eUr L U uIIIU IIoUI sIhPE lV 1113II Ll 5IJJv
against unauthorized access and disclosure.8 The EPIC CPNI Order was directly responsive to the
actions of databrokers, or pretexters, to obtain unauthorized access to CPNI.9 The EPIC CPNI Order
requires that all companies subject to the CPNI rules file annually, on or before March 1, a certification
with the Commission pursuant to amended rule 47 C.F.R. 64.2009(e).'0 Additionally, companies must
now provide, with their certification, "an explanation of any actions taken against data brokers and a
summary of all customer complaints received in the past year concerning the unauthorized release of
5. The Bureau sent a Letter of Inquiry ("LOI") to ZTG on September 5, 2008, asking it to
provide copies and evidence of its timely filed CPNI compliance certificate for 2007, which was due by
March 1, 2008, pursuant to section 64.2009(e) of the Commission's rules or an explanation as to why no
certification was filed.'2 ZTG submitted a response to the LOI on September 8, 2008."3 The Bureau
concluded that ZTG failed to submit satisfactory evidence of its timely filing of the annual CPNI
compliance certification." Accordingly, on February 24, 2009, the Bureau released the Omnibus NAL
against numerous companies, including ZTG, proposing a monetary forfeiture of twenty thousand dollars
($20,000) for its apparent failure to comply with section 64.2009(e) of the Commission's rules,'5 and the
Commission's EPIC CPNI Order, and ordered the Company either to pay the proposed forfeiture or file a
written response within thirty (30) days of the release date stating why the proposed forfeiture should be
reduced or canceled. ZTG and the Bureau entered into settlement discussions.
Ill. TERMS OF AGREEMENT
6. Adonting Order. The Parties agree that the provisions of this Consent Decree shall be
subject to final approval by the Bureau by incorporation of such provisions by reference in the Adopting
Order without change, addition, modification, or deletion.
" EPIC CPNI Order, 22 FCC Rcd 6927. Specifically, pursuant to section 64.2009(e): A telecommunications carrier
must have an officer, as an agent of the carrier, sign and file with the Commission a compliance certificate on an
annual basis. The officer must state in the certification that he or she has personal knowledge that the company has
established operating procedures that are adequate to ensure compliance with the rules in this subpart. The carrier
must provide a statement accompanying the certification explaining how its operating procedures ensure that it is or
is not in compliance with the rules in this subpart. In addition, the carrier must include an explanation of any actions
taken against data brokers and a summary of all customer complaints received in the past year concerning the
unauthorized release of CPNI. This filing must be made annually with the Enforcement Bureau on or before March
I in EB Docket No. 06-36, for data pertaining to the previous calendar year. 47 C.F.R. 64.2009(e).
9 EPIC CPNI Order, 22 FCC Rcd at 6928.
1o Id at 6953; 47 C.F.R. 64.2009(e).
" EPIC CPNI Order, 22 FCC Rcd at 6953.
12 See note 2, supra.
'" See email from Brendo Buenaluz to Robert Somers (Sept. 8. 2008).
14 Annual CPNI Certification. Omnibus Notice of Apparent Liability for Forfeiture, 24 FCC Rcd 2299 (Enf. Bur.
2009) ("Omnibus NAL").
F ar l i Inll a tinn fC n mi ci , , I
United States. Federal Communications Commission. FCC Record, Volume 26, No. 7, Pages 4843 to 5761, March 28 - April 08, 2011. Washington D.C.. UNT Digital Library. http://digital.library.unt.edu/ark:/67531/metadc52169/. Accessed April 29, 2016.