Archives

Telecommunications Act of 1996 and Consumer Proprietary Network Information

The Telecommunications Act of 1996

The Telecommunications Act of 1996 was signed by Congress with the intention on providing customers with more competition and diversity from their telecommunication services.

Section 222(a) of the 1996 Act states: “Every telecommunication carrier has a duty to protect the confidentiality of proprietary information of and relating to customers.”

This restricts the use of Customer Proprietary Network Information (CPNI) to the limited purpose of providing the telecommunications services from which the CPNI was derived in the first place. For any other purposes the carrier must obtain consent from the customer before using or disclosing CPNI. It also limits the rights of a carrier or provider to use CPNI to gain unfair competitive advantage in relation to other carriers.

Customer Proprietary Network Information

In 1998, the Federal Communications Commission’s (FCC) interpretation of section 222 of the 1996 Act identified that customer information could potentially be used in a manner that was invasive of customer privacy and published a rules to govern the specific uses of customer information by telecommunication companies. Under the rules, all service providers and carriers have a duty to protect against the unauthorised disclosure of customers’ CPNI and must have internal safeguards in place.

Information referred to as CPNI is information that can be gathered and used by telecommunication companies for marketing purposes and includes:

-          Information about the quantity, technical configuration, type, destination, location and amount of use of your communications services.

-          Information contained on your bill concerning your communications services.

Examples of CPNI may include telephone numbers that the customer calls or communications services that they purchase. It does not include the customer’s name, address or telephone number or other specific identifiable information. CPNI does not include information related to the internet, which is defined as an ‘information service’.

In 2006, the FCC strengthened the protection to protect against a practice known as ‘pretexting’ i.e. posing as the actual customer or as a police official to obtain telephone calling records. Congress passed a law making this action a crime punishable by a fine or imprisonment of up to 10 years.

US West case

Section 222 did not define a ‘telecommunication service’. Therefore, the FCC interpreted it to be a customer’s total combination of services obtained from any one carrier (total service approach, or TSA), allowing the use of such information for cross-promotion of services.

Section 222(c)(1) of the 1996 Act called for express customer approval requirements (an opt-in scheme) that would require customers to give affirmative consent if a carrier or provider wished to promote additional services outside of the customer’s current total-service package, using CPNI. The FCC’s interpretation was considered to be an attempt to balance the privacy interests of consumers with the deregulatory purposes of the 1996.

In their challenge to the legislation, US West argued that this interpretation went too far and restricted the right to free speech under the First Amendment as it would “seriously impair carriers’ ability to communicate valuable commercial information to their customers.” The court agreed, stating that the FCC’s argument that alternative means of communication to customers was available (such as broadcast speech) did not eliminate the fact that their interpretation restricted speech. On that basis it held that the restriction was unconstitutional and struck it down.

On that basis the updated FCC interpretation of the 1996 Act states that service providers may use customers’ CPNI without prior approval to provide customers with information about services that are within the same category as the services that they have already purchased. Service providers may also request a customer to allow the server to share CPNI with affiliates, agents or other related entities. Rather than the ‘opt-in approach’ initially adopted by the FCC, an ‘opt-out approach’ can now be applied by the carrier. This method means that a customer is deemed to have consented to the use, disclosure or access to the customer’s CPNI if the customer has failed to object to the notification of the carrier’s request for consent. However, the carrier must inform the customer of their preferred method and, if the company is using the ‘opt-out approach’ the notice must provide a reasonable time for the customer to opt-out.

Summary

The Telecommunications Act of 1996 was signed by Congress with the intention on providing customers with more competition and diversity from their telecommunication services. Customer Proprietary Network Information (CPNI) is information that can be gathered and used by telecommunication companies for marketing purposes.

CIPP Exam Preparation

In preparation for the Certified Information Privacy Professional/United States (CIPP/US) exam,  a privacy professional should be comfortable with topics related to this post, including:

  • Telecommunications Act of 1996 & Customer Proprietary Network Information (II.E.e.)
Share

Leave a Reply

 

 

 

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>