Information that Your Telephone Company Collects
Your local, long distance and wireless telephone companies, as well as your Voice over Internet Provider (VoIP), collect information such as the numbers you call and when you call them, as well as the particular services you use, such as call forwarding or voice mail. These companies collect this customer information, also called Customer Proprietary Network Information (CPNI) so they can provide the services you have requested and send you bills for them.
Protecting Your Customer Information
Both Congress and the Federal Communications Commission (FCC) impose requirements on telephone companies and VoIP providers about how they can use this personal information and what they must do to protect it from disclosure. Both Congress and the FCC have strengthened their rules to combat a practice known as “pretexting,” or posing as the actual customer or a law enforcement official to obtain telephone calling records. In some cases, data brokers offer calling records for sale on the Internet. Congress has passed a law making it a crime punishable by fine or imprisonment of up to 10 years to obtain calling records from a telephone company or VoIP provider by: making false or fraudulent statements, providing fraudulent documents, or accessing customer records without prior authorization through the Internet or fraudulent computer-related activities. The law also prohibits the unauthorized sale or transfer of confidential phone records or the purchase or receipt of such information with knowledge that it was obtained fraudulently or without authorization.
Both a law passed by Congress and FCC rules impose a general duty on telephone companies and VoIP providers to protect the confidentiality of your customer information. Telephone companies and VoIP providers may use, disclose or permit access to your customer information in these circumstances: (1) as required by law; (2) with your approval; and (3) in providing the service from which the customer information is derived.
Disclosing Your Customer Information At Your Request
The FCC prohibits your telephone company or VoIP provider from releasing your customer information to you when you call the company except when you provide a password. If you do not provide a password, your telephone company or VoIP provider may not release your customer information to you except by sending it to your address of record or calling you at your telephone number of record. Your telephone or VoIP company must provide password protection for your online account. If you come in person with valid identification to a company store or office, your company can provide you all your customer information. Your company must notify you immediately when it creates or changes a password, a back-up for a forgotten password, an on-line account or an address of record. Finally, your company must disclose your customer information to any person you designate if you make your request in writing.
Using Your Customer Information for Marketing
Your telephone company or VoIP provider may use your customer information, without your approval, to market enhancements to services you already use. For example, if you purchase basic local telephone service from a telephone company, it does not need your approval to use your customer information to try to sell you voice mail or caller ID service.
If your telephone company or VoIP provider uses your customer information for other marketing, it must obtain your approval to do so. The company may request your approval orally, in writing, or electronically. The request must contain specific disclosures about how your company will use your customer information. The company can request your approval using one of two methods:
- “Opt-Out” – Your company sends you a notice saying it will consider you to have given your approval to use your customer information for marketing unless you tell it not to do so (usually within 30 days.)
- “Opt-In” – Your company sends you a notice asking that you expressly give it permission to use your customer information for marketing.
Your telephone company or VoIP provider must obtain your “opt-out” or “opt-in” approval before it can share your customer information within the company to sell you communications-related services you don’t already purchase; for example, to sell you long distance service if you only subscribe to local service. Your company must obtain your “opt-in” approval to disclose your customer information for marketing purposes to joint venture partners and independent contractors. If your telephone company or VoIP provider discloses your customer information to joint venture partners or independent contractors, it must enter into agreements with them to keep your customer information confidential.
The FCC requires your telephone company or VoIP provider to report to you and law enforcement officials such as the Federal Bureau of Investigation if your customer information is disclosed without your permission. Your company must take reasonable measures to discover and protect against pretexting. It must also keep accurate records of all instances where it disclosed your customer infomation to third parties, and whether or not you have provided approval to use your customer information for marketing. Marketing campaigns using customer information must be carefully reviewed within the company. Employees must be trained in the appropriate use of customer information. Finally, telephone companies and VoIP providers must submit to the FCC annual certification proving that they are abiding by these rules, including an explanation of any actions taken against data brokers and a summary of all consumer complaints received regarding unauthorized release of customer information.
How to Help Prevent Unauthorized Disclosure of Your Customer Information
- Ask your telephone company or VoIP provider to provide information about what it does to protect the confidentiality of your customer information.
- Read your telephone bill and any other notices you receive from your company carefully. Determine if your company is seeking opt-in or opt-out permission to use or share your customer information for marketing.
- Make your choice about sharing your customer information clear to your telephone company or VoIP provider. The choice you make about how your customer information is used and shared is valid until you inform your company that your choice has changed.
- If you use a password when contacting your telephone company or VoIP provider to obtain your customer information, avoid using any sensitive or readily apparent information, such as your social security number.
Remember: Customer information rules apply to all telephone companies: local, long distance, wireless and VoIP. Make your customer information choices known to each company.
Filing a complaint
You have multiple options for filing a complaint with the FCC:
- File a complaint online
- By phone: 1-888-CALL-FCC (1-888-225-5322); TTY: 1-888-TELL-FCC (1-888-835-5322); ASL: 1-844-432-2275
- By mail (please include your name, address, contact information and as much detail about your complaint as possible):
Federal Communications Commission
Consumer and Governmental Affairs Bureau
Consumer Inquiries and Complaints Division
445 12th Street, S.W.
Washington, DC 20554
To request this article in an accessible format - braille, large print, Word or text document or audio - write or call us at the address or phone number at the bottom of the page, or send an email to firstname.lastname@example.org.