[Federal Register Volume 63, Number 196 (Friday, October 9, 1998)]
[Rules and Regulations]
[Pages 54379-54380]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 98-27190]
=======================================================================
-----------------------------------------------------------------------
FEDERAL COMMUNICATIONS COMMISSION
47 CFR Part 64
[CC Docket No. 96-115; FCC 98-239]
Telecommunications Carriers' Use of Customer Proprietary Network
Information and Other Customer Information
AGENCY: Federal Communications Commission.
ACTION: Final rule.
-----------------------------------------------------------------------
SUMMARY: The order released September 24, 1998 extends the deadline by
which all telecommunications carriers must implement effective
electronic safeguards to protect against unauthorized access to CPNI.
This deadline was established in the Commission's CPNI Report and Order
in this proceeding. The Commission is currently reviewing a number of
petitions for reconsideration that seek modification of the electronic
safeguards requirement, and believes that postponing the deadline for
implementation of these safeguards until after the Commission acts upon
the reconsideration petitions is in the public interest.
EFFECTIVE DATE: November 9, 1998.
FOR FURTHER INFORMATION CONTACT: Brent Olson, Attorney, Common Carrier
Bureau, Policy and Program Planning Division, (202) 418-1580 or via the
Internet at bolson@fcc.gov. Further information may also be obtained by
calling the Common Carrier Bureau's TTY number: 202-418-0484. For
additional information concerning the information collections contained
in this Order contact Judy Boley at (202) 418-0214, or via the Internet
at jboley@fcc.gov.
SUPPLEMENTARY INFORMATION: This is a summary of the Commission's Order
adopted September 23, 1998, and released September 24, 1998. The full
text of this Order is available for inspection and copying during
normal business hours in the FCC Reference Center, 1919 M St., N.W.,
Room 239, Washington, D.C. The complete text also may be obtained
through the World Wide Web, at http://www.fcc.gov/Bureaus/Common
Carrier/Orders/fcc98239.wp, or may be purchased from the Commission's
copy contractor, International Transcription Service, Inc., (202) 857-
3800, 1231 20th St., N.W., Washington, D.C. 20036.
Regulatory Flexibility Certification
The changes adopted in this Order do not affect our certification
in the CPNI Report and Order.
Synopsis of Order
1. On February 26, 1998, the Commission released an Order, 63 FR
20326, April 24, 1998 (``CPNI Report and Order'') promulgating
regulations to implement the statutory obligations of section 222 of
the Communications Act of 1934, as amended by the Telecommunications
Act of 1996, which was enacted to protect the confidentiality of
customer proprietary network information (CPNI). In that order, the
Commission established January 26, 1999 as the deadline by which all
telecommunications carriers must implement effective electronic
safeguards to protect against unauthorized access to CPNI. For the
reasons discussed below, we extend that deadline.
I. Background
2. In the CPNI Report and Order, the Commission concluded that
``all telecommunications carriers must establish effective safeguards
to protect against unauthorized access to CPNI by their employees or
agents, or by unaffiliated third parties.'' Specifically, the
Commission required that carriers develop and implement software
systems that ``flag'' customer service records in connection with CPNI
and that carriers maintain an electronic audit mechanism (``audit
trail'') that tracks access to customer accounts. The Commission also
required that carriers' employees be trained as to when they can and
cannot access customers' CPNI; that carriers establish a supervisory
review process that ensures compliance with CPNI restrictions when
conducting outbound marketing; and that each carrier submit a
certification signed by a current corporate officer attesting that he/
she has personal knowledge that the carrier is in compliance with our
requirements on an annual basis. Because the Commission anticipated
that carriers would need time to conform their data systems and
operations to comply with the software flags and electronic audit
mechanisms required by the Order, enforcement of these safeguards was
deferred until eight months from when the rules became effective,
specifically January 26, 1999.
3. Following the release of the CPNI Report and Order, several
petitioners sought reconsideration of a variety of issues, including
the decision to require carriers to implement the use of software flags
and audit trails. We are currently reviewing these petitions. In
addition, a number of carriers, representing virtually the entire
industry affected by the CPNI rules, expressed concern about meeting
the January deadline. GTE has also proposed some alternative methods of
implementing safeguards that GTE claims will accomplish the goals of
the Act without unduly burdening the industry.
II. Discussion
4. We conclude that it serves the public interest to extend the
deadline by which we will begin to enforce our rules requiring software
flags and electronic
[[Page 54380]]
audit mechanisms so that we may consider recent proposals to tailor our
requirements more narrowly and to reduce burdens on the industry while
serving the purposes of the CPNI rules. As an initial matter, we note
that all segments of the industry unanimously oppose these requirements
as adopted. We emphasize that the circumstances presented here are both
unique and compelling. We recognize that it will take time and effort
to implement these requirements, and we believe that postponement of
compliance until the Commission provides additional guidance may
promote more efficient and effective deployment of resources spent on
meeting the new CPNI requirements set forth in the statute and our
implementing rules. By delaying the date of enforcement until after the
Commission acts upon reconsideration petitions, parties will have the
opportunity to comment on GTE's proposed alternatives or make proposals
of their own.
5. We emphasize that this extension of time is only temporary and
that ultimately carriers will be required to comply with whatever
electronic safeguards the Commission deems appropriate in this
proceeding. We recognize that software flags and electronic audit
mechanisms may be more costly to implement when older systems are
involved. To the extent that new systems are being deployed during the
pendency of the reconsideration petitions, however, we expect that
carriers will install electronic flags and audit trails at the time the
system is deployed in order to avoid the increased cost of having to
retrofit systems in the future to come into compliance. We also note
that this extension applies only to the electronic safeguards
requirement, and that compliance with the rest of the rules elaborated
in the CPNI Report and Order is still required. In particular, our
action in this Order does not relieve carriers of the underlying
obligation to use CPNI in accordance with section 222 and the
Commission's implementing rules.
III. Ordering Clauses
6. Accordingly, it is ordered, pursuant to sections 4(i) and 303(r)
of the Communications Act of 1934, as amended, 47 U.S.C. 154(i), and
303(r), and Sec. 1.429(k) of the Commission's rules, 47 CFR 1.429(k),
that we will not seek enforcement actions against carriers regarding
compliance with the CPNI software flagging and audit trail requirements
as set forth in 47 CFR 64.2009 (a) and (c) until six months after the
release date of the Commission's order on reconsideration addressing
these issues in CC Docket No. 96-115.
List of Subjects in 47 CFR Part 64
Communications common carriers, Reporting and recordkeeping
requirements, Telephone.
Federal Communications Commission.
Magalie Roman Salas,
Secretary.
[FR Doc. 98-27190 Filed 10-8-98; 8:45 am]
BILLING CODE 6712-01-P
