A'%Jas pCnmmtaa u wmunna Cvrmmiyn flA 114A 0
against unauthorized access and disclosure.s The EPIC CPNI Order was directly responsive to the
actions of databrokers, or pretexters, to obtain unauthorized access to CPNI.9 The EPIC CPNI Order
requires that all companies subject to the CPNI rules file annually, on or before March 1, a certification
with the Commission pursuant to amended rule 47 C.F.R. 64.2009(e).'0 Additionally, companies must
now provide, with their certification, "an explanation of any actions taken against data brokers and a
summary of all customer complaints received in the past year concerning the unauthorized release of
5. The Bureau sent a Letter of Inquiry ("LOI") to DNA on September 5, 2008, asking it to
provide copies and evidence of its timely filed CPNI compliance certificate for 2007, which was due by
March 1, 2008, pursuant to section 64.2009(e) of the Commission's rules or an explanation as to why no
certification was filed."2 DNA submitted a response on September 9, 2008."3 The Bureau concluded that
DNA failed to submit satisfactory evidence of its timely filing of the annual CPNI compliance
certification." Accordingly, on February 24, 2009, the Bureau released the Omnibus NAL against
numerous companies, including DNA, proposing a monetary forfeiture of twenty thousand dollars
($20,000) for its apparent failure to comply with section 64.2009(e) of the Commission's rules,s and the
Commission's EPIC CPNI Order, and ordered the Company either to pay the proposed forfeiture or file a
written response within thirty (30) days of the release date stating why the proposed forfeiture should be
reduced or canceled. DNA requested that the Bureau enter into settlement discussions.
III. TERMS OF AGREEMENT
6. Adopting Order. The Parties agree that the provisions of this Consent Decree shall be
subject to final approval by the Bureau by incorporation of such provisions by reference in the Adopting
Order without change, addition, modification, or deletion.
a EPIC CPNI Order, 22 FCC Rcd 6927. Specifically, pursuant to section 64.2009(e): A telecommunications carrier
must have an officer, as an agent of the carrier, sign and file with the Commission a compliance certificate on an
annual basis. The officer must state in the certification that he or she has personal knowledge that the company has
established operating procedures that are adequate to ensure compliance with the rules in this subpart. The carrier
must provide a statement accompanying the certification explaining how its operating procedures ensure that it is or
is not in compliance with the rules in this subpart. In addition, the carrier must include an explanation of any actions
taken against data brokers and a summary of all customer complaints received in the past year concerning the
unauthorized release of CPNI. This filing must be made annually with the Enforcement Bureau on or before March
I in EB Docket No. 06-36, for data pertaining to the previous calendar year. 47 C.F.R. 64.2009(e).
9 EPIC CPNI Order, 22 FCC Rcd at 6928.
o Id. at 6953; 47 C.F.R. 64.2009(e).
" EPIC CPNI Order, 22 FCC Rcd at 6953.
12 See note 2, supra.
'3 See email from DNA to Marcy Greene, Deputy Division Chief, Telecommunications Consumers Division,
Enforcement Bureau, FCC (Sept. 9, 2008).
4 Annual CPNI Certification, Omnibus Notice of Apparent Liability for Forfeiture, 24 FCC Rcd 2299 (Enf. Bur.
2009) ("Omnibus NAL'").
kFederal nmmunicatinn nmmisinn
United States. Federal Communications Commission. FCC Record, Volume 26, No. 7, Pages 4843 to 5761, March 28-April 08, 2011. Washington D.C.. UNT Digital Library. http://digital.library.unt.edu/ark:/67531/metadc52169/. Accessed June 30, 2015.