Download:
pdf |
pdf31948
Federal Register / Vol. 72, No. 110 / Friday, June 8, 2007 / Rules and Regulations
Federal Communications Commission.
Marlene H. Dortch,
Secretary.
[FR Doc. E7–10722 Filed 6–7–07; 8:45 am]
FEDERAL COMMUNICATIONS
COMMISSION
47 CFR Part 64
BILLING CODE 6712–01–P
[CC Docket Nos. 96–115, 96–149; FCC 02–
214]
FEDERAL COMMUNICATIONS
COMMISSION
Customer Proprietary Network
Information
47 CFR Part 64
Federal Communications
Commission.
AGENCY:
[CC Docket No. 96–115, WC Docket No. 04–
36; FCC 07–22]
Final rule; announcement of
effective date.
ACTION:
Customer Proprietary Network
Information
SUMMARY: The Commission adopted
rules to implement section 222 of the
Communications Act of 1934, as
amended, which governs carriers’ use
and disclosure of customer proprietary
network information. The rules in
§§ 64.2007, 64.2008, and 64.2009
required Office of Management and
Budget approval and the Commission
stated previously in its Federal Register
publication that it would announce the
effective date of these rules when
approved. This document announces
the effective date of these rules.
The revisions to 47 CFR 64.2007,
addition of 47 CFR 64.2008, and
revision and amendments to 47 CFR
64.2009, published at 67 FR 59205,
became effective on February 24, 2003.
DATES:
FOR FURTHER INFORMATION CONTACT:
William Dever, (202) 418–1578,
Wireline Competition Bureau.
The FCC
published a document in the Federal
Register, 67 FR 59205, September 20,
2002, that sets forth an effective date of
October 21, 2002, except for
amendments to § 64.2007, addition of
§ 64.2008, and amendments and
revisions to § 64.2009, which contained
information collection requirements that
had not been approved by the Office of
Management and Budget. The document
stated that the Commission will publish
a document in the Federal Register
announcing the effective date of these
rules. On February 24, 2003, the Office
of Management and Budget (OMB)
approved the information collection
requirements contained in 47 CFR
64.2007, 64.2008, and 64.2009 pursuant
to OMB Control No. 3060–0715.
Accordingly, the information collection
requirement contained in these rules
became effective on February 24, 2003.
The expiration date for the information
collection was February 28, 2006. The
expiration date was extended to May 31,
2008 in 70 FR 30112.
pwalker on PROD1PC71 with RULES3
SUPPLEMENTARY INFORMATION:
VerDate Aug<31>2005
19:21 Jun 07, 2007
Jkt 211001
Federal Communications
Commission.
ACTION: Final rule.
AGENCY:
SUMMARY: The Commission adopted
rules to implement section 222 of the
Communications Act of 1934, as
amended, which governs carriers’ use
and disclosure of customer proprietary
network information. In this document,
the Commission responds to the
practice of ‘‘pretexting’’ by
strengthening its rules to protect the
privacy of customer proprietary network
information (CPNI) that is collected and
held by providers of communications
services.
Revised paragraph (o) of
§ 64.2003, new paragraphs (a), (b), (d),
(m), (q), and (r) of § 64.2003, revised
paragraph (c)(3) of § 64.2005, revised
paragraph (b) of § 64.2007, revised
paragraph (e) of 64.2009, and new
§§ 64.2010 and 64.2011 contain
information collection requirements that
have not been approved by the Office of
Management and Budget (OMB). The
Commission will publish a document in
the Federal Register announcing the
effective date. Written comment by the
public on the modified information
collection requirements are due August
7, 2007. Paragraphs (c), (e) through (l),
(n), and (p) of § 64.2003 do not contain
information collection requirements that
have not been approved by OMB and
therefore are effective on June 8, 2007.
FOR FURTHER INFORMATION CONTACT:
Adam Kirschenbaum, (202) 418–7280,
Wireline Competition Bureau.
For additional information concerning
the Paperwork Reduction Act
information collection requirements
contained in this document, contact
Judith B. Herman at (202) 418–0214, or
via e-mail at [email protected].
SUPPLEMENTARY INFORMATION: This is a
summary of the Commission’s Report
and Order (Order) in CC Docket No. 96–
115 and WC Docket No. 04–36, FCC 07–
22, adopted March 13, 2007, and
DATES:
PO 00000
Frm 00002
Fmt 4701
Sfmt 4700
released April 2, 2007. The complete
text of this document is available for
inspection and copying during normal
business hours in the FCC Reference
Information Center, Portals II, 445 12th
Street, SW., Room CY–A257,
Washington, DC 20554. This document
may also be purchased from the
Commission’s duplicating contractor,
Best Copy and Printing, Inc., 445 12th
Street, SW., Room CY–B402,
Washington, DC 20554, telephone (800)
378–3160 or (202) 863–2893, facsimile
(202) 863–2898, or via e-mail at
http://www.bcpiweb.com. It is also
available on the Commission’s Web site
at http://www.fcc.gov.
In addition to filing comments with
the Office of the Secretary, a copy of any
comments on the Paperwork Reduction
Act information collection requirements
contained herein should be submitted to
Judith B. Herman, Federal
Communications Commission, Room 1–
C804, 445 12th Street, SW., Washington,
DC 20554, or via the Internet to [email protected].
Synopsis of the Report and Order
1. On August 30, 2005, the Electronic
Privacy Information Center (EPIC) filed
a petition with the Commission asking
the Commission to investigate
telecommunications carriers’ current
security practices and to initiate a
rulemaking proceeding to consider
establishing more stringent security
standards for telecommunications
carriers to govern the disclosure of
CPNI. In particular, EPIC proposed that
the Commission consider requiring the
use of consumer-set passwords, creating
audit trails, employing encryption,
limiting data retention, and improving
notice procedures. On February 14,
2006, the Commission released the EPIC
CPNI Notice, 71 FR 13317 (March 15,
2006), in which it sought comment on
(a) the nature and scope of the problem
identified by EPIC, including pretexting,
and (b) what additional steps, if any, the
Commission should take to protect
further the privacy of CPNI.
Specifically, the Commission sought
comment on the five EPIC proposals
listed above. In addition, the
Commission tentatively concluded that
it should amend its rules to require
carriers annually to file their section
64.2009(e) certifications with the
Commission. It also sought comment on
whether it should require carriers to
obtain a customer’s opt-in consent
before the carrier shares CPNI with its
joint venture partners and independent
contractors; whether to impose rules
relating to how carriers verify
customers’ identities; whether to adopt
a set of security requirements that could
E:\FR\FM\08JNR3.SGM
08JNR3
�pwalker on PROD1PC71 with RULES3
Federal Register / Vol. 72, No. 110 / Friday, June 8, 2007 / Rules and Regulations
be used as the basis for liability if a
carrier failed to implement such
requirements, or adopt a set of security
requirements that a carrier could
implement to exempt itself from
liability; whether VoIP service providers
or other IP-enabled service providers
should be covered by any new rules the
Commission adopts in the present
rulemaking; and other specific
proposals that might increase the
protection of CPNI.
2. In this Order, the Commission
responds to the practice of ‘‘pretexting’’
by strengthening its rules to protect the
privacy of customer proprietary network
information (CPNI) that is collected and
held by providers of communications
services (hereinafter, communications
carriers or carriers). Section 222 of the
Communications Act requires
telecommunications carriers to take
specific steps to ensure that CPNI is
adequately protected from unauthorized
disclosure. In the Order, the
Commission strengthens its privacy
rules by adopting additional safeguards
to protect customers’ CPNI against
unauthorized access and disclosure.
3. The Order is directly responsive to
the actions of data brokers, or pretexters,
to obtain unauthorized access to CPNI.
As EPIC pointed out in its petition that
led to this rulemaking proceeding,
numerous Web sites advertise the sale of
personal telephone records for a price.
These data brokers have been able to
obtain private and personal information,
including what calls were made to and/
or from a particular telephone number
and the duration of such calls. In many
cases, the data brokers claim to be able
to provide this information within fairly
quick time frames, ranging from a few
hours to a few days. The additional
privacy safeguards the Commission
adopts in the Order will sharply limit
pretexters’ ability to obtain
unauthorized access to this type of
personal customer information from
carriers the Commission regulates.
4. The Commission finds that the
release of call detail over the telephone
presents an immediate risk to privacy
and therefore it prohibits carriers from
releasing call detail information based
on customer-initiated telephone contact
except under three circumstances. First,
a carrier can release call detail
information if the customer provides the
carrier with a pre-established password.
Second, a carrier may, at the customer’s
request, send call detail information to
the customer’s address of record. Third,
a carrier may call the telephone number
of record and disclose call detail
information. A carrier may disclose noncall detail CPNI to a customer after the
carrier authenticates the customer.
VerDate Aug<31>2005
19:21 Jun 07, 2007
Jkt 211001
5. The Commission does not intend
for the prohibition on the release of call
detail over the telephone for customerinitiated telephone contact to hinder
routine carrier-customer relations
regarding service/billing disputes and
questions. If a customer is able to
provide to the carrier, during a
customer-initiated telephone call, all of
the call detail information necessary to
address a customer service issue (i.e.,
the telephone number called, when it
was called, and, if applicable, the
amount charged for the call), then the
carrier is permitted to proceed with its
routine customer care procedures. The
Commission believes that if a customer
is able to provide this information to the
carrier, without carrier assistance, then
the carrier does not violate the
Commission’s rules if the carrier takes
routine customer service actions related
to such information. The Commission
additionally clarifies that, under these
circumstances, carriers may not disclose
to the customer any call detail
information about the customer account
other than the call detail information
that the customer provides without the
customer first providing a password.
The Commission’s rule is intended to
prevent pretexter phishing and other
pretexter methods for gaining
unauthorized access to customer
account information.
6. The Commission also requires
carriers to password protect online
access to CPNI. Although section 222 of
the Act imposes a duty on carriers to
protect the privacy of CPNI, data brokers
and others have been able to access
CPNI online without the account
holder’s knowledge or consent. The
Commission agrees with EPIC that the
apparent ease with which data brokers
have been able to access CPNI online
demonstrates the insufficiency of
carriers’ customer authentication
procedures. In particular, the record
evidence demonstrates that some
carriers permit customers to establish
online accounts by providing readily
available biographical information.
Thus, a data broker may obtain online
account access easily without the
customer’s knowledge. Therefore, the
Commission agrees with EPIC and
others that use of such identifiers is an
insufficient mechanism for preventing
data brokers from obtaining
unauthorized online access to CPNI.
7. The Commission continues to allow
carriers to provide customers with
access to CPNI at a carrier’s retail
location if the customer presents a valid
photo ID and the valid photo ID matches
the name on the account. The
Commission agrees with the Attorneys
General and finds that this is a secure
PO 00000
Frm 00003
Fmt 4701
Sfmt 4700
31949
authentication practice because it
enables the carrier to make a reasonable
judgment about the customer’s identity.
8. The Commission requires carriers
to notify customers immediately of
certain account changes, including
whenever a password, customer
response to a carrier-designed back-up
means of authentication, online
account, or address of record is created
or changed. The Commission agrees
with the New Jersey Ratepayer Advocate
that this notification is an important
tool for customers to monitor their
account’s security. This notification
may be through a carrier-originated
voicemail or text message to the
telephone number of record, or by mail
to the address of record, as to reasonably
ensure that the customer receives this
notification. The Commission believes
this measure is appropriate to protect
customers from data brokers that might
otherwise manage to circumvent the
authentication protections the
Commission adopts in this Order, and to
take appropriate action in the event of
pretexter activity. Further, the
Commission finds that this notification
requirement will also empower
customers to provide carriers with
timely information about pretexting
activity, which the carriers may not be
able to identify easily.
9. The Commission does make an
exception to the rules that it adopts for
certain business customers. The
Commission agrees with commenters
who argue that privacy concerns of
telecommunications consumers are
greatest when using personal
telecommunications services. Indeed,
the fraudulent practices described by
EPIC have mainly targeted individual
consumers, and the record indicates that
the proprietary information of wireline
and wireless business account
customers already is subject to stringent
safeguards, which are privately
negotiated by contract. Therefore, if the
carrier’s contract with a business
customer is serviced by a dedicated
account representative as the primary
contact, and specifically addresses the
carrier’s protection of CPNI, the
Commission does not extend its carrier
authentication rules to cover these
business customers, because businesses
are typically able to negotiate the
appropriate protection of CPNI in their
service agreements. However, nothing in
the Order exempts carriers serving
wireline enterprise and wireless
business account customers from
section 222 or the remainder of the
Commission’s CPNI rules.
