Photo by Sonja Langford on Unsplash

It’s that time of year again! (Well, again after a one-year hiatus, that is.) Time for our annual reminder that the annual customer proprietary network information (CPNI) certifications are due by March 1 for most (but not necessarily all) telecommunications carriers and interconnected VoIP providers.

CPNI includes a variety of sensitive customer data such as, among other things, telephone numbers of people you call and people who call you. To address privacy concerns, the FCC’s regulations help protect CPNI from unauthorized access, use, or disclosure, and all covered entities are required to file, by March 1, an annual certification of compliance with CPNI rules during the previous calendar year.

You may have noticed that our last reminder about the annual certification was in 2016. That’s because in 2016 the FCC, under Chairman Wheeler, completely revised its privacy rules to also encompass providers of broadband Internet access service. Under those rules, the annual March 1 certification was not required in 2017. But those rules were abandoned in 2017 after the Republican administration took over and the FCC restored the prior CPNI requirements (including the annual March 1 certification) to their former glory.

That brings us to the present day where the FCC’s Wireline Competition Bureau has released a Public Notice reminder that the annual CPNI certification is again due by March 1. While the reminder still includes the typical warning that noncompliance can result in hefty penalties, it doesn’t quite strike the same ominous tone as prior reminders issued by the FCC’s Enforcement Bureau (for example, see this FCC Enforcement Advisory from 2016).

Of course, that doesn’t mean you should take the annual CPNI certification any less seriously. Those with long memories will recall the days when failure to file came with a nearly automatic $20,000 forfeiture penalty. So hopefully you’ll also still remember how to get the CPNI certification submitted on a timely basis. As always, if you’re unsure of how to comply, or whether this requirement applies to your company, be sure to seek appropriate guidance.