Goto Section: 64.5109 | 64.5111 | Table of Contents

FCC 64.5110
Revised as of October 2, 2015
Goto Year:2014 | 2016
  § 64.5110   Safeguards on the disclosure of customer proprietary network
information.

   (a) Safeguarding CPNI. TRS providers shall take all reasonable measures to
   discover and protect against attempts to gain unauthorized access to CPNI.
   TRS providers shall authenticate a customer prior to disclosing CPNI based
   on a customer-initiated telephone contact, TRS call, point-to-point call,
   online account access, or an in-store visit.

   (b) Telephone, TRS, and point-to-point access to CPNI. A TRS provider shall
   authenticate a customer without the use of readily available biographical
   information,  or  account  information, prior to allowing the customer
   telephonic, TRS, or point-to-point access to CPNI related to his or her TRS
   account.  Alternatively,  the  customer may obtain telephonic, TRS, or
   point-to-point access to CPNI related to his or her TRS account through a
   password, as described in paragraph (e) of this section.

   (c) Online access to CPNI. A TRS provider shall authenticate a customer
   without the use of readily available biographical information, or account
   information, prior to allowing the customer online access to CPNI related to
   his or her TRS account. Once authenticated, the customer may only obtain
   online access to CPNI related to his or her TRS account through a password,
   as described in paragraph (e) of this section.

   (d) In-store access to CPNI. A TRS provider may disclose CPNI to a customer
   who, at a TRS provider's retail location, first presents to the TRS provider
   or its agent a valid photo ID matching the customer's account information.

   (e) Establishment of a password and back-up authentication methods for lost
   or  forgotten passwords. To establish a password, a TRS provider shall
   authenticate the customer without the use of readily available biographical
   information, or account information. TRS providers may create a back-up
   customer authentication method in the event of a lost or forgotten password,
   but such back-up customer authentication method may not prompt the customer
   for readily available biographical information, or account information. If a
   customer cannot provide the correct password or the correct response for the
   back-up customer authentication method, the customer shall establish a new
   password as described in this paragraph.

   (f) Notification of account changes. TRS providers shall notify customers
   immediately whenever a password, customer response to a back-up means of
   authentication for lost or forgotten passwords, online account, or address
   of record is created or changed. This notification is not required when the
   customer initiates service, including the selection of a password at service
   initiation. This notification may be through a TRS provider-originated
   voicemail, text message, or video mail to the telephone number of record, by
   mail to the physical address of record, or by email to the email address of
   record, and shall not reveal the changed information or be sent to the new
   account information.

   [ 79 FR 40613 , July 5, 2013]

   return arrow Back to Top


Goto Section: 64.5109 | 64.5111

Goto Year: 2014 | 2016
CiteFind - See documents on FCC website that cite this rule

Want to support this service?
Thanks!

Report errors in this rule. Since these rules are converted to HTML by machine, it's possible errors have been made. Please help us improve these rules by clicking the Report FCC Rule Errors link to report an error.
hallikainen.com
Helping make public information public