10. The Commission agrees with EPIC
that carriers should be required to notify
a customer whenever a security breach
E:\FR\FM\08JNR3.SGM
08JNR3
�pwalker on PROD1PC71 with RULES3
31950
Federal Register / Vol. 72, No. 110 / Friday, June 8, 2007 / Rules and Regulations
results in that customer’s CPNI being
disclosed to a third party without that
customer’s authorization. However, the
Commission also appreciates law
enforcement’s concern about delaying
customer notification in order to allow
law enforcement to investigate crimes.
Therefore, the Commission adopts a rule
that it believes balances a customer’s
need to know with law enforcement’s
ability to undertake an investigation of
suspected criminal activity, which itself
might advance the goal of consumer
protection.
11. The Commission declines to
specify the precise content of the notice
that must be provided to customers in
the event of a security breach of CPNI.
The notice requirement the Commission
adopts in this proceeding is general, and
the Commission recognizes that
numerous types of circumstances—
including situations other than
pretexting—could result in the
unauthorized disclosure of a customer’s
CPNI to a third party. Thus, the
Commission leaves carriers the
discretion to tailor the language and
method of notification to the
circumstances. Finally, the Commission
expects carriers to cooperate fully in any
law enforcement investigation of such
unauthorized release of CPNI or
attempted unauthorized access to an
account consistent with statutory and
Commission requirements.
12. The Commission agrees with
commenters that techniques for fraud
vary and tend to become more
sophisticated over time, and that
carriers need leeway to engage emerging
threats. The Commission therefore
clarifies that carriers are free to bolster
their security measures through
additional measures to meet their
section 222 obligations to protect the
privacy of CPNI. The Commission also
codifies the existing statutory
requirement contained in section 222 of
the Act that carriers take reasonable
measures to discover and protect against
activity that is indicative of pretexting.
Adoption of the rules in this Order does
not relieve carriers of their fundamental
duty to remain vigilant in their
protection of CPNI, nor does it
necessarily insulate them from
enforcement action for unauthorized
disclosure of CPNI.
13. The Commission modifies its rules
to require telecommunications carriers
to obtain opt-in consent from a customer
before disclosing that customer’s CPNI
to a carrier’s joint venture partner or
independent contractor for the purpose
of marketing communications-related
services to that customer. While the
Commission realizes that this is a
change in Commission policy, it finds
VerDate Aug<31>2005
19:21 Jun 07, 2007
Jkt 211001
that new circumstances force it to
reassess its existing regulations. As the
Commission has found previously, the
Commission has a substantial interest in
protecting customer privacy. Based on
this and in light of new privacy
concerns, the Commission now finds
that an opt-in framework for the sharing
of CPNI with joint venture partners and
independent contractors for the
purposes of marketing communicationsrelated services to a customer both
directly advances its interest in
protecting customer privacy and is
narrowly tailored to achieve its goal of
privacy protection. Specifically, an optin regime will more effectively limit the
circulation of a customer’s CPNI by
maintaining it in a carrier’s possession
unless a customer provides informed
consent for its release. Moreover, the
Commission finds that an opt-in regime
will provide necessary informed
customer choice concerning these
information sharing relationships with
other companies.
14. To the extent that carriers
voluntarily obtained opt-in approval
from their customers for the disclosure
of customers’ CPNI to a joint venture
partner or independent contractor for
the purposes of marketing
communications-related services to a
customer prior to the adoption of this
Order, those carriers can continue to use
those approvals.
15. The Commission adopts the
Commission’s tentative conclusion and
amends its rules to require carriers to
file their annual CPNI certification with
the Commission, including an
explanation of any actions taken against
data brokers and a summary of all
customer complaints received in the
past year concerning the unauthorized
release of CPNI. The Commission finds
that this amendment to the
Commission’s rules is an appropriate
measure and will ensure that carriers
regularly focus their attention on their
duty to safeguard CPNI. Additionally,
the Commission finds that this
modification to its rules will remind
carriers of the Commission’s oversight
and high priority regarding carrier
performance in this area. Further, with
this filing, the Commission will be
better able to monitor the industry’s
response to CPNI privacy issues and to
take any necessary steps to ensure that
carriers are managing customer CPNI
securely.
16. The Commission extends the
application of the Commission’s CPNI
rules to providers of interconnected
VoIP service. In the IP-Enabled Services
Notice and the EPIC CPNI Notice, the
Commission sought comment on
whether to extend the CPNI
PO 00000
Frm 00004
Fmt 4701
Sfmt 4700
requirements to VoIP service providers.
Since the Commission has not decided
whether interconnected VoIP services
are telecommunications services or
information services as those terms are
defined in the Act, nor does it do so in
this Order, the Commission analyzes the
issues addressed in this Order under its
Title I ancillary jurisdiction to
encompass both types of service. If the
Commission later classifies
interconnected VoIP service as a
telecommunications service, the
providers of interconnected VoIP
services would be subject to the
requirements of section 222 and the
Commission’s CPNI rules as
telecommunications carriers under Title
II.
17. The Commission concludes that it
has authority under Title I of the Act to
impose CPNI requirements on providers
of interconnected VoIP service.
Ancillary jurisdiction may be employed,
in the Commission’s discretion, when
Title I of the Act gives the Commission
subject matter jurisdiction over the
service to be regulated and the assertion
of jurisdiction is ‘‘reasonably ancillary
to the effective performance of [its]
various responsibilities.’’ Both
predicates for ancillary jurisdiction are
satisfied here. First, as the Commission
concluded in the Interim USF Order and
VoIP 911 Order, interconnected VoIP
services fall within the subject matter
jurisdiction granted to it in the Act.
Second, the Commission analysis
requires it to evaluate whether imposing
CPNI obligations is reasonably ancillary
to the effective performance of the
Commission’s various responsibilities.
Based on the record in this matter, the
Commission finds that sections 222 and
1 of the Act provide the requisite nexus,
with additional support from section
706.
18. The Commission takes seriously
the protection of customers’ private
information and commit to remaining
vigilant to ensure compliance with
applicable privacy laws within its
jurisdiction. One way in which the
Commission will help protect consumer
privacy is through strong enforcement
measures. When investigating
compliance with the rules and statutory
obligations, the Commission will
consider whether the carrier has taken
reasonable precautions to prevent the
unauthorized disclosure of a customer’s
CPNI. Specifically, the Commission
hereby puts carriers on notice that the
Commission henceforth will infer from
evidence that a pretexter has obtained
unauthorized access to a customer’s
CPNI that the carrier did not sufficiently
protect that customer’s CPNI. A carrier
then must demonstrate that the steps it
E:\FR\FM\08JNR3.SGM
08JNR3
�Federal Register / Vol. 72, No. 110 / Friday, June 8, 2007 / Rules and Regulations
has taken to protect CPNI from
unauthorized disclosure, including the
carrier’s policies and procedures, are
reasonable in light of the threat posed
by pretexting and the sensitivity of the
customer information at issue. If the
Commission finds at the conclusion of
its investigation that the carrier indeed
has not taken sufficient steps adequately
to protect the privacy of CPNI, the
Commission may sanction it for this
oversight, including through forfeiture.
19. The Commission offers additional
guidance regarding the Commission’s
expectations that will inform its
investigations. The Commission fully
expects carriers to take every reasonable
precaution to protect the confidentiality
of proprietary or personal customer
information. Of course, the Commission
requires carriers to implement the
specific minimum requirements set
forth in the Commission’s rules. The
Commission further expects carriers to
take additional steps to protect the
privacy of CPNI to the extent such
additional measures are feasible for a
particular carrier. For instance, although
the Commission declines to impose
audit trail obligations on carriers at this
time, the Commission expects carriers
through audits or other measures to take
reasonable measures to discover and
protect against activity that is indicative
of pretexting. Similarly, although the
Commission does not specifically
require carriers to encrypt their
customers’ CPNI, the Commission
expects a carrier to encrypt its CPNI
databases if doing so would provide
significant additional protection against
the unauthorized access to CPNI at a
cost that is reasonable given the
technology a carrier already has
implemented.
pwalker on PROD1PC71 with RULES3
Final Paperwork Reduction Act
Analysis
20. This Order contains modified
information collection requirements
subject to the Paperwork Reduction Act
of 1995 (PRA), Public Law 104–13. It
will be submitted to the Office of
Management and Budget (OMB) for
review under section 3507(d) of the
PRA. OMB, the general public, and
other Federal agencies are invited to
comment on the new information
collection requirements contained in
this proceeding. In addition, pursuant to
the Small Business Paperwork Relief
Act of 2002, Public Law 107–198, see 44
U.S.C. 3506(c)(4), the Commission
previously sought specific comment on
how it might ‘‘further reduce the
information collection burden for small
business concerns with fewer than 25
employees.’’
VerDate Aug<31>2005
19:21 Jun 07, 2007
Jkt 211001
21. In the Order, the Commission
assessed the burdens placed on small
businesses to notify customers of
account changes, to notify law
enforcement and customers of
unauthorized CPNI disclosure; to obtain
opt-in consent prior to sharing CPNI
with joint venture partners and
independent contractors; to file
annually a CPNI certification with the
Commission, including an explanation
of any actions taken against data brokers
and a summary of all consumer
complaints received in the past year
concerning the unauthorized release of
CPNI, and to extend the CPNI rules to
providers of interconnected VoIP
services, and found that these
requirements do not place a significant
burden on small businesses.
Final Regulatory Flexibility Analysis
22. As required by the Regulatory
Flexibility Act of 1980, as amended
(RFA), an Initial Regulatory Flexibility
Analysis (IRFA) was incorporated in the
EPIC CPNI Notice in CC Docket No. 96–
115 and the IP-Enabled Services Notice
in WC Docket 04–36. The Commission
sought written public comment on the
proposals in both notices, including
comment on the IRFA. The Commission
received comments specifically directed
toward the IRFA from three commenters
in CC Docket No. 96–115 and from three
commenters in WC Docket No. 04–36.
These comments are discussed below.
This Final Regulatory Flexibility
Analysis (FRFA) conforms to the RFA.
A. Need for, and Objectives of, the Rules
23. The Order strengthens the
Commission’s rules to protect the
privacy of CPNI that is collected and
held by providers of communications
services. Section 222 of the
Communications Act requires
telecommunications carriers to take
specific steps to ensure that CPNI is
adequately protected from unauthorized
disclosure. The Order adopts additional
safeguards to protect customers’ CPNI
against unauthorized access and
disclosure.
B. Summary of Significant Issues Raised
by Public Comments in Response to the
IRFA
24. Comments Received in Response
to the EPIC CPNI Notice. In this section,
the Commission responds to comments
filed in response to the IRFA. To the
extent the Commission received
comments raising general small
business concerns during the
proceeding, those comments are
discussed throughout the Order.
25. The Commission disagrees with
Alexicon that small carriers are less
PO 00000
Frm 00005
Fmt 4701
Sfmt 4700
31951
vulnerable to unauthorized attempts to
access CPNI. In fact, Alexicon itself
points out that one of its client
companies actually experienced an
unauthorized access attempt, and thus
the Commission finds the steps it takes
in the Order are applicable to all
carriers. The Commission does,
however, agree with commenters that
argue the Commission should not adopt
many of EPIC’s suggested requirements.
The Commission also agrees with
commenters that argue for flexible rules
to allow carriers to determine proper
authentication methods for its
customers. Therefore, the Commission
does not adopt specific authentication
methods, or back-up authentication
methods for lost or forgotten passwords
and instead adopts rules that provide
limits on the types of authentication
methods that meet section 222’s
mandate to protect CPNI. Further, the
Commission agrees with commenters
that small carriers should be provided
additional time to implement the
requirements that the Commission does
adopt in the Order. Thus, the
Commission provides small carriers
with an additional six month
implementation period for the online
carrier authentication requirements
adopted in the Order.
26. Comments Received in Response
to the IP-Enabled Services Notice. In
this section, the Commission responds
to comments filed in response to the
IRFA. To the extent the Commission
received comments raising general small
business concerns during the
proceeding, those comments are
discussed throughout the Order.
27. The Commission disagrees with
the SBA and Francois D. Menard
(Menard) that the Commission should
postpone acting in this proceeding—
thereby postponing extending the
application of the CPNI rules to
interconnected VoIP service providers—
and instead should reevaluate the
economic impact and the compliance
burdens on small entities and issue a
further notice of proposed rulemaking
in conjunction with a supplemental
IRFA identifying and analyzing the
economic impacts on small entities and
less burdensome alternatives. The
Commission believes the additional
steps suggested by SBA and Menard are
unnecessary because small entities
already have received sufficient notice
of the issues addressed in the Order and
because the Commission has considered
the economic impact on small entities
and what ways are feasible to minimize
the burdens imposed on those entities,
and, to the extent feasible, has
implemented those less burdensome
alternatives.
