Goto Section: 64.2009 | 64.2011 | Table of Contents

FCC 64.2010
Revised as of October 2, 2015
Goto Year:2014 | 2016
§ 64.2010   Safeguards on the disclosure of customer proprietary network
information.

   (a) Safeguarding CPNI. Telecommunications carriers must take reasonable
   measures to discover and protect against attempts to gain unauthorized
   access to CPNI. Telecommunications carriers must properly authenticate a
   customer prior to disclosing CPNI based on customer-initiated telephone
   contact, online account access, or an in-store visit.

   (b) Telephone access to CPNI. Telecommunications carriers may only disclose
   call detail information over the telephone, based on customer-initiated
   telephone  contact,  if the customer first provides the carrier with a
   password,  as  described in paragraph (e) of this section, that is not
   prompted  by  the  carrier  asking  for readily available biographical
   information, or account information. If the customer does not provide a
   password, the telecommunications carrier may only disclose call detail
   information by sending it to the customer's address of record, or by calling
   the customer at the telephone number of record. If the customer is able to
   provide call detail information to the telecommunications carrier during a
   customer-initiated call without the telecommunications carrier's assistance,
   then the telecommunications carrier is permitted to discuss the call detail
   information provided by the customer.

   (c) Online access to CPNI. A telecommunications carrier must authenticate a
   customer without the use of readily available biographical information, or
   account information, prior to allowing the customer online access to CPNI
   related to a telecommunications service account. Once authenticated, the
   customer   may  only  obtain  online  access  to  CPNI  related  to  a
   telecommunications service account through a password, as described in
   paragraph (e) of this section, that is not prompted by the carrier asking
   for readily available biographical information, or account information.

   (d) In-store access to CPNI. A telecommunications carrier may disclose CPNI
   to a customer who, at a carrier's retail location, first presents to the
   telecommunications  carrier or its agent a valid photo ID matching the
   customer's account information.

   (e) Establishment of a Password and Back-up Authentication Methods for Lost
   or  Forgotten Passwords. To establish a password, a telecommunications
   carrier must authenticate the customer without the use of readily available
   biographical  information,  or account information. Telecommunications
   carriers may create a back-up customer authentication method in the event of
   a lost or forgotten password, but such back-up customer authentication
   method  may not prompt the customer for readily available biographical
   information,  or account information. If a customer cannot provide the
   correct  password  or  the  correct  response for the back-up customer
   authentication  method,  the customer must establish a new password as
   described in this paragraph.

   (f) Notification of account changes. Telecommunications carriers must notify
   customers immediately whenever a password, customer response to a back-up
   means of authentication for lost or forgotten passwords, online account, or
   address of record is created or changed. This notification is not required
   when the customer initiates service, including the selection of a password
   at service initiation. This notification may be through a carrier-originated
   voicemail or text message to the telephone number of record, or by mail to
   the address of record, and must not reveal the changed information or be
   sent to the new account information.

   (g)  Business customer exemption. Telecommunications carriers may bind
   themselves  contractually  to  authentication regimes other than those
   described  in this section for services they provide to their business
   customers that have both a dedicated account representative and a contract
   that specifically addresses the carriers' protection of CPNI.

   [ 72 FR 31962 , June 8, 2007]

   return arrow Back to Top


Goto Section: 64.2009 | 64.2011

Goto Year: 2014 | 2016
CiteFind - See documents on FCC website that cite this rule

Want to support this service?
Thanks!

Report errors in this rule. Since these rules are converted to HTML by machine, it's possible errors have been made. Please help us improve these rules by clicking the Report FCC Rule Errors link to report an error.
hallikainen.com
Helping make public information public