Prepared by Kris Twomey Law Office of Kristopher E. Twomey, P.C.

Slides:



Advertisements
Similar presentations
HIPAA Privacy Practices. Notice A copy of the current DMH Notice must be posted at each service site where persons seeking DMH services will be able to.
Advertisements

Customer Proprietary Network Information (“CPNI”)
Consumer Action Protect Your Phone Records Protect Your Phone Records.
HIPAA: An Overview of Transaction, Privacy and Security Regulations Training for Providers and Staff.
Independent Contractor Orientation HIPAA What Is HIPAA? Health Insurance Portability and Accountability Act of 1996 The Health Insurance Portability.
HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.
Confidentiality and HIPAA
Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.
NAU HIPAA Awareness Training
WHAT IS HIPAA? The Health Insurance Portability and Accountability Act of 1996 (HIPAA) provides certain protections for any of your health information.
COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.
The FTC Do Not Call Registry Training
CALEA Compliance in 2006 H. Michael Warren Vice President, Fiduciary Services NeuStar, Inc February 2006.
Head in the Sand? Regulatory Requirements and Pitfalls for VoIP Providers in the U.S. Prepared by Kris Twomey Law Office of Kristopher E. Twomey, P.C.
Upcoming Regulatory Filing Obligations for VoIP Providers Presented by Kris Twomey Law Office of Kristopher E. Twomey, P.C. FISPA-Sponsored Webinar January.
ROLES & RESPONSIBILITIES PRIVACY ACT (PA) SYSTEMS OF RECORDS MANAGERS.
Outside Business Activities and Selling Away
FAMILY EDUCATIONAL RIGHTS AND PRIVACY ACT Electronic Signatures This work is the intellectual property of the author. Permission is granted for this material.
INTERNET and CODE OF CONDUCT
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
Monitoring employee telephone communication Allow monitoring of number of phone calls, duration of calls, numbers to which calls are placed –Such monitoring.
“Internet” and “Operator” (COPPA Statute) InternetOperator Collectively the myriad of computer and telecommunications facilities, including equipment.
Columbia University Medical Center Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) Privacy & Information Security Training 2009.
HIPAA PRIVACY AND SECURITY AWARENESS.
Confidentiality, Consents and Disclosure Recent Legal Changes and Current Issues Presented by Pam Beach, Attorney at Law.
Health Insurance Portability and Accountability Act (HIPAA) CCAC.
Serving the Public. Regulating the Profession. CANADA’S ANTI-SPAM LEGISLATION (CASL) Training for Chapters Based on Guidelines for Chapters First published.
1 Consumer Protection and DIVCA Joseph Van Eaton, Partner May 24, 2007 Santa Monica, CA.
CIPA (Children’s Internet Protection Act) Helping You Succeed Schools and Libraries Division Washington, DC Newark Atlanta Chicago Orlando.
DATA PROTECTION AND RUNNING A COMPLIANT PUB WATCH SCHEME Nigel Connor Head of Legal –JD Wetherspoon PLC.
Regulatory Reporting and Compliance & VoIP Regulation Jonathan E. Allen Kristopher E. Twomey Rini Coran, PC Law Office of Kristopher E. Twomey, P.C
[ Direct marketing – an introduction to data protection and privacy] For [insert name of organisation] presented by [insert name of presenter] on [date]
Getting Your House In Order: The FCC`s Filing Requirements and Enforcement Process Jonathan E. Allen Kristopher E. Twomey Rini O’Neill, PC Law Office of.
Visibook is instant, simple, and dynamic appointment booking We're headquartered in San Francisco, California "Visibook is awesome. My entire studio was.
HIPAA Training Workshop #3 Individual Rights Kaye L. Rankin Rankin Healthcare Consultants, Inc.
Properly Safeguarding Personally Identifiable Information (PII) Ticket Program Manager (TPM) Social Security’s Ticket to Work Program.
HIPAA Privacy Rule Training
Nassau Association of School Technologists
PROTECTING CUSTOMER INFO FROM CYBERATTACKS
HIPAA PRIVACY & SECURITY TRAINING
HIPAA THE PRIVACY RULE Reviewed December 2012.
What is HIPAA? HIPAA stands for “Health Insurance Portability & Accountability Act” It was an Act of Congress passed into law in HEALTH INSURANCE.
Investigator of Record – Definition
After the FCC Form 471 E-rate Program Applicant Training
The On-Line Ultimate Guide to State Drug Testing Laws
The E-Rate Program CIPA Update Fall 2011 Applicant Trainings.
Affiliate Rules/Code of Conduct
FERPA (Oops, can I say that?)
Obligations of Educational Agencies: Parents’ Bill of Rights
E&O Risk Management: Meeting the Challenge of Change
FERPA (Oops, can I say that?)
Move this to online module slides 11-56
2016 Annual CPNI Training CPNI & PI Awareness Beth Slough,
Red Flags Rule An Introduction County College of Morris
Disability Services Agencies Briefing On HIPAA
Data Protection and Running a Compliant Pub Watch SCHeme
NEW YORK STATE ETHICS LAW
General Data Protection Regulation
Family Educational Rights & Privacy Act (FERPA)
Mathew Norman, Policy & Public Affairs Officer, RLA Wales
Health Care: Privacy in a Digital Age
Investigator of Record – Definition
Investigator of Record – Definition
 How does GDPR impact your business? Pro Tip: Pro Tip: Pro Tip:
Sales Engagement Process for Sales People
Confidentiality Agreement
INTERNAL INVESTIGATIONS AND CITIZEN COMPLAINTS
General Date Protection Regulation
Colorado “Protections For Consumer Data Privacy” Law
The Health Insurance Portability and Accountability Act
Presentation transcript:

Prepared by Kris Twomey Law Office of Kristopher E. Twomey, P.C. CPNI? Prepared by Kris Twomey Law Office of Kristopher E. Twomey, P.C.