E:\FR\FM\08JNR3.SGM
08JNR3
�31952
Federal Register / Vol. 72, No. 110 / Friday, June 8, 2007 / Rules and Regulations
C. Description and Estimate of the
Number of Small Entities to Which
Rules Will Apply
28. The RFA directs agencies to
provide a description of and, where
feasible, an estimate of the number of
small entities that may be affected by
the rules adopted herein. The RFA
generally defines the term ‘‘small
entity’’ as having the same meaning as
the terms ‘‘small business,’’ ‘‘small
organization,’’ and ‘‘small governmental
jurisdiction.’’ In addition, the term
‘‘small business’’ has the same meaning
as the term ‘‘small business concern’’
under the Small Business Act. A small
business concern is one which: (1) Is
independently owned and operated; (2)
is not dominant in its field of operation;
and (3) satisfies any additional criteria
established by the Small Business
Administration (SBA).
29. Small Businesses. Nationwide,
there are a total of approximately 22.4
million small businesses, according to
SBA data.
30. Small Organizations. Nationwide,
there are approximately 1.6 million
small organizations.
31. Small Governmental Jurisdictions.
The term ‘‘small governmental
jurisdiction’’ is defined generally as
‘‘governments of cities, towns,
townships, villages, school districts, or
special districts, with a population of
less than fifty thousand.’’ Census
Bureau data for 2002 indicate that there
were 87,525 local governmental
jurisdictions in the United States. The
Commission estimates that, of this total,
84,377 entities were ‘‘small
governmental jurisdictions.’’ Thus, the
Commission estimates that most
governmental jurisdictions are small.
pwalker on PROD1PC71 with RULES3
1. Telecommunications Service Entities
a. Wireline Carriers and Service
Providers
32. The Commission has included
small incumbent local exchange carriers
in the present RFA analysis. As noted
above, a ‘‘small business’’ under the
RFA is one that, inter alia, meets the
pertinent small business size standard
(e.g., a telephone communications
business having 1,500 or fewer
employees), and ‘‘is not dominant in its
field of operation.’’ The SBA’s Office of
Advocacy contends that, for RFA
purposes, small incumbent local
exchange carriers are not dominant in
their field of operation because any such
dominance is not ‘‘national’’ in scope.
The Commission has therefore included
small incumbent local exchange carriers
in this RFA analysis, although the
Commission emphasizes that this RFA
action has no effect on Commission
VerDate Aug<31>2005
19:21 Jun 07, 2007
Jkt 211001
analyses and determinations in other,
non-RFA contexts.
33. Incumbent Local Exchange
Carriers (LECs). Neither the Commission
nor the SBA has developed a small
business size standard specifically for
incumbent local exchange services. The
appropriate size standard under SBA
rules is for the category Wired
Telecommunications Carriers. Under
that size standard, such a business is
small if it has 1,500 or fewer employees.
According to Commission data, 1,303
carriers have reported that they are
engaged in the provision of incumbent
local exchange services. Of these 1,303
carriers, an estimated 1,020 have 1,500
or fewer employees and 283 have more
than 1,500 employees. Consequently,
the Commission estimates that most
providers of incumbent local exchange
service are small businesses that may be
affected by its action.
34. Competitive Local Exchange
Carriers, Competitive Access Providers
(CAPs), ‘‘Shared-Tenant Service
Providers,’’ and ‘‘Other Local Service
Providers.’’ Neither the Commission nor
the SBA has developed a small business
size standard specifically for these
service providers. The appropriate size
standard under SBA rules is for the
category Wired Telecommunications
Carriers. Under that size standard, such
a business is small if it has 1,500 or
fewer employees. According to
Commission data, 769 carriers have
reported that they are engaged in the
provision of either competitive access
provider services or competitive local
exchange carrier services. Of these 769
carriers, an estimated 676 have 1,500 or
fewer employees and 93 have more than
1,500 employees. In addition, 12
carriers have reported that they are
‘‘Shared-Tenant Service Providers,’’ and
all 12 are estimated to have 1,500 or
fewer employees. In addition, 39
carriers have reported that they are
‘‘Other Local Service Providers.’’ Of the
39, an estimated 38 have 1,500 or fewer
employees and one has more than 1,500
employees. Consequently, the
Commission estimates that most
providers of competitive local exchange
service, competitive access providers,
‘‘Shared-Tenant Service Providers,’’ and
‘‘Other Local Service Providers’’ are
small entities that may be affected by its
action.
35. Local Resellers. The SBA has
developed a small business size
standard for the category of
Telecommunications Resellers. Under
that size standard, such a business is
small if it has 1,500 or fewer employees.
According to Commission data, 143
carriers have reported that they are
engaged in the provision of local resale
PO 00000
Frm 00006
Fmt 4701
Sfmt 4700
services. Of these, an estimated 141
have 1,500 or fewer employees and two
have more than 1,500 employees.
Consequently, the Commission
estimates that the majority of local
resellers are small entities that may be
affected by its action.
36. Toll Resellers. The SBA has
developed a small business size
standard for the category of
Telecommunications Resellers. Under
that size standard, such a business is
small if it has 1,500 or fewer employees.
According to Commission data, 770
carriers have reported that they are
engaged in the provision of toll resale
services. Of these, an estimated 747
have 1,500 or fewer employees and 23
have more than 1,500 employees.
Consequently, the Commission
estimates that the majority of toll
resellers are small entities that may be
affected by its action.
37. Payphone Service Providers
(PSPs). Neither the Commission nor the
SBA has developed a small business
size standard specifically for payphone
services providers. The appropriate size
standard under SBA rules is for the
category Wired Telecommunications
Carriers. Under that size standard, such
a business is small if it has 1,500 or
fewer employees. According to
Commission data, 613 carriers have
reported that they are engaged in the
provision of payphone services. Of
these, an estimated 609 have 1,500 or
fewer employees and four have more
than 1,500 employees. Consequently,
the Commission estimates that the
majority of payphone service providers
are small entities that may be affected
by its action.
38. Interexchange Carriers (IXCs).
Neither the Commission nor the SBA
has developed a small business size
standard specifically for providers of
interexchange services. The appropriate
size standard under SBA rules is for the
category Wired Telecommunications
Carriers. Under that size standard, such
a business is small if it has 1,500 or
fewer employees. According to
Commission data, 316 carriers have
reported that they are engaged in the
provision of interexchange service. Of
these, an estimated 292 have 1,500 or
fewer employees and 24 have more than
1,500 employees. Consequently, the
Commission estimates that the majority
of IXCs are small entities that may be
affected by its action.
39. Operator Service Providers (OSPs).
Neither the Commission nor the SBA
has developed a small business size
standard specifically for operator
service providers. The appropriate size
standard under SBA rules is for the
category Wired Telecommunications
E:\FR\FM\08JNR3.SGM
08JNR3
�pwalker on PROD1PC71 with RULES3
Federal Register / Vol. 72, No. 110 / Friday, June 8, 2007 / Rules and Regulations
Carriers. Under that size standard, such
a business is small if it has 1,500 or
fewer employees. According to
Commission data, 23 carriers have
reported that they are engaged in the
provision of operator services. Of these,
an estimated 20 have 1,500 or fewer
employees and three have more than
1,500 employees. Consequently, the
Commission estimates that the majority
of OSPs are small entities that may be
affected by its action.
40. Prepaid Calling Card Providers.
Neither the Commission nor the SBA
has developed a small business size
standard specifically for prepaid calling
card providers. The appropriate size
standard under SBA rules is for the
category Telecommunications Resellers.
Under that size standard, such a
business is small if it has 1,500 or fewer
employees. According to Commission
data, 89 carriers have reported that they
are engaged in the provision of prepaid
calling cards. Of these, 88 are estimated
to have 1,500 or fewer employees and
one has more than 1,500 employees.
Consequently, the Commission
estimates that all or the majority of
prepaid calling card providers are small
entities that may be affected by its
action.
41. 800 and 800–Like Service
Subscribers. Neither the Commission
nor the SBA has developed a small
business size standard specifically for
800 and 800-like service (‘‘toll free’’)
subscribers. The appropriate size
standard under SBA rules is for the
category Telecommunications Resellers.
Under that size standard, such a
business is small if it has 1,500 or fewer
employees. The most reliable source of
information regarding the number of
these service subscribers appears to be
data the Commission collects on the
800, 888, and 877 numbers in use.
According to the Commission’s data, at
the end of January, 1999, the number of
800 numbers assigned was 7,692,955;
the number of 888 numbers assigned
was 7,706,393; and the number of 877
numbers assigned was 1,946,538. The
Commission does not have data
specifying the number of these
subscribers that are not independently
owned and operated or have more than
1,500 employees, and thus is unable at
this time to estimate with greater
precision the number of toll free
subscribers that would qualify as small
businesses under the SBA size standard.
Consequently, the Commission
estimates that there are 7,692,955 or
fewer small entity 800 subscribers;
7,706,393 or fewer small entity 888
subscribers; and 1,946,538 or fewer
small entity 877 subscribers.
VerDate Aug<31>2005
19:21 Jun 07, 2007
Jkt 211001
b. International Service Providers
42. The Commission has not
developed a small business size
standard specifically for providers of
international service. The appropriate
size standards under SBA rules are for
the two broad census categories of
‘‘Satellite Telecommunications’’ and
‘‘Other Telecommunications.’’ Under
both categories, such a business is small
if it has $12.5 million or less in average
annual receipts.
43. The first category of Satellite
Telecommunications ‘‘comprises
establishments primarily engaged in
providing point-to-point
telecommunications services to other
establishments in the
telecommunications and broadcasting
industries by forwarding and receiving
communications signals via a system of
satellites or reselling satellite
telecommunications.’’ For this category,
Census Bureau data for 2002 show that
there were a total of 371 firms that
operated for the entire year. Of this
total, 307 firms had annual receipts of
under $10 million, and 26 firms had
receipts of $10 million to $24,999,999.
Consequently, the Commission
estimates that the majority of Satellite
Telecommunications firms are small
entities that might be affected by its
action.
44. The second category of Other
Telecommunications ‘‘comprises
establishments primarily engaged in (1)
providing specialized
telecommunications applications, such
as satellite tracking, communications
telemetry, and radar station operations;
or (2) providing satellite terminal
stations and associated facilities
operationally connected with one or
more terrestrial communications
systems and capable of transmitting
telecommunications to or receiving
telecommunications from satellite
systems.’’ For this category, Census
Bureau data for 2002 show that there
were a total of 332 firms that operated
for the entire year. Of this total, 259
firms had annual receipts of under $10
million and 15 firms had annual
receipts of $10 million to $24,999,999.
Consequently, the Commission
estimates that the majority of Other
Telecommunications firms are small
entities that might be affected by its
action.
c. Wireless Telecommunications Service
Providers
45. Below, for those services subject
to auctions, the Commission notes that,
as a general matter, the number of
winning bidders that qualify as small
businesses at the close of an auction
PO 00000
Frm 00007
Fmt 4701
Sfmt 4700
31953
does not necessarily represent the
number of small businesses currently in
service. Also, the Commission does not
generally track subsequent business size
unless, in the context of assignments or
transfers, unjust enrichment issues are
implicated.
46. Wireless Service Providers. The
SBA has developed a small business
size standard for wireless firms within
the two broad economic census
categories of ‘‘Paging’’ and ‘‘Cellular and
Other Wireless Telecommunications.’’
Under both SBA categories, a wireless
business is small if it has 1,500 or fewer
employees. For the census category of
Paging, Census Bureau data for 2002
show that there were 807 firms in this
category that operated for the entire
year. Of this total, 804 firms had
employment of 999 or fewer employees,
and three firms had employment of
1,000 employees or more. Thus, under
this category and associated small
business size standard, the majority of
firms can be considered small. For the
census category of Cellular and Other
Wireless Telecommunications, Census
Bureau data for 2002 show that there
were 1,397 firms in this category that
operated for the entire year. Of this
total, 1,378 firms had employment of
999 or fewer employees, and 19 firms
had employment of 1,000 employees or
more. Thus, under this second category
and size standard, the majority of firms
can, again, be considered small.
47. Cellular Licensees. The SBA has
developed a small business size
standard for wireless firms within the
broad economic census category
‘‘Cellular and Other Wireless
Telecommunications.’’ Under this SBA
category, a wireless business is small if
it has 1,500 or fewer employees. For the
census category of Cellular and Other
Wireless Telecommunications, Census
Bureau data for 2002 show that there
were 1,397 firms in this category that
operated for the entire year. Of this
total, 1,378 firms had employment of
999 or fewer employees, and 19 firms
had employment of 1,000 employees or
more. Thus, under this category and size
standard, the great majority of firms can
be considered small. Also, according to
Commission data, 437 carriers reported
that they were engaged in the provision
of cellular service, Personal
Communications Service (PCS), or
Specialized Mobile Radio (SMR)
Telephony services, which are placed
together in the data. The Commission
has estimated that 260 of these are
small, under the SBA small business
size standard.
