More than 600 small fixed-line and wireless phone service carriers were each told by the FCC Tuesday that they are liable for $20,000 in fines for non-compliance with reporting requirements pertaining to the confidentiality of consumer proprietary network information (CPNI). Totaling $13 million, the proposed fines were issued by the FCC upon completion of a comprehensive review of required annual CPNI certifications by the agency’s Enforcement Bureau. In April 2007, the FCC tightened CPNI privacy requirements after receiving complaints about the sale of phone subscriber information on the Internet by data brokers who obtained that information under false pretenses. In accordance with the amended rules, carriers were required by March 1, 2008 to report to the FCC steps they have taken to safeguard the security of subscriber records, to notify subscribers of changes to their accounts, and to implement passwords that subscribers would need to use to access account information online or over the telephone. The $20,000 fines were imposed for failure to submit required CPNI certifications. Additional carriers were held liable for fines of up to $10,000 each for filing certifications that did not comply with the FCC’s rules. Affected carriers will have the opportunity to demonstrate that the fines are unwarranted or should be reduced due to financial difficulty. While acknowledging that 2008 was the first year in which the FCC required the CPNI paperwork, acting FCC Chairman Michael Copps stressed, “the broad nature of this enforcement action hopefully will ensure substantial compliance with our rules going forward as the Commission continues to make consumer privacy protection a top priority.”