Summary Background Basics of CPNI Customer-facing Compliance Marketing and Sales Compliance Recordkeeping Requirements Breach Notifications Questions Try to get you out of here in 30 minutes

VoIP Regulation by the Federal Communications Commission It’s not 2006 anymore—offering voice services to the public is not a hobby E911 FUSF CALEA CPNI VoIP Subscriber Reporting- Form 477 Various Federal Regulatory Fees Besides FUSF Outage reporting Handicap accessibility certification State USF and other requirements

Fines by the FCC Enforcement Bureau Regarding CPNI aka Scare Marketing Take a look at http://transition.fcc.gov/eb/ http://transition.fcc.gov/eb/Headlines.html Enforcement Bureau Annual Reminder to File CPNI certification statement $25,000 for failure to file CPNI certifications $1,000 to $6,000 for non-compliant CPNI statements In September, Verizon fined $7.6 million for CPNI marketing violations

CPNI- What is it? Fine, what does it even stand for? Customer Proprietary Network Information… Huh? Information regarding to whom, where, when, how long a customer places or receives a call- CDRs The types of service offerings to which the customer subscribes The extent to which a customer uses a service CPNI does not consist of subscriber list information; customer name, address and phone number; or aggregate customer information

How Can Voxox Become Compliant Need 3 things Certification of compliance due March 1 every year Retail providers must certify that they have not had any CPNI breaches and otherwise properly guard the data In 2009, proposed penalties of $20K to more than 700 companies for failure to file on time CPNI Manual Employee Training- sit here for ½ hour

Customer-facing Compliance Must Have Procedures In Place to Protect CPNI, usually call detail records Password or code to obtain access, otherwise upon a request must email it to the address on record Online access must be password-protected For access, form in Appendix 4, page 31 Business/Enterprise Customer Exception

Customer-facing Compliance The Company may use, disclose, or permit access to CPNI, without customer approval: To provide inside wiring installation, maintenance, and repair services. For the provision of customer Premises Equipment and call answering, voice mail or messaging, voice storage and retrieval services, fax store and forward, and protocol conversion. To protect the rights or property of the Company, or to protect users of services and other carriers from fraudulent, abusive, or unlawful use of, or subscription to, such services. To initiate, render, bill and collect for services.

Marketing and Sales Compliance The Company may use, disclose, or permit access to aggregate customer information The Company cannot use, disclose or permit access to CPNI to identify or track customers that call competing service providers. The Company must obtain opt-in consent to share CPNI with a joint venture partner for purposes of a marketing communication Opt-out consent is not permissible Just ask Verizon

Marketing and Sales Compliance Opt-in versus Opt-out Opt-out Permissible: marketing Communications-Related Services to a customer Not Permissible (must be opt-in): For the purpose of marketing non-communications-related services to a customer. To obtain approval to disclose the customer's CPNI to joint venture partners or independent contractors. Just ask Verizon Opt-in All is Permissible

Marketing and Sales Compliance Ok, how do we get there? Company must notify the customer of the customer’s right to restrict use, disclosure , and access to, the customer’s CPNI. For notice requirements, see page 13-14 of the manual Appendix 3 on page 30 has an opt-out form Any Use of CPNI for any reason must be run by the appointed personnel in Section 2 of the manual

Recordkeeping The Company must maintain records for a year of: its own sales and marketing campaigns that use CPNI all instances where it discloses or provides CPNI to third parties, or where third parties are allowed access to CPNI. customer approval for use of CPNI, as well as notices required by the FCC’s regulations, for a minimum of one year. The Company must maintain records of customer approval and disapproval for use of CPNI in a readily-available location that is consulted on an as-needed basis.

Recordkeeping The Company may obtain approval through written, oral or electronic methods. If the Company relies on oral approval, it bears the burden of demonstrating that such approval has been given in compliance with the FCC’s regulations. A customer’s approval or disapproval to use, disclose, or permit access to CPNI must remain in effect until the customer revokes or limits such approval or disapproval. Complaints log on Appendix 5, page 32

Notification The Company will take reasonable steps to protect CPNI databases from hackers and other unauthorized attempts by third parties to access CPNI Must notify law enforcement USSS and FBI within 7 business days Must notify customers 7 business days AFTER May be told to hold for an extra 30 days Must notify FCC after 5 days Must retain these records for 2 years

Ostriches Don’t Really Put Their Heads in the Sand, Only People Do Kris Twomey Law Office of Kristopher E. Twomey, P.C. 202 681-1850 kris@lokt.net