48. Common Carrier Paging. The SBA
has developed a small business size
standard for wireless firms within the
E:\FR\FM\08JNR3.SGM
08JNR3
�pwalker on PROD1PC71 with RULES3
31954
Federal Register / Vol. 72, No. 110 / Friday, June 8, 2007 / Rules and Regulations
broad economic census category,
‘‘Cellular and Other Wireless
Telecommunications.’’ Under this SBA
category, a wireless business is small if
it has 1,500 or fewer employees. For the
census category of Paging, Census
Bureau data for 2002 show that there
were 807 firms in this category that
operated for the entire year. Of this
total, 804 firms had employment of 999
or fewer employees, and three firms had
employment of 1,000 employees or
more. Thus, under this category and
associated small business size standard,
the majority of firms can be considered
small. In the Paging Third Report and
Order, the Commission developed a
small business size standard for ‘‘small
businesses’’ and ‘‘very small
businesses’’ for purposes of determining
their eligibility for special provisions
such as bidding credits and installment
payments. A ‘‘small business’’ is an
entity that, together with its affiliates
and controlling principals, has average
gross revenues not exceeding $15
million for the preceding three years.
Additionally, a ‘‘very small business’’ is
an entity that, together with its affiliates
and controlling principals, has average
gross revenues that are not more than $3
million for the preceding three years.
The SBA has approved these small
business size standards. An auction of
Metropolitan Economic Area licenses
commenced on February 24, 2000, and
closed on March 2, 2000. Of the 985
licenses auctioned, 440 were sold. Fiftyseven companies claiming small
business status won. Also, according to
Commission data, 375 carriers reported
that they were engaged in the provision
of paging and messaging services. Of
those, the Commission estimates that
370 are small, under the SBA-approved
small business size standard.
49. Wireless Communications
Services. This service can be used for
fixed, mobile, radiolocation, and digital
audio broadcasting satellite uses. The
Commission established small business
size standards for the wireless
communications services (WCS)
auction. A ‘‘small business’’ is an entity
with average gross revenues of $40
million for each of the three preceding
years, and a ‘‘very small business’’ is an
entity with average gross revenues of
$15 million for each of the three
preceding years. The SBA has approved
these small business size standards. The
Commission auctioned geographic area
licenses in the WCS service. In the
auction, there were seven winning
bidders that qualified as ‘‘very small
business’’ entities, and one that
qualified as a ‘‘small business’’ entity.
50. Wireless Telephony. Wireless
telephony includes cellular, personal
VerDate Aug<31>2005
19:21 Jun 07, 2007
Jkt 211001
communications services (PCS), and
specialized mobile radio (SMR)
telephony carriers. As noted earlier, the
SBA has developed a small business
size standard for ‘‘Cellular and Other
Wireless Telecommunications’’ services.
Under that SBA small business size
standard, a business is small if it has
1,500 or fewer employees. According to
Commission data, 445 carriers reported
that they were engaged in the provision
of wireless telephony. The Commission
has estimated that 245 of these are small
under the SBA small business size
standard.
51. Broadband Personal
Communications Service. The
broadband Personal Communications
Service (PCS) spectrum is divided into
six frequency blocks designated A
through F, and the Commission has held
auctions for each block. The
Commission defined ‘‘small entity’’ for
Blocks C and F as an entity that has
average gross revenues of $40 million or
less in the three previous calendar
years. For Block F, an additional
classification for ‘‘very small business’’
was added and is defined as an entity
that, together with its affiliates, has
average gross revenues of not more than
$15 million for the preceding three
calendar years.’’ These standards
defining ‘‘small entity’’ in the context of
broadband PCS auctions have been
approved by the SBA. No small
businesses, within the SBA-approved
small business size standards bid
successfully for licenses in Blocks A
and B. There were 90 winning bidders
that qualified as small entities in the
Block C auctions. A total of 93 small
and very small business bidders won
approximately 40 percent of the 1,479
licenses for Blocks D, E, and F. On
March 23, 1999, the Commission reauctioned 347 C, D, E, and F Block
licenses. There were 48 small business
winning bidders. On January 26, 2001,
the Commission completed the auction
of 422 C and F Broadband PCS licenses
in Auction No. 35. Of the 35 winning
bidders in this auction, 29 qualified as
‘‘small’’ or ‘‘very small’’ businesses.
Subsequent events, concerning Auction
35, including judicial and agency
determinations, resulted in a total of 163
C and F Block licenses being available
for grant.
52. Narrowband Personal
Communications Services. To date, two
auctions of narrowband personal
communications services (PCS) licenses
have been conducted. For purposes of
the two auctions that have already been
held, ‘‘small businesses’’ were entities
with average gross revenues for the prior
three calendar years of $40 million or
less. Through these auctions, the
PO 00000
Frm 00008
Fmt 4701
Sfmt 4700
Commission has awarded a total of 41
licenses, out of which 11 were obtained
by small businesses. To ensure
meaningful participation of small
business entities in future auctions, the
Commission has adopted a two-tiered
small business size standard in the
Narrowband PCS Second Report and
Order. A ‘‘small business’’ is an entity
that, together with affiliates and
controlling interests, has average gross
revenues for the three preceding years of
not more than $40 million. A ‘‘very
small business’’ is an entity that,
together with affiliates and controlling
interests, has average gross revenues for
the three preceding years of not more
than $15 million. The SBA has
approved these small business size
standards. In the future, the
Commission will auction 459 licenses to
serve Metropolitan Trading Areas
(MTAs) and 408 response channel
licenses. There is also one megahertz of
narrowband PCS spectrum that has been
held in reserve and that the Commission
has not yet decided to release for
licensing. The Commission cannot
predict accurately the number of
licenses that will be awarded to small
entities in future auctions. However,
four of the 16 winning bidders in the
two previous narrowband PCS auctions
were small businesses, as that term was
defined. The Commission assumes, for
purposes of this analysis that a large
portion of the remaining narrowband
PCS licenses will be awarded to small
entities. The Commission also assumes
that at least some small businesses will
acquire narrowband PCS licenses by
means of the Commission’s partitioning
and disaggregation rules.
53. 220 MHz Radio Service—Phase I
Licensees. The 220 MHz service has
both Phase I and Phase II licenses. Phase
I licensing was conducted by lotteries in
1992 and 1993. There are approximately
1,515 such non-nationwide licensees
and four nationwide licensees currently
authorized to operate in the 220 MHz
band. The Commission has not
developed a small business size
standard for small entities specifically
applicable to such incumbent 220 MHz
Phase I licensees. To estimate the
number of such licensees that are small
businesses, the Commission applies the
small business size standard under the
SBA rules applicable to ‘‘Cellular and
Other Wireless Telecommunications’’
companies. This category provides that
a small business is a wireless company
employing no more than 1,500 persons.
For the census category Cellular and
Other Wireless Telecommunications,
Census Bureau data for 1997 show that
there were 977 firms in this category,
E:\FR\FM\08JNR3.SGM
08JNR3
�pwalker on PROD1PC71 with RULES3
Federal Register / Vol. 72, No. 110 / Friday, June 8, 2007 / Rules and Regulations
total, that operated for the entire year.
Of this total, 965 firms had employment
of 999 or fewer employees, and an
additional 12 firms had employment of
1,000 employees or more. Thus, under
this second category and size standard,
the majority of firms can, again, be
considered small. Assuming this general
ratio continues in the context of Phase
I 220 MHz licensees, the Commission
estimates that nearly all such licensees
are small businesses under the SBA’s
small business size standard. In
addition, limited preliminary census
data for 2002 indicate that the total
number of cellular and other wireless
telecommunications carriers increased
approximately 321 percent from 1997 to
2002.
54. 220 MHz Radio Service—Phase II
Licensees. The 220 MHz service has
both Phase I and Phase II licenses. The
Phase II 220 MHz service is a new
service, and is subject to spectrum
auctions. In the 220 MHz Third Report
and Order, the Commission adopted a
small business size standard for ‘‘small’’
and ‘‘very small’’ businesses for
purposes of determining their eligibility
for special provisions such as bidding
credits and installment payments. This
small business size standard indicates
that a ‘‘small business’’ is an entity that,
together with its affiliates and
controlling principals, has average gross
revenues not exceeding $15 million for
the preceding three years. A ‘‘very small
business’’ is an entity that, together with
its affiliates and controlling principals,
has average gross revenues that do not
exceed $3 million for the preceding
three years. The SBA has approved
these small business size standards.
Auctions of Phase II licenses
commenced on September 15, 1998, and
closed on October 22, 1998. In the first
auction, 908 licenses were auctioned in
three different-sized geographic areas:
three nationwide licenses, 30 Regional
Economic Area Group (EAG) Licenses,
and 875 Economic Area (EA) Licenses.
Of the 908 licenses auctioned, 693 were
sold. Thirty-nine small businesses won
licenses in the first 220 MHz auction.
The second auction included 225
licenses: 216 EA licenses and 9 EAG
licenses. Fourteen companies claiming
small business status won 158 licenses.
55. 800 MHz and 900 MHz
Specialized Mobile Radio Licenses. The
Commission awards ‘‘small entity’’ and
‘‘very small entity’’ bidding credits in
auctions for Specialized Mobile Radio
(SMR) geographic area licenses in the
800 MHz and 900 MHz bands to firms
that had revenues of no more than $15
million in each of the three previous
calendar years, or that had revenues of
no more than $3 million in each of the
VerDate Aug<31>2005
19:21 Jun 07, 2007
Jkt 211001
previous calendar years, respectively.
These bidding credits apply to SMR
providers in the 800 MHz and 900 MHz
bands that either hold geographic area
licenses or have obtained extended
implementation authorizations. The
Commission does not know how many
firms provide 800 MHz or 900 MHz
geographic area SMR service pursuant
to extended implementation
authorizations, nor how many of these
providers have annual revenues of no
more than $15 million. One firm has
over $15 million in revenues. The
Commission assumes, for purposes here,
that all of the remaining existing
extended implementation
authorizations are held by small
entities, as that term is defined by the
SBA. The Commission has held
auctions for geographic area licenses in
the 800 MHz and 900 MHz SMR bands.
There were 60 winning bidders that
qualified as small or very small entities
in the 900 MHz SMR auctions. Of the
1,020 licenses won in the 900 MHz
auction, bidders qualifying as small or
very small entities won 263 licenses. In
the 800 MHz auction, 38 of the 524
licenses won were won by small and
very small entities.
56. 700 MHz Guard Band Licensees.
In the 700 MHz Guard Band Order, the
Commission adopted a small business
size standard for ‘‘small businesses’’ and
‘‘very small businesses’’ for purposes of
determining their eligibility for special
provisions such as bidding credits and
installment payments. A ‘‘small
business’’ as an entity that, together
with its affiliates and controlling
principals, has average gross revenues
not exceeding $15 million for the
preceding three years. Additionally, a
‘‘very small business’’ is an entity that,
together with its affiliates and
controlling principals, has average gross
revenues that are not more than $3
million for the preceding three years.
An auction of 52 Major Economic Area
(MEA) licenses commenced on
September 6, 2000, and closed on
September 21, 2000. Of the 104 licenses
auctioned, 96 licenses were sold to nine
bidders. Five of these bidders were
small businesses that won a total of 26
licenses. A second auction of 700 MHz
Guard Band licenses commenced on
February 13, 2001 and closed on
February 21, 2001. All eight of the
licenses auctioned were sold to three
bidders. One of these bidders was a
small business that won a total of two
licenses.
57. Rural Radiotelephone Service. The
Commission has not adopted a size
standard for small businesses specific to
the Rural Radiotelephone Service. A
significant subset of the Rural
PO 00000
Frm 00009
Fmt 4701
Sfmt 4700
31955
Radiotelephone Service is the Basic
Exchange Telephone Radio System
(BETRS). The Commission uses the
SBA’s small business size standard
applicable to ‘‘Cellular and Other
Wireless Telecommunications,’’ i.e., an
entity employing no more than 1,500
persons. There are approximately 1,000
licensees in the Rural Radiotelephone
Service, and the Commission estimates
that there are 1,000 or fewer small entity
licensees in the Rural Radiotelephone
Service that may be affected by the rules
and policies adopted herein.
58. Air-Ground Radiotelephone
Service. The Commission has not
adopted a small business size standard
specific to the Air-Ground
Radiotelephone Service. The
Commission will use SBA’s small
business size standard applicable to
‘‘Cellular and Other Wireless
Telecommunications,’’ i.e., an entity
employing no more than 1,500 persons.
There are approximately 100 licensees
in the Air-Ground Radiotelephone
Service, and the Commission estimates
that almost all of them qualify as small
under the SBA small business size
standard.
