An FCC order clarified that its Customer Proprietary Network Information (CPNI) rules apply to CPNI collected by mobile devices when:
- the information collected meets the statutory definition of CPNI,
- the collection is undertaken at the carrier’s direction, and
- the carrier or its designee has access to or control over that information.
The FCC emphasized that it was not prohibiting the collection of such information, which it acknowledges may have beneficial uses for improved network operations. However, telecommunications carriers are responsible for securing such information and will be held responsible for compliance with their statutory and regulatory obligations. See TMI Regulatory Bulletin dated 7/18/13.
Background Section 222 of the Communications Act (Act) requires that communications providers protect CPNI. CPNI includes information about a customer’s use of the service that is made available to the carrier by virtue of the carrier-customer relationship. Examples of CPNI are the phone numbers called by a consumer; the frequency, duration, and timing of such calls; and any services purchased by the consumer, such as call waiting. The FCC’s CPNI rules are codified at 47 CFR §§64.2001-2011.