CPNI Rules
Customer Proprietary Network Information Protection Rules
FCC rules protecting sensitive customer data held by telecommunications carriers.
What is CPNI Rules?
Customer Proprietary Network Information (CPNI) rules protect sensitive customer data that telecommunications carriers obtain through provision of services. CPNI includes information about the quantity, technical configuration, type, destination, location, and amount of use of a customer's telecommunications services.
The FCC CPNI rules (47 CFR § 64.2001-64.2011) restrict how carriers can use and disclose this information, require customer authentication before disclosing CPNI, mandate breach notification, and require annual compliance certifications. Violations can result in substantial fines and enforcement actions.
Who Needs CPNI Rules?
- Telecommunications carriers
- Wireless providers
- VoIP service providers
- Resellers and MVNOs
- Interconnected service providers
Key Requirements
Core compliance areas for CPNI Rules
Customer Authentication
Verify customer identity before disclosing CPNI via specified methods.
Use Restrictions
Limit use of CPNI to providing and marketing service categories.
Opt-In/Opt-Out
Obtain appropriate consent for marketing uses of CPNI.
Breach Notification
Notify FBI/Secret Service, FCC, and customers of CPNI breaches.
Annual Certification
File annual certification with FCC regarding CPNI compliance.
Benefits of CPNI Rules Compliance
- FCC compliance
- Customer privacy protection
- Avoid substantial fines
- Maintain carrier authority
- Customer trust
- Reduced breach liability
Official Resources
Related Frameworks
FCC Regulations
Federal regulations governing telecommunications carriers, broadcasters, and communications services.
CCPA
California state law granting consumers control over their personal information.
State Privacy Laws
Comprehensive consumer privacy laws enacted by US states including Virginia, Colorado, Connecticut, and others.