59. Aviation and Marine Radio
Services. Small businesses in the
aviation and marine radio services use
a very high frequency (VHF) marine or
aircraft radio and, as appropriate, an
emergency position-indicating radio
beacon (and/or radar) or an emergency
locator transmitter. The Commission has
not developed a small business size
standard specifically applicable to these
small businesses. For purposes of this
analysis, the Commission uses the SBA
small business size standard for the
category ‘‘Cellular and Other
Telecommunications,’’ which is 1,500
or fewer employees. Most applicants for
recreational licenses are individuals.
Approximately 581,000 ship station
licensees and 131,000 aircraft station
licensees operate domestically and are
not subject to the radio carriage
requirements of any statute or treaty.
For purposes of the Commission’s
evaluations in this analysis, the
Commission estimates that there are up
to approximately 712,000 licensees that
are small businesses (or individuals)
under the SBA standard. In addition,
between December 3, 1998 and
December 14, 1998, the Commission
held an auction of 42 VHF Public Coast
licenses in the 157.1875–157.4500 MHz
(ship transmit) and 161.775–162.0125
MHz (coast transmit) bands. For
purposes of the auction, the
Commission defined a ‘‘small’’ business
as an entity that, together with
controlling interests and affiliates, has
average gross revenues for the preceding
E:\FR\FM\08JNR3.SGM
08JNR3
�pwalker on PROD1PC71 with RULES3
31956
Federal Register / Vol. 72, No. 110 / Friday, June 8, 2007 / Rules and Regulations
three years not to exceed $15 million
dollars. In addition, a ‘‘very small’’
business is one that, together with
controlling interests and affiliates, has
average gross revenues for the preceding
three years not to exceed $3 million
dollars. There are approximately 10,672
licensees in the Marine Coast Service,
and the Commission estimates that
almost all of them qualify as ‘‘small’’
businesses under the above special
small business size standards.
60. Offshore Radiotelephone Service.
This service operates on several UHF
television broadcast channels that are
not used for television broadcasting in
the coastal areas of states bordering the
Gulf of Mexico. There are presently
approximately 55 licensees in this
service. The Commission is unable to
estimate at this time the number of
licensees that would qualify as small
under the SBA’s small business size
standard for ‘‘Cellular and Other
Wireless Telecommunications’’ services.
Under that SBA small business size
standard, a business is small if it has
1,500 or fewer employees.
61. 39 GHz Service. The Commission
created a special small business size
standard for 39 GHz licenses—an entity
that has average gross revenues of $40
million or less in the three previous
calendar years. An additional size
standard for ‘‘very small business’’ is: an
entity that, together with affiliates, has
average gross revenues of not more than
$15 million for the preceding three
calendar years. The SBA has approved
these small business size standards. The
auction of the 2,173 39 GHz licenses
began on April 12, 2000 and closed on
May 8, 2000. The 18 bidders who
claimed small business status won 849
licenses. Consequently, the Commission
estimates that 18 or fewer 39 GHz
licensees are small entities that may be
affected by the rules and polices
adopted herein.
62. Multipoint Distribution Service,
Multichannel Multipoint Distribution
Service, and ITFS. Multichannel
Multipoint Distribution Service (MMDS)
systems, often referred to as ‘‘wireless
cable,’’ transmit video programming to
subscribers using the microwave
frequencies of the Multipoint
Distribution Service (MDS) and
Instructional Television Fixed Service
(ITFS). In connection with the 1996
MDS auction, the Commission
established a small business size
standard as an entity that had annual
average gross revenues of less than $40
million in the previous three calendar
years. The MDS auctions resulted in 67
successful bidders obtaining licensing
opportunities for 493 Basic Trading
Areas (BTAs). Of the 67 auction
VerDate Aug<31>2005
19:21 Jun 07, 2007
Jkt 211001
winners, 61 met the definition of a small
business. MDS also includes licensees
of stations authorized prior to the
auction. In addition, the SBA has
developed a small business size
standard for Cable and Other Program
Distribution, which includes all such
companies generating $12.5 million or
less in annual receipts. According to
Census Bureau data for 1997, there were
a total of 1,311 firms in this category,
total, that had operated for the entire
year. Of this total, 1,180 firms had
annual receipts of under $10 million
and an additional 52 firms had receipts
of $10 million or more but less than $25
million. Consequently, the Commission
estimates that the majority of providers
in this service category are small
businesses that may be affected by the
rules and policies adopted herein. This
SBA small business size standard also
appears applicable to ITFS. There are
presently 2,032 ITFS licensees. All but
100 of these licenses are held by
educational institutions. Educational
institutions are included in this analysis
as small entities. Thus, the Commission
tentatively conclude that at least 1,932
licensees are small businesses.
63. Local Multipoint Distribution
Service. Local Multipoint Distribution
Service (LMDS) is a fixed broadband
point-to-multipoint microwave service
that provides for two-way video
telecommunications. The auction of the
1,030 Local Multipoint Distribution
Service (LMDS) licenses began on
February 18, 1998 and closed on March
25, 1998. The Commission established a
small business size standard for LMDS
licenses as an entity that has average
gross revenues of less than $40 million
in the three previous calendar years. An
additional small business size standard
for ‘‘very small business’’ was added as
an entity that, together with its affiliates,
has average gross revenues of not more
than $15 million for the preceding three
calendar years. The SBA has approved
these small business size standards in
the context of LMDS auctions. There
were 93 winning bidders that qualified
as small entities in the LMDS auctions.
A total of 93 small and very small
business bidders won approximately
277 A Block licenses and 387 B Block
licenses. On March 27, 1999, the
Commission re-auctioned 161 licenses;
there were 40 winning bidders. Based
on this information, the Commission
concludes that the number of small
LMDS licenses consists of the 93
winning bidders in the first auction and
the 40 winning bidders in the reauction, for a total of 133 small entity
LMDS providers.
64. 218–219 MHz Service. The first
auction of 218–219 MHz spectrum
PO 00000
Frm 00010
Fmt 4701
Sfmt 4700
resulted in 170 entities winning licenses
for 594 Metropolitan Statistical Area
(MSA) licenses. Of the 594 licenses, 557
were won by entities qualifying as a
small business. For that auction, the
small business size standard was an
entity that, together with its affiliates,
has no more than a $6 million net worth
and, after federal income taxes
(excluding any carry over losses), has no
more than $2 million in annual profits
each year for the previous two years. In
the 218–219 MHz Report and Order and
Memorandum Opinion and Order, the
Commission established a small
business size standard for a ‘‘small
business’’ as an entity that, together
with its affiliates and persons or entities
that hold interests in such an entity and
their affiliates, has average annual gross
revenues not to exceed $15 million for
the preceding three years. A ‘‘very small
business’’ is defined as an entity that,
together with its affiliates and persons
or entities that hold interests in such an
entity and its affiliates, has average
annual gross revenues not to exceed $3
million for the preceding three years.
The Commission cannot estimate,
however, the number of licenses that
will be won by entities qualifying as
small or very small businesses under its
rules in future auctions of 218–219 MHz
spectrum.
65. 24 GHz—Incumbent Licensees.
This analysis may affect incumbent
licensees who were relocated to the 24
GHz band from the 18 GHz band, and
applicants who wish to provide services
in the 24 GHz band. The applicable SBA
small business size standard is that of
‘‘Cellular and Other Wireless
Telecommunications’’ companies. This
category provides that such a company
is small if it employs no more than
1,500 persons. According to Census
Bureau data for 1997, there were 977
firms in this category, total, that
operated for the entire year. Of this
total, 965 firms had employment of 999
or fewer employees, and an additional
12 firms had employment of 1,000
employees or more. Thus, under this
size standard, the great majority of firms
can be considered small. These broader
census data notwithstanding, the
Commission believes that there are only
two licensees in the 24 GHz band that
were relocated from the 18 GHz band,
Teligent and TRW, Inc. It is the
Commisson’s understanding that
Teligent and its related companies have
less than 1,500 employees, though this
may change in the future. TRW is not a
small entity. Thus, only one incumbent
licensee in the 24 GHz band is a small
business entity.
66. 24 GHz—Future Licensees. With
respect to new applicants in the 24 GHz
E:\FR\FM\08JNR3.SGM
08JNR3
�Federal Register / Vol. 72, No. 110 / Friday, June 8, 2007 / Rules and Regulations
pwalker on PROD1PC71 with RULES3
band, the small business size standard
for ‘‘small business’’ is an entity that,
together with controlling interests and
affiliates, has average annual gross
revenues for the three preceding years
not in excess of $15 million. ‘‘Very
small business’’ in the 24 GHz band is
an entity that, together with controlling
interests and affiliates, has average gross
revenues not exceeding $3 million for
the preceding three years. The SBA has
approved these small business size
standards. These size standards will
apply to the future auction, if held.
2. Cable and OVS Operators
67. Cable and Other Program
Distribution. This category includes
cable systems operators, closed circuit
television services, direct broadcast
satellite services, multipoint
distribution systems, satellite master
antenna systems, and subscription
television services. The SBA has
developed small business size standard
for this census category, which includes
all such companies generating $12.5
million or less in revenue annually.
According to Census Bureau data for
2002, there were a total of 1,191 firms
in this category that operated for the
entire year. Of this total, 1,087 firms had
annual receipts of under $10 million,
and 43 firms had receipts of $10 million
or more but less than $25 million.
Consequently, the Commission
estimates that the majority of providers
in this service category are small
businesses that may be affected by the
rules and policies adopted herein.
68. Cable System Operators. The
Commission has developed its own
small business size standards for cable
system operators, for purposes of rate
regulation. Under the Commission’s
rules, a ‘‘small cable company’’ is one
serving fewer than 400,000 subscribers
nationwide. In addition, a ‘‘small
system’’ is a system serving 15,000 or
fewer subscribers.
69. Cable System Operators (Telecom
Act Standard). The Communications
Act of 1934, as amended, also contains
a size standard for small cable system
operators, which is ‘‘a cable operator
that, directly or through an affiliate,
serves in the aggregate fewer than 1
percent of all subscribers in the United
States and is not affiliated with any
entity or entities whose gross annual
revenues in the aggregate exceed
$250,000,000.’’ The Commission has
determined that there are approximately
67,700,000 subscribers in the United
States. Therefore, an operator serving
fewer than 677,000 subscribers shall be
deemed a small operator, if its annual
revenues, when combined with the total
annual revenues of all its affiliates, do
VerDate Aug<31>2005
19:21 Jun 07, 2007
Jkt 211001
not exceed $250 million in the
aggregate. Based on available data, the
Commission estimates that the number
of cable operators serving 677,000
subscribers or fewer, totals 1,450. The
Commission neither requests nor
collects information on whether cable
system operators are affiliated with
entities whose gross annual revenues
exceed $250 million, and therefore is
unable, at this time, to estimate more
accurately the number of cable system
operators that would qualify as small
cable operators under the size standard
contained in the Communications Act of
1934.
70. Open Video Services. Open Video
Service (OVS) systems provide
subscription services. The SBA has
created a small business size standard
for Cable and Other Program
Distribution. This standard provides
that a small entity is one with $12.5
million or less in annual receipts. The
Commission has certified approximately
25 OVS operators to serve 75 areas, and
some of these are currently providing
service. Affiliates of Residential
Communications Network, Inc. (RCN)
received approval to operate OVS
systems in New York City, Boston,
Washington, DC, and other areas. RCN
has sufficient revenues to assure that
they do not qualify as a small business
entity. Little financial information is
available for the other entities that are
authorized to provide OVS and are not
yet operational. Given that some entities
authorized to provide OVS service have
not yet begun to generate revenues, the
Commission concludes that up to 24
OVS operators (those remaining) might
qualify as small businesses that may be
affected by the rules and policies
adopted herein.
3. Internet Service Providers
71. Internet Service Providers. The
SBA has developed a small business
size standard for Internet Service
Providers (ISPs). ISPs ‘‘provide clients
access to the Internet and generally
provide related services such as Web
hosting, Web page designing, and
hardware or software consulting related
to Internet connectivity.’’ Under the
SBA size standard, such a business is
small if it has average annual receipts of
$21 million or less. According to Census
Bureau data for 2002, there were 2,529
firms in this category that operated for
the entire year. Of these, 2,437 firms had
annual receipts of under $10 million,
and 47 firms had receipts of $10 million
or more but less then $25 million.
Consequently, the Commission
estimates that the majority of these firms
are small entities that may be affected
by its action.
