer proprietary network information from a 
telecommunications carrier, knowing that the other person will obtain 
the information from the telecommunications carrier in any manner that 
is unlawful under subsection (a).
    (d) Law Enforcement Exception.--Nothing in this section prohibits a 
law enforcement officer from obtaining customer proprietary network 
information from a telecommunications carrier if--
            (1) the officer, employee, or agent is acting within his or 
        her scope of employment;
            (2) the officer, employee, or agent is authorized by law to 
        obtain the information; and
            (3) the information may lawfully be disclosed to the 
        officer pursuant to court order or other legal authority.
    (e) Definitions.--In this section:
            (1) Customer proprietary network information.--The term 
        ``customer proprietary network information'' has the meaning 
        given that term in section 222(i)(1) of the Communications Act 
        of 1934 (47 U.S.C. 222(i)(1))).
            (2) Law enforcement officer.--The term ``law enforcement 
        officer'' has the meaning given that term in section 232(7) of 
        title 18, United States Code.
            (3) Telecommunications carrier.--The term 
        ``telecommunications carrier'' has the meaning given that term 
        in section 222(i)(8) of the Communications Act of 1947 (47 
        U.S.C. 222(i)(8)).

SEC. 3. ENFORCEMENT BY FEDERAL TRADE COMMISSION.

    (a) In General.--Except as provided in sections 4, 5, and 6 of this 
Act, this Act shall be enforced by the Federal Trade Commission.
    (b) Violation Treated as an Unfair or Deceptive Act or Practice.--
Violation of section 2 shall be treated as an unfair or deceptive act 
or practice proscribed under a rule issued under section 18(a)(1)(B) of 
the Federal Trade Commission Act (15 U.S.C. 57a(a)(1)(B)).
    (c) Actions by the Commission.--The Commission shall prevent any 
person from violating this Act in the same manner, by the same means, 
and with the same jurisdiction, powers, and duties as though all 
applicable terms and provisions of the Federal Trade Commission Act (15 
U.S.C. 41 et seq.) were incorporated into and made a part of this Act. 
Any person that violates section 2 is subject to the penalties and 
entitled to the privileges and immunities provided in the Federal Trade 
Commission Act in the same manner, by the same means, and with the same 
jurisdiction, powers, and duties as though all applicable terms and 
provisions of the Federal Trade Commission Act were incorporated into 
and made a part of this Act.
    (d) Additional Penalty.--In addition to any other penalty 
prescribed by law--
            (1) a civil penalty of not more than $11,000 shall be 
        imposed for each violation of section 2 of this Act; and
            (2) a violation of section 2 of this Act with respect to 
        the customer network proprietary information of an individual 
        shall be treated as a separate violation from a violation of 
        section 2 of this Act with respect to the customer network 
        proprietary information of any other individual.

SEC. 4. CONCURRENT ENFORCEMENT BY FEDERAL COMMUNICATIONS COMMISSION.

    The Federal Communications Commission shall enforce section 2. For 
purposes of enforcement of that section by the Commission, a violation 
of that section is deemed to be a violation of a provision of the 
Communications Act of 1934 (47 U.S.C. 151 et seq.) rather than a 
violation of the Federal Trade Commission Act.

SEC. 5. ENFORCEMENT BY STATES.

    (a) In General.--A State, as parens patriae, may bring a civil 
action on behalf of its residents in an appropriate district court of 
the United States to enforce section 2 or to impose the civil penalties 
authorized by section 3, whenever the chief legal officer of the State 
has reason to believe that the interests of the residents of the State 
have been or are being threatened or adversely affected by a violation 
of this Act or a regulation under this Act.
    (b) Notice.--The State shall serve written notice on the Federal 
Trade Commission and the Federal Communications Commission of any civil 
action under subsection (a) prior to initiating such civil action. The 
notice shall include a copy of the complaint to be filed to initiate 
such civil action, except that if it is not feasible for the State to 
provide such prior notice, the State shall provide such notice 
immediately upon instituting such civil action.
    (c) Authority To Intervene.--Upon receiving the notice required by 
subsection (b), either Commission may intervene in such civil action 
and upon intervening--
            (1) be heard on all matters arising in such civil action; 
        and
            (2) file petitions for appeal of a decision in such civil 
        action.
    (d) Construction.--For purposes of bringing any civil action under 
subsection (a), nothing in this section shall prevent the chief legal 
officer of a State from exercising the powers conferred on that officer 
by the laws of such State to conduct investigations or to administer 
oaths or affirmations or to compel the attendance of witnesses or the 
production of documentary and other evidence.
    (e) Venue; Service of Process.--
            (1) Venue.--An action brought under subsection (a) shall be 
        brought in a district court of the United States that meets 
        applicable requirements relating to venue under section 1391 of 
        title 28, United States Code.
            (2) Service of process.--In an action brought under 
        subsection (a)--
                    (A) process may be served without regard to the 
                territorial limits of the district or of the State in 
                which the action is instituted; and
                    (B) a person who participated in an alleged 
                violation that is being litigated in the civil action 
                may be joined in the civil action without regard to the 
                residence of the person.

