A Consent Decree adopted by the FCC’s Enforcement Bureau on September 2 settles the FCC’s inquiry into allegations that Verizon failed to provide some customers with required notices about Verizon’s use of Customer Proprietary Network Information (CPNI) and took too long to notify the FCC after discovering the error. Under the Consent Decree, Verizon will pay $7.4 million to the U.S. Treasury and implement a three-year compliance plan. An FCC news release states that this is the largest payment that has been agreed to in any settlement relating solely to the CPNI requirements.
A federal statute — Section 222 of the Communications Act — requires carriers “to protect the confidentiality of proprietary information” relating to customers, including information such as numbers dialed and received, the length and frequency of calls, and the locations where calls are made. Under the statute and the FCC’s implementing rules, carriers may use individually identifiable CPNI to provide the services customers have purchased and to market similar or related services offered by the carrier — for example, a wireless carrier can use CPNI to market its other wireless plans or add-on features to a wireless subscriber. However, the rules require carriers to obtain customers’ consent (either opt-in or opt-out) before using CPNI for most other purposes, such as marketing long-distance service to wireless customers or sharing the information with third parties.
According to the Consent Decree, Verizon’s policy was to provide a CPNI opt-out notice to new customers with their first bill, and to send such notices to existing customers every two years. The Consent Decree states that Verizon notified the FCC in January 2013 that due to an error in some billing systems, some new customers had not received CPNI opt-out notices with their first bills. As recited in the Consent Decree, after discovering the error, Verizon took a number of corrective steps, including adopting a new policy placing CPNI opt-out notices on every monthly invoice for consumers and small- or medium-sized business customers. As part of an overall compliance plan, the Consent Decree requires Verizon to continue this practice for all customers for whom Verizon relies on opt-out consent to govern Verizon’s use of CPNI.