Telecommunications Carriers'
Use of Customer Proprietary Network Information (CPNI) and Other
Customer Information, CC Docket No. 96-115
Revision of a currently approved collection
No
Regular
10/29/2024
Requested
Previously Approved
36 Months From Approved
02/28/2027
91,735,200
94,434,733
269,534
232,691
0
4,000,000
This information collection implements
the statutory obligations of section 222 of the Communications Act
of 1934, as amended, 47 U.S.C. 222. These regulations impose
safeguards to protect customers' CPNI against unauthorized access
and disclosure. In November 2023, the FCC released the SIM Swap and
Port-Out Fraud Order (88 FR 85794 (December 8, 2023)), which
modifies the existing CPNI collection requirements to establish a
framework to combat SIM swap fraud. In December 2023, the
Commission released the Data Breach Report and Order (89 FR 9968
(February 12, 2024)), which modifies the scope of customer data and
reportable breaches covered by the Commission’s rules, and also
modifies the Commission’s data breach notification rules to require
covered service providers to electronically notify the FCC of a
reportable data breach, and adopts equivalent requirements for
telecommunications relay services (TRS) providers.
US Code:
47 USC 201, 222 Name of Law: Communications Act of 1934, as
amended
The Commission made the
following adjustments to these estimates: As noted above, the
Commission has updated the estimate of the total number of
respondents to these information collections, based on the total
number of annual CPNI reports filed for calendar year 2023, the
most recent year for which we have such data. This re-calculation
brings the current estimated number of respondents to 2,935, up
from the previous estimate of 2,800 (+135). As discussed in this
Supporting Statement, we believe that most respondents have
previously developed and currently use a digital internal system to
manage and respond to many compliance obligations. Because of this,
the burden for many compliance obligations is now limited to new
entrants. As a result of these adjustments, the total responses
went from 94,432,333 to 20,369, resulting in a change in responses
of -94,411,964. Similarly, as a result of these adjustments, the
burden hours went from 228,981 to 27,579, resulting in a change in
burden hours of -201,402. However, implementation of program
changes as a result of new obligations in the SIM Swap and Port-Out
Fraud Order and the Data Breach Reporting Requirements Order will
require additional hours to design, develop, test, and implement
procedures, engage in recordkeeping, and provide notices to
customers. The Commission has also removed the “cost study” and
“certification” burdens. The Commission deleted the “cost study”
section because it is not an information collection, but rather a
procedure to help ensure rates for subscriber list information are
reasonable. The Commission also deleted the “certification” section
because this type of certification is not an information
collection. These program changes have resulted in corresponding
upward adjustments to the burden hours of +238,245 (241,955 -
3,710) and an upward adjustment to the responses of + 91,712,431
(91,714,831 - 2,400 responses). In addition, the total annualized
cost estimate has decreased from $4,000,000 to $0 (-$4,000,000) as
a result of the Commission’s determination that the “cost study”
element of the collection is not a collection under the Paperwork
Reduction Act. Taken together, the adjustments and program changes
have resulted in downward adjustments to the total figures for the
number of responses from (-2,699,533) and upward adjustments to the
total burden hours from (+36,843) for the collections described in
this supporting statement.
On behalf of this Federal agency, I certify that
the collection of information encompassed by this request complies
with 5 CFR 1320.9 and the related provisions of 5 CFR
1320.8(b)(3).
The following is a summary of the topics, regarding
the proposed collection of information, that the certification
covers:
(i) Why the information is being collected;
(ii) Use of information;
(iii) Burden estimate;
(iv) Nature of response (voluntary, required for a
benefit, or mandatory);
(v) Nature and extent of confidentiality; and
(vi) Need to display currently valid OMB control
number;
If you are unable to certify compliance with any of
these provisions, identify the item by leaving the box unchecked
and explain the reason in the Supporting Statement.