[Federal Register Volume 63, Number 196 (Friday, October 9, 1998)]
[Rules and Regulations]
[Pages 54379-54380]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 98-27190]


=======================================================================
-----------------------------------------------------------------------

FEDERAL COMMUNICATIONS COMMISSION

47 CFR Part 64

[CC Docket No. 96-115; FCC 98-239]


Telecommunications Carriers' Use of Customer Proprietary Network 
Information and Other Customer Information

AGENCY: Federal Communications Commission.

ACTION: Final rule.

-----------------------------------------------------------------------

SUMMARY: The order released September 24, 1998 extends the deadline by 
which all telecommunications carriers must implement effective 
electronic safeguards to protect against unauthorized access to CPNI. 
This deadline was established in the Commission's CPNI Report and Order 
in this proceeding. The Commission is currently reviewing a number of 
petitions for reconsideration that seek modification of the electronic 
safeguards requirement, and believes that postponing the deadline for 
implementation of these safeguards until after the Commission acts upon 
the reconsideration petitions is in the public interest.

EFFECTIVE DATE: November 9, 1998.

FOR FURTHER INFORMATION CONTACT: Brent Olson, Attorney, Common Carrier 
Bureau, Policy and Program Planning Division, (202) 418-1580 or via the 
Internet at [email protected]. Further information may also be obtained by 
calling the Common Carrier Bureau's TTY number: 202-418-0484. For 
additional information concerning the information collections contained 
in this Order contact Judy Boley at (202) 418-0214, or via the Internet 
at [email protected].

SUPPLEMENTARY INFORMATION: This is a summary of the Commission's Order 
adopted September 23, 1998, and released September 24, 1998. The full 
text of this Order is available for inspection and copying during 
normal business hours in the FCC Reference Center, 1919 M St., N.W., 
Room 239, Washington, D.C. The complete text also may be obtained 
through the World Wide Web, at http://www.fcc.gov/Bureaus/Common 
Carrier/Orders/fcc98239.wp, or may be purchased from the Commission's 
copy contractor, International Transcription Service, Inc., (202) 857-
3800, 1231 20th St., N.W., Washington, D.C. 20036.

Regulatory Flexibility Certification

    The changes adopted in this Order do not affect our certification 
in the CPNI Report and Order.

Synopsis of Order

    1. On February 26, 1998, the Commission released an Order, 63 FR 
20326, April 24, 1998 (``CPNI Report and Order'') promulgating 
regulations to implement the statutory obligations of section 222 of 
the Communications Act of 1934, as amended by the Telecommunications 
Act of 1996, which was enacted to protect the confidentiality of 
customer proprietary network information (CPNI). In that order, the 
Commission established January 26, 1999 as the deadline by which all 
telecommunications carriers must implement effective electronic 
safeguards to protect against unauthorized access to CPNI. For the 
reasons discussed below, we extend that deadline.

I. Background

    2. In the CPNI Report and Order, the Commission concluded that 
``all telecommunications carriers must establish effective safeguards 
to protect against unauthorized access to CPNI by their employees or 
agents, or by unaffiliated third parties.'' Specifically, the 
Commission required that carriers develop and implement software 
systems that ``flag'' customer service records in connection with CPNI 
and that carriers maintain an electronic audit mechanism (``audit 
trail'') that tracks access to customer accounts. The Commission also 
required that carriers' employees be trained as to when they can and 
cannot access customers' CPNI; that carriers establish a supervisory 
review process that ensures compliance with CPNI restrictions when 
conducting outbound marketing; and that each carrier submit a 
certification signed by a current corporate officer attesting that he/
she has personal knowledge that the carrier is in compliance with our 
requirements on an annual basis. Because the Commission anticipated 
that carriers would need time to conform their data systems and 
operations to comply with the software flags and electronic audit 
mechanisms required by the Order, enforcement of these safeguards was 
deferred until eight months from when the rules became effective, 
specifically January 26, 1999.
    3. Following the release of the CPNI Report and Order, several 
petitioners sought reconsideration of a variety of issues, including 
the decision to require carriers to implement the use of software flags 
and audit trails. We are currently reviewing these petitions. In 
addition, a number of carriers, representing virtually the entire 
industry affected by the CPNI rules, expressed concern about meeting 
the January deadline. GTE has also proposed some alternative methods of 
implementing safeguards that GTE claims will accomplish the goals of 
the Act without unduly burdening the industry.

II. Discussion

    4. We conclude that it serves the public interest to extend the 
deadline by which we will begin to enforce our rules requiring software 
flags and electronic

[[Page 54380]]

audit mechanisms so that we may consider recent proposals to tailor our 
requirements more narrowly and to reduce burdens on the industry while 
serving the purposes of the CPNI rules. As an initial matter, we note 
that all segments of the industry unanimously oppose these requirements 
as adopted. We emphasize that the circumstances presented here are both 
unique and compelling. We recognize that it will take time and effort 
to implement these requirements, and we believe that postponement of 
compliance until the Commission provides additional guidance may 
promote more efficient and effective deployment of resources spent on 
meeting the new CPNI requirements set forth in the statute and our 
implementing rules. By delaying the date of enforcement until after the 
Commission acts upon reconsideration petitions, parties will have the 
opportunity to comment on GTE's proposed alternatives or make proposals 
of their own.
    5. We emphasize that this extension of time is only temporary and 
that ultimately carriers will be required to comply with whatever 
electronic safeguards the Commission deems appropriate in this 
proceeding. We recognize that software flags and electronic audit 
mechanisms may be more costly to implement when older systems are 
involved. To the extent that new systems are being deployed during the 
pendency of the reconsideration petitions, however, we expect that 
carriers will install electronic flags and audit trails at the time the 
system is deployed in order to avoid the increased cost of having to 
retrofit systems in the future to come into compliance. We also note 
that this extension applies only to the electronic safeguards 
requirement, and that compliance with the rest of the rules elaborated 
in the CPNI Report and Order is still required. In particular, our 
action in this Order does not relieve carriers of the underlying 
obligation to use CPNI in accordance with section 222 and the 
Commission's implementing rules.

III. Ordering Clauses

    6. Accordingly, it is ordered, pursuant to sections 4(i) and 303(r) 
of the Communications Act of 1934, as amended, 47 U.S.C. 154(i), and 
303(r), and Sec. 1.429(k) of the Commission's rules, 47 CFR 1.429(k), 
that we will not seek enforcement actions against carriers regarding 
compliance with the CPNI software flagging and audit trail requirements 
as set forth in 47 CFR 64.2009 (a) and (c) until six months after the 
release date of the Commission's order on reconsideration addressing 
these issues in CC Docket No. 96-115.

List of Subjects in 47 CFR Part 64

    Communications common carriers, Reporting and recordkeeping 
requirements, Telephone.

Federal Communications Commission.
Magalie Roman Salas,
Secretary.
[FR Doc. 98-27190 Filed 10-8-98; 8:45 am]
BILLING CODE 6712-01-P