[Federal Register Volume 89, Number 122 (Tuesday, June 25, 2024)]
[Notices]
[Pages 53079-53081]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2024-13882]


-----------------------------------------------------------------------

FEDERAL COMMUNICATIONS COMMISSION

[OMB 3060-0715, OMB 3060-0742; FR ID 227288]


Information Collections Being Reviewed by the Federal 
Communications Commission

AGENCY: Federal Communications Commission.

ACTION: Notice and request for comments.

-----------------------------------------------------------------------

SUMMARY: As part of its continuing effort to reduce paperwork burdens, 
and as required by the Paperwork Reduction Act (PRA) of 1995, the 
Federal Communications Commission (FCC or the Commission) invites the 
general public and other Federal agencies to take this opportunity to 
comment on the following information collection. Comments are requested 
concerning:

[[Page 53080]]

whether the proposed collection of information is necessary for the 
proper performance of the functions of the Commission, including 
whether the information shall have practical utility; the accuracy of 
the Commission's burden estimate; ways to enhance the quality, utility, 
and clarity of the information collected; ways to minimize the burden 
of the collection of information on the respondents, including the use 
of automated collection techniques or other forms of information 
technology; and ways to further reduce the information collection 
burden on small business concerns with fewer than 25 employees.

DATES: Written PRA comments should be submitted on or before August 26, 
2024. If you anticipate that you will be submitting comments, but find 
it difficult to do so within the period of time allowed by this notice, 
you should advise the contact listed below as soon as possible.

ADDRESSES: Direct all PRA comments to Nicole Ongele, FCC, via email 
[email protected] and to [email protected].

FOR FURTHER INFORMATION CONTACT: For additional information about the 
information collection, contact Nicole Ongele, (202) 418-2991.

SUPPLEMENTARY INFORMATION: The FCC may not conduct or sponsor a 
collection of information unless it displays a currently valid control 
number. No person shall be subject to any penalty for failing to comply 
with a collection of information subject to the PRA that does not 
display a valid Office of Management and Budget (OMB) control number.
    OMB Control Number: 3060-0715.
    Title: Telecommunications Carriers' Use of Customer Proprietary 
Network Information and Other Customer Information.
    Form Number: N/A.
    Type of Review: Revision of a currently approved collection.
    Respondents: Business or other for-profit entities, and state, 
local, or tribal government.
    Number of Respondents and Responses: 2,935 respondents; 24,427 
responses.
    Estimated Time per Response: 0.1-120 hours.
    Frequency of Response: On occasion, annual, and one-time reporting 
requirements; recordkeeping; and third party disclosure requirements.
    Obligation to Respond: Mandatory. Statutory authority for these 
collections are contained in sections 201 and 222 of the Communications 
Act of 1934, as amended, 47 U.S.C. 201, 222.
    Total Annual Burden: 206,203 hours.
    Total Annual Cost: No Cost.
    Needs and Uses: Section 222 of the Communications Act of 1934, as 
amended, 47 U.S.C. 222, establishes the duty of telecommunications 
carriers to protect the confidentiality of its customers' proprietary 
information. This proprietary information includes personally 
identifiable information derived from a customer's relationship with a 
provider of telecommunications services. This information collection 
implements the statutory obligations of Section 222. These regulations 
impose safeguards to protect Customer Proprietary Network Information 
(CPNI) and other customer proprietary information against unauthorized 
access and disclosure.
    On November 16, 2023, the FCC released the SIM Swap and Port-Out 
Fraud Order (88 FR 85794 (December 8, 2023)), which adopted a baseline 
framework to combat SIM swap fraud by amending section 64.2010 of the 
CPNI rules to add paragraph (h) on Subscriber Identity Module (SIM) 
changes and adds new information collection requirements in paragraphs 
(h)(2) through (6) and (h)(8) of that rule. A SIM swap involves the 
fraudulent transfer (or ``swap'') of an account from a device 
associated with one SIM to a device associated with a different SIM, 
allowing a bad actor to control the victim's mobile account and access 
the victim's CPNI. The new rules establish a uniform framework that 
gives wireless providers flexibility to implement customer 
authentication and security methods to address SIM swap fraud. The SIM 
Swap and Port-Out Fraud Order modifies the existing CPNI collection 
requirements to require wireless providers to: (1) adopt processes for 
responding to failed authentication attempts in connection with a SIM 
change request; (2) immediately notify customers of any requests for a 
SIM change associated with the customer's account before the SIM change 
is completed; (3) offer all customers, at no cost, the option to lock 
or freeze their account to stop SIM change requests; (4) provide 
customers with advance notice of any account protection measures 
offered; (5) maintain a clear process for customers to report SIM 
fraud, promptly investigate and remediate fraud, and promptly provide 
customers with documentation of fraud involving their accounts; and (6) 
track and maintain for three years a record of SIM change requests and 
authentication measures used.
    On December 21, 2023, the Commission released the Data Breach 
Report and Order (89 FR 9968 (February 12, 2024)), which modifies the 
scope of customer data and reportable breaches covered by the 
Commission's rules, and also modifies the Commission's data breach 
notification rules to require covered service providers to 
electronically notify the FCC of a reportable data breach through a 
link to a central reporting facility, contemporaneously with the 
existing obligation to notify the United States Secret Service Bureau 
(Secret Service) and the Federal Bureau of Investigation (FBI), and 
adopts equivalent requirements for Telecommunications Relay Services 
(TRS) providers. Covered service providers include providers of 
telecommunications, interconnected Voice over internet Protocol (VoIP), 
and TRS. All covered providers are required to maintain a record, 
electronically or in some other manner, of any breaches discovered, and 
notifications made. Covered providers are also required to submit, via 
the central reporting facility, an annual reporting of certain small 
breaches.
    OMB Control Number: 3060-0742.
    Title: Sections 52.21 through 52.37, Telephone Number Portability, 
47 CFR part 52, subpart (C), and CC Docket No. 95-116.
    Form Number: N/A.
    Type of Review: Revision of a currently approved collection.
    Respondents: Business or other for profit entities.
    Number of Respondents and Responses: 6,026 respondents; 10,002,000 
responses.
    Estimated Time per Response: 0.0666 hours-60 hours.
    Frequency of Response: On occasion and one-time reporting 
requirements, recordkeeping requirement, and third party disclosure 
requirement.
    Obligation to Respond: Required to obtain or retain benefits. 
Statutory authority for this information collection is contained in 47 
U.S.C. 151, 152, 154(i), 201-205, 215, 251(b)(2), 251(e)(2) and 332 of 
the Communications Act of 1934, as amended.
    Total Annual Burden: 748,410 hours.
    Total Annual Cost: No cost.
    Needs and Uses: Section 251(b)(2) of the Communications Act of 
1934, as amended, requires LECs to ``provide, to the extent technically 
feasible, number portability in accordance with requirements prescribed 
by the Commission.'' Through the LNP process, consumers have the 
ability to retain their phone number when switching telecommunications 
service providers, enabling them to choose a provider that best suits 
their needs and enhancing competition. In the Porting Interval Order 
and Further Notice, the