PO 00000
Frm 00011
Fmt 4701
Sfmt 4700
31957
4. Other Internet-Related Entities
72. Web Search Portals. The
Commission’s action pertains to
interconnected VoIP services, which
could be provided by entities that
provide other services such as e-mail,
online gaming, Web browsing, video
conferencing, instant messaging, and
other, similar IP-enabled services. The
Commission has not adopted a size
standard for entities that create or
provide these types of services or
applications. However, the census
bureau has identified firms that
‘‘operate Web sites that use a search
engine to generate and maintain
extensive databases of Internet
addresses and content in an easily
searchable format. Web search portals
often provide additional Internet
services, such as e-mail, connections to
other Web sites, auctions, news, and
other limited content, and serve as a
home base for Internet users.’’ The SBA
has developed a small business size
standard for this category; that size
standard is $6 million or less in average
annual receipts. According to Census
Bureau data for 1997, there were 195
firms in this category that operated for
the entire year. Of these, 172 had annual
receipts of under $5 million, and an
additional nine firms had receipts of
between $5 million and $9,999,999.
Consequently, the Commission
estimates that the majority of these firms
are small entities that may be affected
by its action.
73. Data Processing, Hosting, and
Related Services. Entities in this
category ‘‘primarily * * * provid[e]
infrastructure for hosting or data
processing services.’’ The SBA has
developed a small business size
standard for this category; that size
standard is $21 million or less in
average annual receipts. According to
Census Bureau data for 1997, there were
3,700 firms in this category that
operated for the entire year. Of these,
3,477 had annual receipts of under $10
million, and an additional 108 firms had
receipts of between $10 million and
$24,999,999. Consequently, the
Commission estimates that the majority
of these firms are small entities that may
be affected by its action.
74. All Other Information Services.
‘‘This industry comprises
establishments primarily engaged in
providing other information services
(except new syndicates and libraries
and archives).’’ The Commission’s
action pertains to interconnected VoIP
services, which could be provided by
entities that provide other services such
as email, online gaming, web browsing,
video conferencing, instant messaging,
E:\FR\FM\08JNR3.SGM
08JNR3
�pwalker on PROD1PC71 with RULES3
31958
Federal Register / Vol. 72, No. 110 / Friday, June 8, 2007 / Rules and Regulations
and other, similar IP-enabled services.
The SBA has developed a small
business size standard for this category;
that size standard is $6 million or less
in average annual receipts. According to
Census Bureau data for 1997, there were
195 firms in this category that operated
for the entire year. Of these, 172 had
annual receipts of under $5 million, and
an additional nine firms had receipts of
between $5 million and $9,999,999.
Consequently, the Commission
estimates that the majority of these firms
are small entities that may be affected
by its action.
75. Internet Publishing and
Broadcasting. ‘‘This industry comprises
establishments engaged in publishing
and/or broadcasting content on the
Internet exclusively. These
establishments do not provide
traditional (non-Internet) versions of the
content that they publish or broadcast.’’
The SBA has developed a small
business size standard for this new
(2002) census category; that size
standard is 500 or fewer employees. To
assess the prevalence of small entities in
this category, the Commission will use
1997 Census Bureau data for a relevant,
now-superseded census category, ‘‘All
Other Information Services.’’ The SBA
small business size standard for that
prior category was $6 million or less in
average annual receipts. According to
Census Bureau data for 1997, there were
195 firms in the prior category that
operated for the entire year. Of these,
172 had annual receipts of under $5
million, and an additional nine firms
had receipts of between $5 million and
$9,999,999. Consequently, the
Commission estimates that the majority
of the firms in this current category are
small entities that may be affected by its
action.
76. Software Publishers. These
companies may design, develop or
publish software and may provide other
support services to software purchasers,
such as providing documentation or
assisting in installation. The companies
may also design software to meet the
needs of specific users. The SBA has
developed a small business size
standard of $21 million or less in
average annual receipts for all of the
following pertinent categories: Software
Publishers, Custom Computer
Programming Services, and Other
Computer Related Services. For
Software Publishers, Census Bureau
data for 1997 indicate that there were
8,188 firms in the category that operated
for the entire year. Of these, 7,633 had
annual receipts under $10 million, and
an additional 289 firms had receipts of
between $10 million and $24, 999,999.
For providers of Custom Computer
VerDate Aug<31>2005
19:21 Jun 07, 2007
Jkt 211001
Programming Services, the Census
Bureau data indicate that there were
19,334 firms that operated for the entire
year. Of these, 18,786 had annual
receipts of under $10 million, and an
additional 352 firms had receipts of
between $10 million and $24,999,999.
For providers of Other Computer
Related Services, the Census Bureau
data indicate that there were 5,524 firms
that operated for the entire year. Of
these, 5,484 had annual receipts of
under $10 million, and an additional 28
firms had receipts of between $10
million and $24,999,999. Consequently,
the Commission estimates that the
majority of the firms in each of these
three categories are small entities that
may be affected by its action.
5. Equipment Manufacturers
77. The equipment manufacturers
described in this section are merely
indirectly affected by the Commission’s
current action, and therefore are not
formally a part of this RFA analysis. The
Commission has included them,
however, to broaden the record in this
proceeding and to alert them to its
decisions.
78. Wireless Communications
Equipment Manufacturers. The SBA has
established a small business size
standard for Radio and Television
Broadcasting and Wireless
Communications Equipment
Manufacturing. Examples of products in
this category include ‘‘transmitting and
receiving antennas, cable television
equipment, GPS equipment, pagers,
cellular phones, mobile
communications equipment, and radio
and television studio and broadcasting
equipment’’ and may include other
devices that transmit and receive IPenabled services, such as personal
digital assistants (PDAs). Under the SBA
size standard, firms are considered
small if they have 750 or fewer
employees. According to Census Bureau
data for 1997, there were 1,215
establishments in this category that
operated for the entire year. Of those,
there were 1,150 that had employment
of under 500, and an additional 37 that
had employment of 500 to 999. The
percentage of wireless equipment
manufacturers in this category was
approximately 61.35%, so the
Commission estimates that the number
of wireless equipment manufacturers
with employment of under 500 was
actually closer to 706, with an
additional 23 establishments having
employment of between 500 and 999.
Consequently, the Commission
estimates that the majority of wireless
communications equipment
PO 00000
Frm 00012
Fmt 4701
Sfmt 4700
manufacturers are small entities that
may be affected by its action.
79. Telephone Apparatus
Manufacturing. This category
‘‘comprises establishments primarily
engaged primarily in manufacturing
wire telephone and data
communications equipment.’’ Examples
of pertinent products are ‘‘central office
switching equipment, cordless
telephones (except cellular), PBX
equipment, telephones, telephone
answering machines, and data
communications equipment, such as
bridges, routers, and gateways.’’ The
SBA has developed a small business
size standard for this category of
manufacturing; that size standard is
1,000 or fewer employees. According to
Census Bureau data for 1997, there were
598 establishments in this category that
operated for the entire year. Of these,
574 had employment of under 1,000,
and an additional 17 establishments had
employment of 1,000 to 2,499.
Consequently, the Commission
estimates that the majority of these
establishments are small entities that
may be affected by its action.
80. Electronic Computer
Manufacturing. This category
‘‘comprises establishments primarily
engaged in manufacturing and/or
assembling electronic computers, such
as mainframes, personal computers,
workstations, laptops, and computer
servers.’’ The SBA has developed a
small business size standard for this
category of manufacturing; that size
standard is 1,000 or fewer employees.
According to Census Bureau data for
1997, there were 563 establishments in
this category that operated for the entire
year. Of these, 544 had employment of
under 1,000, and an additional 11
establishments had employment of
1,000 to 2,499. Consequently, the
Commission estimates that the majority
of these establishments are small
entities that may be affected by its
action.
81. Computer Terminal
Manufacturing. ‘‘Computer terminals
are input/output devices that connect
with a central computer for processing.’’
The SBA has developed a small
business size standard for this category
of manufacturing; that size standard is
1,000 or fewer employees. According to
Census Bureau data for 1997, there were
142 establishments in this category that
operated for the entire year, and all of
the establishments had employment of
under 1,000. Consequently, the
Commission estimates that the majority
or all of these establishments are small
entities that may be affected by it action.
82. Other Computer Peripheral
Equipment Manufacturing. Examples of
E:\FR\FM\08JNR3.SGM
08JNR3
�pwalker on PROD1PC71 with RULES3
Federal Register / Vol. 72, No. 110 / Friday, June 8, 2007 / Rules and Regulations
peripheral equipment in this category
include keyboards, mouse devices,
monitors, and scanners. The SBA has
developed a small business size
standard for this category of
manufacturing; that size standard is
1,000 or fewer employees. According to
Census Bureau data for 1997, there were
1061 establishments in this category
that operated for the entire year. Of
these, 1,046 had employment of under
1,000, and an additional six
establishments had employment of
1,000 to 2,499. Consequently, the
Commission estimates that the majority
of these establishments are small
entities that may be affected by its
action.
83. Fiber Optic Cable Manufacturing.
These establishments manufacture
‘‘insulated fiber-optic cable from
purchased fiber-optic strand.’’ The SBA
has developed a small business size
standard for this category of
manufacturing; that size standard is
1,000 or fewer employees. According to
Census Bureau data for 1997, there were
38 establishments in this category that
operated for the entire year. Of these, 37
had employment of under 1,000, and
one establishment had employment of
1,000 to 2,499. Consequently, the
Commission estimates that the majority
of these establishments are small
entities that may be affected by its
action.
84. Other Communication and Energy
Wire Manufacturing. These
establishments manufacture ‘‘insulated
wire and cable of nonferrous metals
from purchased wire.’’ The SBA has
developed a small business size
standard for this category of
manufacturing; that size standard is
1,000 or fewer employees. According to
Census Bureau data for 1997, there were
275 establishments in this category that
operated for the entire year. Of these,
271 had employment of under 1,000,
and four establishments had
employment of 1,000 to 2,499.
Consequently, the Commission
estimates that the majority or all of these
establishments are small entities that
may be affected by its action.
85. Audio and Video Equipment
Manufacturing. These establishments
manufacture ‘‘electronic audio and
video equipment for home
entertainment, motor vehicle, public
address and musical instrument
amplifications.’’ The SBA has
developed a small business size
standard for this category of
manufacturing; that size standard is 750
or fewer employees. According to
Census Bureau data for 1997, there were
554 establishments in this category that
operated for the entire year. Of these,
VerDate Aug<31>2005
19:21 Jun 07, 2007
Jkt 211001
542 had employment of under 500, and
nine establishments had employment of
500 to 999. Consequently, the
Commission estimates that the majority
of these establishments are small
entities that may be affected by its
action.
86. Electron Tube Manufacturing.
These establishments are ‘‘primarily
engaged in manufacturing electron tubes
and parts (except glass blanks).’’ The
SBA has developed a small business
size standard for this category of
manufacturing; that size standard is 750
or fewer employees. According to
Census Bureau data for 1997, there were
158 establishments in this category that
operated for the entire year. Of these,
148 had employment of under 500, and
three establishments had employment of
500 to 999. Consequently, the
Commission estimates that the majority
of these establishments are small
entities that may be affected by its
action.
87. Bare Printed Circuit Board
Manufacturing. These establishments
are ‘‘primarily engaged in
manufacturing bare (i.e., rigid or
flexible) printed circuit boards without
mounted electronic components.’’ The
SBA has developed a small business
size standard for this category of
manufacturing; that size standard is 500
or fewer employees. According to
Census Bureau data for 1997, there were
1,389 establishments in this category
that operated for the entire year. Of
these, 1,369 had employment of under
500, and 16 establishments had
employment of 500 to 999.
Consequently, the Commission
estimates that the majority of these
establishments are small entities that
may be affected by its action.
88. Semiconductor and Related
Device Manufacturing. These
establishments manufacture ‘‘computer
storage devices that allow the storage
and retrieval of data from a phase
change, magnetic, optical, or magnetic/
optical media.’’ The SBA has developed
a small business size standard for this
category of manufacturing; that size
standard is 500 or fewer employees.
According to Census Bureau data for
1997, there were 1,082 establishments
in this category that operated for the
entire year. Of these, 987 had
employment of under 500, and 52
establishments had employment of 500
to 999.
89. Electronic Capacitor
Manufacturing. These establishments
manufacture ‘‘electronic fixed and
variable capacitors and condensers.’’
The SBA has developed a small
business size standard for this category
of manufacturing; that size standard is
PO 00000
Frm 00013
Fmt 4701
Sfmt 4700
31959
500 or fewer employees. According to
Census Bureau data for 1997, there were
128 establishments in this category that
operated for the entire year. Of these,
121 had employment of under 500, and
four establishments had employment of
500 to 999.
90. Electronic Resistor Manufacturing.
These establishments manufacture
‘‘electronic resistors, such as fixed and
variable resistors, resistor networks,
thermistors, and varistors.’’ The SBA
has developed a small business size
standard for this category of
manufacturing; that size standard is 500
or fewer employees. According to
Census Bureau data for 1997, there were
118 establishments in this category that
operated for the entire year. Of these,
113 had employment of under 500, and
5 establishments had employment of
500 to 999.