SEC. 6. CONSUMER REDRESS.

    (a) In General.--An individual whose customer proprietary network 
information has been obtained, used, or sold in violation of section 2 
may file a civil action in any court of competent jurisdiction against 
the person who committed the violation.
    (b) Remedies.--A court in which such a civil action has been 
brought may--
            (1) impose a civil penalty of not more than $11,000 for 
        each violation of this Act with respect to the plaintiff's 
        customer proprietary network information; and
            (2) provide such additional relief as the court deems 
        appropriate, including the award of court costs, investigative 
        costs, and reasonable attorney's fees.
    (c) Limitation.--Nothing in this section authorizes an individual 
to bring a civil action against a telecommunications carrier (as 
defined in section 222(i)(8) of the Communications Act of 1947 (47 
U.S.C. 222(i)(8))).

SEC. 7. PROTECTION OF CUSTOMER PROPRIETARY NETWORK INFORMATION.

    (a) In General.--Section 222 of the Communications Act of 1934 (47 
U.S.C. 222) is amended--
            (1) by redesignating subsection (h) as subsection (i); and
            (2) by inserting after subsection (g) the following:
    ``(h) Protection of Customer Proprietary Network Information.--
            ``(1) In general.--A telecommunications carrier shall--
                    ``(A) implement a system by which the carrier can 
                determine whether an individual has authorized access 
                to, or the release of, an individual's customer 
                proprietary network information before it is made 
                available to third parties;
                    ``(B) ensure that personnel with access to customer 
                proprietary network information are trained as to when 
                they are and are not authorized to use customer 
                proprietary network information and have a disciplinary 
                process in effect for disciplining personnel for misuse 
                of customer proprietary network information;
                    ``(C) maintain for at least 1 year a record of any 
                sales or marketing campaign conducted by carrier or its 
                affiliates that uses customer proprietary network 
                information;
                    ``(D) maintain for at least 1 year a record of each 
                instance in which customer proprietary network 
                information was disclosed or provided to the customer 
                or third parties, or where third parties were allowed 
                access to customer proprietary network information, in 
                the sales or marketing campaign that includes--
                            ``(i) a description of the sales or 
                        marketing campaign in which the information was 
                        used;
                            ``(ii) the specific customer proprietary 
                        network information that was used in the 
                        campaign; and
                            ``(iii) a description of the products and 
                        services that were offered as a part of the 
                        campaign;
                    ``(E) establish a supervisory review process 
                regarding compliance with this subsection for outbound 
                marketing situations and maintain for at least 1 year a 
                record of its compliance;
                    ``(F) require an officer or agent of the carrier to 
                sign a compliance certificate on an annual basis 
                stating that the officer or agent has personal 
                knowledge that the carrier has established operating 
                procedures that are adequate to ensure compliance with 
                this subsection; and
                    ``(G) submit to the Commission annually--
                            ``(i) a copy of the certificate required by 
                        subparagraph (F); and
                            ``(ii) a plan that reflects its compliance 
                        with the requirements of this subsection.
            ``(2) Annual FCC Reports.--The Commission shall transmit a 
        report to the Senate Committee on Commerce, Science, and 
        Transportation and the House of Representatives Committee on 
        Energy and Commerce annually on the compliance of 
        telecommunications carriers with the requirements of this 
        subsection.''.
    (b) Definitions.--Section 222(i) of the Communications Act of 1934 
(as redesignated by subsection (a)) is amended by adding at the end the 
following:
            ``(8) Telecommunications carrier.--The term 
        `telecommunications carrier'--
                    ``(A) has the meaning given that term by section 
                3(44); but
                    ``(B) includes a provider of IP-enabled voice 
                service.
            ``(9) IP-enabled voice service.--The term `IP-enabled voice 
        service' means the provision of real-time 2-way voice 
        communications offered to the public, or such classes of users 
        as to be effectively available to the public, transmitted 
        through customer premises equipment using TCP/IP protocol, or a 
        successor protocol, for a fee (whether part of a bundle of 
        services or separately) with 2-way interconnection capability 
        such that the service can originate traffic to, and terminate 
        traffic from, the public switched telephone network.''.
    (c) Regulations.--Within 90 days after the date of enactment of 
this Act, the Federal Communications Commission shall promulgate such 
regulations as may be necessary to implement section 222(i)(8) of the 
Communications Act of 1934 (47 U.S.C. 222(i)(8)), as added by 
subsection (b) of this section, including the application of section 
222 of that Act with the expanded definition of telecommunications 
carrier.
                                 <all>