What is customer proprietary network information (CPNI)?
Customer proprietary network information (CPNI) in the United States is information that telecommunications services -- such as local, long-distance and wireless telephone companies -- acquire about their subscribers. It includes what services they use, as well as the amount and type of usage.
The Telecommunications Act of 1996, together with clarifications from the Federal Communications Commission (FCC), generally prohibits the use of that information without customer permission, even for the purpose of marketing the customers other services. In the case of customers who switch to other service providers, the original service provider is prohibited from using the information to try to get the customer back.
CPNI includes such information as optional services subscribed to, current charges, directory assistance charges, usage data and calling patterns. In general, anything that appears on a phone bill is protected as CPNI.
The CPNI rules do not prohibit the gathering and publishing of aggregate customer information nor the use of customer information for the purpose of creating directories. These rules allow for sharing CPNI with other telecommunications providers for interoperability and service-related reasons. Voice over Internet Protocol providers are subject to CPNI regulations.
Companies must protect CPNI with a password. Therefore, a password or PIN is required to access calling and billing data over the phone and on the internet. A government-issued photo ID may be used in person. The company may also mail such information to the address of record on the account.
What is included in customer proprietary network information?
Different kinds of personal information are included in CPNI, including the following:
- called phone numbers
- time of calls
- length of calls
- location of calls
- cost and billing of calls
- service features
- premium services, such as call directory assistance
How do you opt out of sharing CPNI?
CPNI is private and protected information. It can't be used for advertising or marketing directly. An individual's CPNI can be shared with other telecommunications providers for network operating reasons. So, when the individual first signs up for phone service, this information is automatically shared by the phone provider to partner companies.
All telecommunications companies must offer a way to opt out of sharing CPNI. This may be hidden and not easy to do. Verizon Wireless allows customers to change their CPNI sharing in the online profile or over the phone. T-Mobile allows them to change data sharing by contacting support. Each carrier's process will be different, but contacting a service representative is a good place to start.
Is internet and mobile phone information protected by CPNI laws?
The rules that establish and protect CPNI were created before mobile phones and wireless internet access were ubiquitous. The exact times when the CPNI rules apply or don't apply to cellphone use in the United States is still being worked out and is not always clear. Several attempts to change these laws have been presented, but none have taken full effect.
Under current U.S. law, cellphone use is only protected as CPNI when it is being used as a telephone. During this time, the company is acting as a telecommunications provider requiring CPNI rules. Internet use, websites visited, search history or apps used are not protected CPNI because the company is acting as an information services provider not subject to these laws.
The location of a cellphone is sometimes protected by CPNI and sometimes not. The original rules only protect the user location information when obtained by the phone network or during a call but not by other means, such as Internet Protocol address or Global Positioning System tracking. In 2016, the FCC classified location as always being protected CPNI, but the U.S. Congress removed this protection in 2017.