91. Electronic Coil, Transformer, and
Other Inductor Manufacturing. These
establishments manufacture ‘‘electronic
inductors, such as coils and
transformers.’’ The SBA has developed
a small business size standard for this
category of manufacturing; that size
standard is 500 or fewer employees.
According to Census Bureau data for
1997, there were 448 establishments in
this category that operated for the entire
year. Of these, 446 had employment of
under 500, and two establishments had
employment of 500 to 999.
92. Electronic Connector
Manufacturing. These establishments
manufacture ‘‘electronic connectors,
such as coaxial, cylindrical, rack and
panel, pin and sleeve, printed circuit
and fiber optic.’’ The SBA has
developed a small business size
standard for this category of
manufacturing; that size standard is 500
or fewer employees. According to
Census Bureau data for 1997, there were
347 establishments in this category that
operated for the entire year. Of these,
332 had employment of under 500, and
12 establishments had employment of
500 to 999.
93. Printed Circuit Assembly
(Electronic Assembly) Manufacturing.
These are establishments ‘‘primarily
engaged in loading components onto
printed circuit boards or who
manufacture and ship loaded printed
circuit boards.’’ The SBA has developed
a small business size standard for this
category of manufacturing; that size
standard is 500 or fewer employees.
According to Census Bureau data for
1997, there were 714 establishments in
this category that operated for the entire
year. Of these, 673 had employment of
under 500, and 24 establishments had
employment of 500 to 999.
E:\FR\FM\08JNR3.SGM
08JNR3
�31960
Federal Register / Vol. 72, No. 110 / Friday, June 8, 2007 / Rules and Regulations
pwalker on PROD1PC71 with RULES3
94. Other Electronic Component
Manufacturing. These are
establishments ‘‘primarily engaged in
loading components onto printed circuit
boards or who manufacture and ship
loaded printed circuit boards.’’ The SBA
has developed a small business size
standard for this category of
manufacturing; that size standard is 500
or fewer employees. According to
Census Bureau data for 1997, there were
1,835 establishments in this category
that operated for the entire year. Of
these, 1,814 had employment of under
500, and 18 establishments had
employment of 500 to 999.
95. Computer Storage Device
Manufacturing. These establishments
manufacture ‘‘computer storage devices
that allow the storage and retrieval of
data from a phase change, magnetic,
optical, or magnetic/optical media.’’ The
SBA has developed a small business
size standard for this category of
manufacturing; that size standard is
1,000 or fewer employees. According to
Census Bureau data for 1997, there were
209 establishments in this category that
operated for the entire year. Of these,
197 had employment of under 500, and
eight establishments had employment of
500 to 999.
D. Description of Projected Reporting,
Recordkeeping and Other Compliance
Requirements
96. The Commission is requiring
telecommunications carriers and
providers of interconnected VoIP
service to collect certain information
and take other actions to comply with
its rules regarding the use of CPNI. For
example, carriers must have an officer,
as an agent of the carrier, sign and file
with the Commission a compliance
certificate on an annual basis stating
that the officer has personal knowledge
that the carrier has established
procedures that are adequate to ensure
compliance with the CPNI rules. The
carrier must also provide a statement
accompanying the certificate explaining
how its operating procedures ensure
that it is or is not in compliance with
the CPNI rules. Further, the carrier must
include an explanation of any actions
taken against data brokers and a
summary of all consumer complaints
received in the past year concerning the
unauthorized release of CPNI.
Additionally, carriers must obtain opt-in
approval before sharing CPNI with their
joint venture partners or independent
contractors for the purposes of
marketing communications-related
services to customers. Also, carriers are
required to maintain a record of any
discovered breaches, notifications to the
United States Secret Service (USSS) and
VerDate Aug<31>2005
19:21 Jun 07, 2007
Jkt 211001
the Federal Bureau of Investigation (FBI)
regarding those breaches, as well as the
USSS and FBI response to those
notifications for a period of at least two
years.
97. The Commission also imposes
other requirements on
telecommunications carriers and
providers of interconnected VoIP
service. Specifically, the Order prohibits
carriers from releasing call detail
information over the phone during
customer-initiated telephone calls
except by those methods provided for in
the Order. The Order also requires that
a carrier not permit customers to gain
access to an online account without first
properly authenticating the customer
and, for subsequent access, without a
customer password or response to a
back-up authentication method for lost
or forgotten passwords, neither of which
may be based on a carrier prompt for
readily available biographical
information, or account information. For
the rules pertaining to online carrier
authentication, the Commission
provides carriers that satisfy the
definition of a ‘‘small entity’’ or a ‘‘small
business concern’’ under the RFA or
SBA an additional six months to
implement these rules.
98. The Order also requires that
carriers notify customers through a
carrier-originated voicemail or text
message to the telephone number of
record, or by mail or email to the
address of record whenever a password,
customer response to a back-up means
of authentication for lost or forgotten
passwords, online account, or address of
record is created or changed. Further,
the Order requires that carriers notify
the USSS and the FBI no later than
seven days after a reasonable
determination of a CPNI breach.
E. Steps Taken to Minimize Significant
Economic Impact on Small Entities, and
Significant Alternatives Considered
99. The RFA requires an agency to
describe any significant alternatives that
it has considered in reaching its
proposed approach, which may include
(among others) the following four
alternatives: (1) The establishment of
differing compliance or reporting
requirements or timetables that take into
account the resources available to small
entities; (2) the clarification,
consolidation, or simplification of
compliance or reporting requirements
under the rule for small entities; (3) the
use of performance, rather than design,
standards; and (4) an exemption from
coverage of the rule, or any part thereof,
for small entities.
100. The notices invited comment on
a number of issues related to small
PO 00000
Frm 00014
Fmt 4701
Sfmt 4700
entities. For example, the Commission
sought comment on the effect the
various proposals described in the EPIC
CPNI Notice will have on small entities,
and on what effect alternative rules
would have on those entities.
Additionally, the Commission invited
comment on ways in which the
Commission can achieve its goal of
protecting consumers while at the same
time imposing minimal burdens on
small telecommunications service
providers. With respect to any of the
Commission consumer protection
regulations already in place, the
Commission sought comment on
whether it has adopted any provisions
for small entities that the Commission
should similarly consider in this
proceeding? The Commission also
invited comment on whether the
problems identified by EPIC were better
or worse at smaller carriers. The
Commission invited comment on
whether small carriers should be
exempt from password-related security
procedures to protect CPNI. The
Commission invited comment on the
benefits and burdens of recording audit
trails for the disclosure of CPNI on small
carriers. The Commission invited
comment on whether requiring a small
carrier to encrypt its stored data would
be unduly burdensome. The
Commission solicited comment on the
cost to a small carrier of notifying a
customer upon release of CPNI. The
Commission sought comment on
whether the Commission should amend
its rules to require carriers to file annual
certifications concerning CPNI and
whether this requirement should extend
to only telecommunications carriers that
are not small telephone companies as
defined by the Small Business
Administration, and whether small
carriers should be subject to different
CPNI-related obligations.
101. The Commission has considered
each of the alternatives described above,
and in this Order, imposes minimal
regulation on small entities to the extent
consistent with its goal of ensuring that
carriers and providers of interconnected
VoIP service protect against the
unauthorized release of CPNI.
Specifically, the Commission extended
the implementation date for the rules
pertaining to online authentication by
six months so that small businesses will
have additional time to come into
compliance with the Order’s rules.
102. As stated above, the Commission
must assess the interests of small
businesses in light of the overriding
public interest of protecting against the
unlawful release of CPNI. The Order
discusses that CPNI is made up of very
personal data. Therefore, the
E:\FR\FM\08JNR3.SGM
08JNR3
�Federal Register / Vol. 72, No. 110 / Friday, June 8, 2007 / Rules and Regulations
pwalker on PROD1PC71 with RULES3
Commission concluded that it was
important for all telecommunications
carriers and providers of interconnected
VoIP service, including small
businesses, to comply with the rules the
Commission adopts in this Order six
months after the Order’s effective date
or on receipt of OMB approval, as
required by the Paperwork Reduction
Act, whichever is later. For example, the
Commission concluded that carriers and
providers of interconnected VoIP
service must stop releasing call detail
information based on customer-initiated
telephone calls except by those methods
provided for in the Order. Additionally,
the Commission concluded that it was
important for all telecommunications
carriers and providers of interconnected
VoIP service to report breaches of CPNI
data to law enforcement. The
Commission therefore rejected solutions
that would exempt small businesses.
The record indicated that exempting
small carriers from these regulations
would compromise the Commission’s
goal of protecting all Americans from
the unauthorized release of CPNI.
103. Report to Congress: The
Commission will send a copy of the
Order, including this FRFA, in a report
to be sent to Congress and the
Government Accountability Office
pursuant to the Congressional Review
Act. In addition, the Commission will
send a copy of the Order, including this
FRFA, to the Chief Counsel for
Advocacy of the SBA. A copy of the
Order and FRFA (or summaries thereof)
will also be published in the Federal
Register.
Ordering Clauses
104. Accordingly, It is ordered that
pursuant to sections 1, 4(i), 4(j), 222,
and 303(r) of the Communications Act
of 1934, as amended, 47 U.S.C. 151,
154(i)–(j), 222, 303(r), this Report and
Order and Further Notice of Proposed
Rulemaking in CC Docket No. 96–115
and WC Docket No. 04–36 is adopted,
and that Part 64 of the Commission’s
rules, 47 CFR Part 64, is amended as set
forth in Appendix B. The Order shall
become effective upon publication in
the Federal Register subject to OMB
approval for new information collection
requirements or six months after the
Order’s effective date, whichever is
later.
105. It Is Further Ordered that the
Commission’s Consumer and
Governmental Affairs Bureau, Reference
Information Center, shall send a copy of
this Report and Order and Further
Notice of Proposed Rulemaking,
including the Final Regulatory
Flexibility Analysis and the Initial
Regulatory Flexibility Analysis, to the
VerDate Aug<31>2005
20:09 Jun 07, 2007
Jkt 211001
Chief Counsel for Advocacy of the Small
Business Administration.
List of Subjects in 47 CFR Part 64
Customer proprietary network
information, Reporting and
recordkeeping requirements,
Telecommunications.
Federal Communications Commission.
Marlene H. Dortch,
Secretary.
Final Rules
For the reasons discussed in the
preamble, the FCC amends 47 CFR part
64 as follows:
■
PART 64—MISCELLANEOUS RULES
RELATING TO COMMON CARRIERS
1. The authority citation for part 64
continues to read as follows:
■
Authority: 47 U.S.C. 154, 254(k); secs.
403(b)(2)(B),(c), Pub. L. 104–104, 110 Stat.
56. Interpret or apply 47 U.S.C. 201, 218, 222,
225, 226, 228, and 254(k) unless otherwise
noted.
■
2. Revise § 64.2003 to read as follows:
§ 64.2003
Definitions.
(a) Account information. ‘‘Account
information’’ is information that is
specifically connected to the customer’s
service relationship with the carrier,
including such things as an account
number or any component thereof, the
telephone number associated with the
account, or the bill’s amount.
(b) Address of record. An ‘‘address of
record,’’ whether postal or electronic, is
an address that the carrier has
associated with the customer’s account
for at least 30 days.
(c) Affiliate. The term ‘‘affiliate’’ has
the same meaning given such term in
section 3(1) of the Communications Act
of 1934, as amended, 47 U.S.C. 153(1).
(d) Call detail information. Any
information that pertains to the
transmission of specific telephone calls,
including, for outbound calls, the
number called, and the time, location,
or duration of any call and, for inbound
calls, the number from which the call
was placed, and the time, location, or
duration of any call.
(e) Communications-related services.
The term ‘‘communications-related
services’’ means telecommunications
services, information services typically
provided by telecommunications
carriers, and services related to the
provision or maintenance of customer
premises equipment.
(f) Customer. A customer of a
telecommunications carrier is a person
or entity to which the
telecommunications carrier is currently
providing service.
PO 00000
Frm 00015
Fmt 4701
Sfmt 4700
31961
(g) Customer proprietary network
information (CPNI). The term ‘‘customer
proprietary network information
(CPNI)’’ has the same meaning given to
such term in section 222(h)(1) of the
Communications Act of 1934, as
amended, 47 U.S.C. 222(h)(1).
(h) Customer premises equipment
(CPE). The term ‘‘customer premises
equipment (CPE)’’ has the same
meaning given to such term in section
3(14) of the Communications Act of
1934, as amended, 47 U.S.C. 153(14).
(i) Information services typically
provided by telecommunications
carriers. The phrase ‘‘information
services typically provided by
telecommunications carriers’’ means
only those information services (as
defined in section 3(20) of the
Communication Act of 1934, as
amended, 47 U.S.C. 153(20)) that are
typically provided by
telecommunications carriers, such as
Internet access or voice mail services.
