Goto Section: 64.2009 | 64.2011 | Table of Contents
FCC 64.2010
Revised as of October 1, 2014
Goto Year:2013 |
2015
§ 64.2010 Safeguards on the disclosure of customer proprietary network
information.
(a) Safeguarding CPNI. Telecommunications carriers must take reasonable
measures to discover and protect against attempts to gain unauthorized
access to CPNI. Telecommunications carriers must properly authenticate
a customer prior to disclosing CPNI based on customer-initiated
telephone contact, online account access, or an in-store visit.
(b) Telephone access to CPNI. Telecommunications carriers may only
disclose call detail information over the telephone, based on
customer-initiated telephone contact, if the customer first provides
the carrier with a password, as described in paragraph (e) of this
section, that is not prompted by the carrier asking for readily
available biographical information, or account information. If the
customer does not provide a password, the telecommunications carrier
may only disclose call detail information by sending it to the
customer's address of record, or by calling the customer at the
telephone number of record. If the customer is able to provide call
detail information to the telecommunications carrier during a
customer-initiated call without the telecommunications carrier's
assistance, then the telecommunications carrier is permitted to discuss
the call detail information provided by the customer.
(c) Online access to CPNI. A telecommunications carrier must
authenticate a customer without the use of readily available
biographical information, or account information, prior to allowing the
customer online access to CPNI related to a telecommunications service
account. Once authenticated, the customer may only obtain online access
to CPNI related to a telecommunications service account through a
password, as described in paragraph (e) of this section, that is not
prompted by the carrier asking for readily available biographical
information, or account information.
(d) In-store access to CPNI. A telecommunications carrier may disclose
CPNI to a customer who, at a carrier's retail location, first presents
to the telecommunications carrier or its agent a valid photo ID
matching the customer's account information.
(e) Establishment of a Password and Back-up Authentication Methods for
Lost or Forgotten Passwords. To establish a password, a
telecommunications carrier must authenticate the customer without the
use of readily available biographical information, or account
information. Telecommunications carriers may create a back-up customer
authentication method in the event of a lost or forgotten password, but
such back-up customer authentication method may not prompt the customer
for readily available biographical information, or account information.
If a customer cannot provide the correct password or the correct
response for the back-up customer authentication method, the customer
must establish a new password as described in this paragraph.
(f) Notification of account changes. Telecommunications carriers must
notify customers immediately whenever a password, customer response to
a back-up means of authentication for lost or forgotten passwords,
online account, or address of record is created or changed. This
notification is not required when the customer initiates service,
including the selection of a password at service initiation. This
notification may be through a carrier-originated voicemail or text
message to the telephone number of record, or by mail to the address of
record, and must not reveal the changed information or be sent to the
new account information.
(g) Business customer exemption. Telecommunications carriers may bind
themselves contractually to authentication regimes other than those
described in this section for services they provide to their business
customers that have both a dedicated account representative and a
contract that specifically addresses the carriers' protection of CPNI.
[ 72 FR 31962 , June 8, 2007]
return arrow Back to Top
Goto Section: 64.2009 | 64.2011
Goto Year: 2013 |
2015
CiteFind - See documents on FCC website that
cite this rule
Want to support this service?
Thanks!
Report errors in
this rule. Since these rules are converted to HTML by machine, it's possible errors have been made. Please
help us improve these rules by clicking the Report FCC Rule Errors link to report an error.
hallikainen.com
Helping make public information public