Telecommunications Carriers' Use of Customer Proprietary Network Information (CPNI) and Other Customer Information, CC Docket No. 96-115
Revision of a currently approved collection
No
Regular
10/29/2024
Requested
Previously Approved
36 Months From Approved
02/28/2027
91,735,200
94,434,733
269,534
232,691
0
4,000,000
This information collection implements the statutory obligations of section 222 of the Communications Act of 1934, as amended, 47 U.S.C. 222. These regulations impose safeguards to protect customers' CPNI against unauthorized access and disclosure. In November 2023, the FCC released the SIM Swap and Port-Out Fraud Order (88 FR 85794 (December 8, 2023)), which modifies the existing CPNI collection requirements to establish a framework to combat SIM swap fraud. In December 2023, the Commission released the Data Breach Report and Order (89 FR 9968 (February 12, 2024)), which modifies the scope of customer data and reportable breaches covered by the Commissionâs rules, and also modifies the Commissionâs data breach notification rules to require covered service providers to electronically notify the FCC of a reportable data breach, and adopts equivalent requirements for telecommunications relay services (TRS) providers.
US Code:
47 USC 201, 222
Name of Law: Communications Act of 1934, as amended
The Commission made the following adjustments to these estimates:
As noted above, the Commission has updated the estimate of the total number of respondents to these information collections, based on the total number of annual CPNI reports filed for calendar year 2023, the most recent year for which we have such data. This re-calculation brings the current estimated number of respondents to 2,935, up from the previous estimate of 2,800 (+135). As discussed in this Supporting Statement, we believe that most respondents have previously developed and currently use a digital internal system to manage and respond to many compliance obligations. Because of this, the burden for many compliance obligations is now limited to new entrants. As a result of these adjustments, the total responses went from 94,432,333 to 20,369, resulting in a change in responses of -94,411,964. Similarly, as a result of these adjustments, the burden hours went from 228,981 to 27,579, resulting in a change in burden hours of -201,402. However, implementation of program changes as a result of new obligations in the SIM Swap and Port-Out Fraud Order and the Data Breach Reporting Requirements Order will require additional hours to design, develop, test, and implement procedures, engage in recordkeeping, and provide notices to customers. The Commission has also removed the âcost studyâ and âcertificationâ burdens. The Commission deleted the âcost studyâ section because it is not an information collection, but rather a procedure to help ensure rates for subscriber list information are reasonable. The Commission also deleted the âcertificationâ section because this type of certification is not an information collection. These program changes have resulted in corresponding upward adjustments to the burden hours of +238,245 (241,955 - 3,710) and an upward adjustment to the responses of + 91,712,431 (91,714,831 - 2,400 responses). In addition, the total annualized cost estimate has decreased from $4,000,000 to $0 (-$4,000,000) as a result of the Commissionâs determination that the âcost studyâ element of the collection is not a collection under the Paperwork Reduction Act. Taken together, the adjustments and program changes have resulted in downward adjustments to the total figures for the number of responses from (-2,699,533) and upward adjustments to the total burden hours from (+36,843) for the collections described in this supporting statement.
On behalf of this Federal agency, I certify that the collection of information encompassed by this request complies with 5 CFR 1320.9 and the related provisions of 5 CFR 1320.8(b)(3).
The following is a summary of the topics, regarding the proposed collection of information, that the certification covers:
(i) Why the information is being collected;
(ii) Use of information;
(iii) Burden estimate;
(iv) Nature of response (voluntary, required for a benefit, or mandatory);
(v) Nature and extent of confidentiality; and
(vi) Need to display currently valid OMB control number;
If you are unable to certify compliance with any of these provisions, identify the item by leaving the box unchecked and explain the reason in the Supporting Statement.
CPNI PRA 3060-0715 Supporting Statement (Revised)_10.29.24.docx
Business or other for-profit