Such phrase ‘‘information services
typically provided by
telecommunications carriers,’’ as used
in this subpart, shall not include retail
consumer services provided using
Internet Web sites (such as travel
reservation services or mortgage lending
services), whether or not such services
may otherwise be considered to be
information services.
(j) Local exchange carrier (LEC). The
term ‘‘local exchange carrier (LEC)’’ has
the same meaning given to such term in
section 3(26) of the Communications
Act of 1934, as amended, 47 U.S.C.
153(26).
(k) Opt-in approval. The term ‘‘opt-in
approval’’ refers to a method for
obtaining customer consent to use,
disclose, or permit access to the
customer’s CPNI. This approval method
requires that the carrier obtain from the
customer affirmative, express consent
allowing the requested CPNI usage,
disclosure, or access after the customer
is provided appropriate notification of
the carrier’s request consistent with the
requirements set forth in this subpart.
(l) Opt-out approval. The term ‘‘optout approval’’ refers to a method for
obtaining customer consent to use,
disclose, or permit access to the
customer’s CPNI. Under this approval
method, a customer is deemed to have
consented to the use, disclosure, or
access to the customer’s CPNI if the
customer has failed to object thereto
within the waiting period described in
§ 64.2008(d)(1) after the customer is
provided appropriate notification of the
carrier’s request for consent consistent
with the rules in this subpart.
(m) Readily available biographical
information. ‘‘Readily available
E:\FR\FM\08JNR3.SGM
08JNR3
�31962
Federal Register / Vol. 72, No. 110 / Friday, June 8, 2007 / Rules and Regulations
biographical information’’ is
information drawn from the customer’s
life history and includes such things as
the customer’s social security number,
or the last four digits of that number;
mother’s maiden name; home address;
or date of birth.
(n) Subscriber list information (SLI).
The term ‘‘subscriber list information
(SLI)’’ has the same meaning given to
such term in section 222(h)(3) of the
Communications Act of 1934, as
amended, 47 U.S.C. 222(h)(3).
(o) Telecommunications carrier or
carrier. The terms ‘‘telecommunications
carrier’’ or ‘‘carrier’’ shall have the same
meaning as set forth in section 3(44) of
the Communications Act of 1934, as
amended, 47 U.S.C. 153(44). For the
purposes of this subpart, the term
‘‘telecommunications carrier’’ or
‘‘carrier’’ shall include an entity that
provides interconnected VoIP service, as
that term is defined in section 9.3 of
these rules.
(p) Telecommunications service. The
term ‘‘telecommunications service’’ has
the same meaning given to such term in
section 3(46) of the Communications
Act of 1934, as amended, 47 U.S.C.
153(46).
(q) Telephone number of record. The
telephone number associated with the
underlying service, not the telephone
number supplied as a customer’s
‘‘contact information.’’
(r) Valid photo ID. A ‘‘valid photo ID’’
is a government-issued means of
personal identification with a
photograph such as a driver’s license,
passport, or comparable ID that is not
expired.
■ 3. Section 64.2005 is amended by
revising paragraph (c)(3) to read as
follows:
§ 64.2005 Use of customer proprietary
network information without customer
approval.
pwalker on PROD1PC71 with RULES3
*
*
*
*
*
(c) * * *
(3) LECs, CMRS providers, and
entities that provide interconnected
VoIP service as that term is defined in
§ 9.3 of this chapter, may use CPNI,
without customer approval, to market
services formerly known as adjunct-tobasic services, such as, but not limited
to, speed dialing, computer-provided
directory assistance, call monitoring,
call tracing, call blocking, call return,
repeat dialing, call tracking, call
waiting, caller I.D., call forwarding, and
certain centrex features.
*
*
*
*
*
■ 4. Section 64.2007 is amended by
revising paragraph (b) to read as follows:
VerDate Aug<31>2005
19:54 Jun 07, 2007
Jkt 211001
§ 64.2007 Approval required for use of
customer proprietary network information.
§ 64.2010 Safeguards on the disclosure of
customer proprietary network information.
*
(a) Safeguarding CPNI.
Telecommunications carriers must take
reasonable measures to discover and
protect against attempts to gain
unauthorized access to CPNI.
Telecommunications carriers must
properly authenticate a customer prior
to disclosing CPNI based on customerinitiated telephone contact, online
account access, or an in-store visit.
(b) Telephone access to CPNI.
Telecommunications carriers may only
disclose call detail information over the
telephone, based on customer-initiated
telephone contact, if the customer first
provides the carrier with a password, as
described in paragraph (e) of this
section, that is not prompted by the
carrier asking for readily available
biographical information, or account
information. If the customer does not
provide a password, the
telecommunications carrier may only
disclose call detail information by
sending it to the customer’s address of
record, or by calling the customer at the
telephone number of record. If the
customer is able to provide call detail
information to the telecommunications
carrier during a customer-initiated call
without the telecommunications
carrier’s assistance, then the
telecommunications carrier is permitted
to discuss the call detail information
provided by the customer.
(c) Online access to CPNI. A
telecommunications carrier must
authenticate a customer without the use
of readily available biographical
information, or account information,
prior to allowing the customer online
access to CPNI related to a
telecommunications service account.
Once authenticated, the customer may
only obtain online access to CPNI
related to a telecommunications service
account through a password, as
described in paragraph (e) of this
section, that is not prompted by the
carrier asking for readily available
biographical information, or account
information.
(d) In-store access to CPNI. A
telecommunications carrier may
disclose CPNI to a customer who, at a
carrier’s retail location, first presents to
the telecommunications carrier or its
agent a valid photo ID matching the
customer’s account information.
(e) Establishment of a Password and
Back-up Authentication Methods for
Lost or Forgotten Passwords. To
establish a password, a
telecommunications carrier must
authenticate the customer without the
use of readily available biographical
information, or account information.
*
*
*
*
(b) Use of Opt-Out and Opt-In
Approval Processes. A
telecommunications carrier may, subject
to opt-out approval or opt-in approval,
use its customer’s individually
identifiable CPNI for the purpose of
marketing communications-related
services to that customer. A
telecommunications carrier may, subject
to opt-out approval or opt-in approval,
disclose its customer’s individually
identifiable CPNI, for the purpose of
marketing communications-related
services to that customer, to its agents
and its affiliates that provide
communications-related services. A
telecommunications carrier may also
permit such persons or entities to obtain
access to such CPNI for such purposes.
Except for use and disclosure of CPNI
that is permitted without customer
approval under section § 64.2005, or
that is described in this paragraph, or as
otherwise provided in section 222 of the
Communications Act of 1934, as
amended, a telecommunications carrier
may only use, disclose, or permit access
to its customer’s individually
identifiable CPNI subject to opt-in
approval.
5. Section 64.2009 is amended by
revising paragraph (e) to read as follows:
■
§ 64.2009 Safeguards required for use of
customer proprietary network information.
*
*
*
*
*
(e) A telecommunications carrier must
have an officer, as an agent of the
carrier, sign and file with the
Commission a compliance certificate on
an annual basis. The officer must state
in the certification that he or she has
personal knowledge that the company
has established operating procedures
that are adequate to ensure compliance
with the rules in this subpart. The
carrier must provide a statement
accompanying the certificate explaining
how its operating procedures ensure
that it is or is not in compliance with
the rules in this subpart. In addition, the
carrier must include an explanation of
any actions taken against data brokers
and a summary of all customer
complaints received in the past year
concerning the unauthorized release of
CPNI. This filing must be made
annually with the Enforcement Bureau
on or before March 1 in EB Docket No.
06–36, for data pertaining to the
previous calendar year.
*
*
*
*
*
6. Section 64.2010 is added to subpart
U to read as follows:
■
PO 00000
Frm 00016
Fmt 4701
Sfmt 4700
E:\FR\FM\08JNR3.SGM
08JNR3
�Federal Register / Vol. 72, No. 110 / Friday, June 8, 2007 / Rules and Regulations
Telecommunications carriers may create
a back-up customer authentication
method in the event of a lost or
forgotten password, but such back-up
customer authentication method may
not prompt the customer for readily
available biographical information, or
account information. If a customer
cannot provide the correct password or
the correct response for the back-up
customer authentication method, the
customer must establish a new
password as described in this
paragraph.
(f) Notification of account changes.
Telecommunications carriers must
notify customers immediately whenever
a password, customer response to a
back-up means of authentication for lost
or forgotten passwords, online account,
or address of record is created or
changed. This notification is not
required when the customer initiates
service, including the selection of a
password at service initiation. This
notification may be through a carrieroriginated voicemail or text message to
the telephone number of record, or by
mail to the address of record, and must
not reveal the changed information or be
sent to the new account information.
(g) Business customer exemption.
Telecommunications carriers may bind
themselves contractually to
authentication regimes other than those
described in this section for services
they provide to their business customers
that have both a dedicated account
representative and a contract that
specifically addresses the carriers’
protection of CPNI.
■ 7. Section 64.2011 is added to subpart
U to read as follows:
§ 64.2011 Notification of customer
proprietary network information security
breaches.
pwalker on PROD1PC71 with RULES3
(a) A telecommunications carrier shall
notify law enforcement of a breach of its
customers’ CPNI as provided in this
section. The carrier shall not notify its
customers or disclose the breach
VerDate Aug<31>2005
19:21 Jun 07, 2007
Jkt 211001
publicly, whether voluntarily or under
state or local law or these rules, until it
has completed the process of notifying
law enforcement pursuant to paragraph
(b) of this section.
(b) As soon as practicable, and in no
event later than seven (7) business days,
after reasonable determination of the
breach, the telecommunications carrier
shall electronically notify the United
States Secret Service (USSS) and the
Federal Bureau of Investigation (FBI)
through a central reporting facility. The
Commission will maintain a link to the
reporting facility at http://www.fcc.gov/
eb/cpni.
(1) Notwithstanding any state law to
the contrary, the carrier shall not notify
customers or disclose the breach to the
public until 7 full business days have
passed after notification to the USSS
and the FBI except as provided in
paragraphs (b)(2) and (b)(3) of this
section.
(2) If the carrier believes that there is
an extraordinarily urgent need to notify
any class of affected customers sooner
than otherwise allowed under paragraph
(b)(1) of this section, in order to avoid
immediate and irreparable harm, it shall
so indicate in its notification and may
proceed to immediately notify its
affected customers only after
consultation with the relevant
investigating agency. The carrier shall
cooperate with the relevant
investigating agency’s request to
minimize any adverse effects of such
customer notification.
(3) If the relevant investigating agency
determines that public disclosure or
notice to customers would impede or
compromise an ongoing or potential
criminal investigation or national
security, such agency may direct the
carrier not to so disclose or notify for an
initial period of up to 30 days. Such
period may be extended by the agency
as reasonably necessary in the judgment
of the agency. If such direction is given,
the agency shall notify the carrier when
PO 00000
Frm 00017
Fmt 4701
Sfmt 4700
31963
it appears that public disclosure or
notice to affected customers will no
longer impede or compromise a
criminal investigation or national
security. The agency shall provide in
writing its initial direction to the carrier,
any subsequent extension, and any
notification that notice will no longer
impede or compromise a criminal
investigation or national security and
such writings shall be
contemporaneously logged on the same
reporting facility that contains records
of notifications filed by carriers.
(c) Customer notification. After a
telecommunications carrier has
completed the process of notifying law
enforcement pursuant to paragraph (b)
of this section, it shall notify its
customers of a breach of those
customers’ CPNI.
(d) Recordkeeping. All carriers shall
maintain a record, electronically or in
some other manner, of any breaches
discovered, notifications made to the
USSS and the FBI pursuant to paragraph
(b) of this section, and notifications
made to customers. The record must
include, if available, dates of discovery
and notification, a detailed description
of the CPNI that was the subject of the
breach, and the circumstances of the
breach. Carriers shall retain the record
for a minimum of 2 years.
(e) Definitions. As used in this
section, a ‘‘breach’’ has occurred when
a person, without authorization or
exceeding authorization, has
intentionally gained access to, used, or
disclosed CPNI.
(f) This section does not supersede
any statute, regulation, order, or
interpretation in any State, except to the
extent that such statute, regulation,
order, or interpretation is inconsistent
with the provisions of this section, and
then only to the extent of the
inconsistency.
[FR Doc. E7–10732 Filed 6–7–07; 8:45 am]
BILLING CODE 6712–01–P
E:\FR\FM\08JNR3.SGM
08JNR3
�
| File Type | application/pdf |
| File Title | Document |
| Subject | Extracted Pages |
| Author | U.S. Government Printing Office |
| File Modified | 2007-06-08 |
| File Created | 2007-06-08 |