[[Page 53081]]

Commission mandated a one business day porting interval for simple 
wireline-to-wireline and intermodal port requests. The information 
collected in the standard local service request data fields is 
necessary to complete simple wireline-to-wireline and intermodal ports 
within the one business day porting interval mandated by the Commission 
and will be used to comply with section 251 of the Telecommunications 
Act of 1996.
    On November 16, 2023, the FCC released a Report and Order and 
Further Notice of Proposed Rulemaking (88 FR 85794 (Dec. 8, 2023)) (SIM 
Swap and Port-Out Fraud Order), which adds new information collection 
requirements. The SIM Swap and Port-Out Fraud Order adopted baseline 
measures to increase protections for customers against fraudulent port-
outs by adding new section 52.37 in part 52, and adds new information 
collection requirements in paragraphs (c) through (e), and (g), of that 
rule. Port-out fraud occurs where a bad actor impersonates a customers 
of a wireless provider and convinces the provider to port the real 
customer's telephone number to a new wireless provider and a device 
that the bad actor controls, allowing a bad actor to control the 
victim's mobile account and receive text messages and phone calls 
intended for the victim. The new rules establish a uniform framework 
that gives wireless providers flexibility to implement customer 
authentication and security methods to address port-out fraud. Wireless 
providers are required to comply with the new or modified rules except 
where the Safe Connections Act requires alternate procedures to be 
used. The SIM Swap and Port-Out Fraud Order modifies the existing Local 
Number Portability collection requirements to require wireless 
providers to: (1) immediately notify customers of any requests for a 
port-out request associated with the customer's account before 
effectuating the request; (2) offer all customers, at no cost, the 
option to lock or freeze their account to prohibit wireless providers 
from processing requests to port the customer's number; (3) provide 
customers with advance notice of any account protection measures 
offered; and (4) maintain a clear process for customers to report 
fraudulent number ports, promptly investigate and take reasonable steps 
within its control to remediate fraudulent ports, and promptly provide 
customers with documentation of fraudulent ports involving their 
accounts.

Federal Communications Commission.
Katura Jackson,
Federal Register Liaison Officer.
[FR Doc. 2024-13882 Filed 6-24-24; 8:45 am]
BILLING CODE 6712-01-P