On April 2, 2007, the FCC adopted additional measures to protect Customer Proprietary Network Information (CPNI) from unauthorized access and disclosure pursuant to Section 222 of the Communications Act, as amended. One key change by the FCC to existing CPNI rules is the requirement that all companies subject to the CPNI rules file a signed annual officer certification, on or before March 1 (for the previous calendar year), of compliance with the CPNI rules, in accordance with amended rule 47 C.F.R. Section 64.2009(e). The certification requires at a minimum: (1) providing a statement of how the company's procedures ensure compliance with the FCC's CPNI rules; (2) reporting any actions taken against data brokers in the prior year; and (3) summarizing any customer complaints concerning the unauthorized release of CPNI.
On January 7, 2009, the FCC's Enforcement Bureau issued the following Guidance on Filing of 2008 Annual CPNI Certifications, including providing a suggested (though not mandatory) template that filing entities may use to meet the annual certification filing requirement: http://fjallfoss.fcc.gov/edocs_public/attachmatch/DA-09-9A1.pdf Companies required to file such compliance certifications for 2008 should make certain to do so no later than March 1, 2009.