Skip Navigation

Federal Communications Commission

English Display Options

Commission Document Attachment




Re: Implementation of the Telecommunications Act of 1996: Telecommunications Carriers' Use of
Customer Proprietary Network Information and Other Customer Information

, CC Docket No. 96-115
Protecting consumer privacy is a key component of our mission to serve the public interest.
Changes in technology and market practices have raised many new concerns when it comes to privacy.
But today's action affirms the Commission's commitment to the protection of wireless consumers by
clarifying the FCC's customer proprietary network information or CPNI policies.
Consumers rightfully expect that private information -- for example, numbers called, the times of
those calls, and the locations from which a customer makes those calls -- will be safeguarded, whether it's
retained on their mobile device, or in a carrier's back-office system. That is why this declaratory ruling
clarifies that a carrier has "received or obtained" CPNI when the carrier causes that information to be
stored on the device and it or its designee has access to or control over that information. Carriers should
be responsible for safeguarding the customer information that they collect wherever it's stored. Today's
decision ensures that it will be.
It is also worth noting what this Declaratory Ruling does not do. It does not affect third-party app
developers or apps that customers might install from an app store. It does not prohibit carriers from
collecting information needed to improve networks. In fact, we recognize the benefits of such data
collection. However, while there can be benefits to carrier data collection using customers' devices, the
fact that such sensitive information is stored on each subscriber's mobile device emphasizes the need to
ensure such information is protected. Also, we do not require carriers to implement any particular type of
protection. Instead, we allow them to choose their own method of safeguarding CPNI, as long as it
provides appropriate protection against unauthorized access. I do want to make clear, however, that if a
carrier fails to protect CPNI, the Commission stands ready to use its enforcement authority, including its
authority to order forfeitures.
In sum, today's Declaratory Ruling demonstrates that, while technology and consumer behavior
evolve, we will continue to exercise our statutory authority to protect consumers. I would like to thank
my colleagues for their support of the item, as well as the tireless efforts of Sean Lev, Jennifer Tatel,
Douglas Klein, and other members of the Office of General Counsel, for presenting us with such an
important item.

Note: We are currently transitioning our documents into web compatible formats for easier reading. We have done our best to supply this content to you in a presentable form, but there may be some formatting issues while we improve the technology. The original version of the document is available as a PDF, , or as plain text.


You are leaving the FCC website

You are about to leave the FCC website and visit a third-party, non-governmental website that the FCC does not maintain or control. The FCC does not endorse any product or service, and is not responsible for, nor can it guarantee the validity or timeliness of the content on the page you are about to visit. Additionally, the privacy policies of this third-party page may differ from those of the FCC.