FCC 64.5110 Revised as of October 1, 2013
Goto Year:2012 |
2014
§ 64.5110 Safeguards on the disclosure of customer proprietary network
information.
(a) Safeguarding CPNI. TRS providers shall take all reasonable measures
to discover and protect against attempts to gain unauthorized access to
CPNI. TRS providers shall authenticate a customer prior to disclosing
CPNI based on a customer-initiated telephone contact, TRS call,
point-to-point call, online account access, or an in-store visit.
(b) Telephone, TRS, and point-to-point access to CPNI. A TRS provider
shall authenticate a customer without the use of readily available
biographical information, or account information, prior to allowing the
customer telephonic, TRS, or point-to-point access to CPNI related to
his or her TRS account. Alternatively, the customer may obtain
telephonic, TRS, or point-to-point access to CPNI related to his or her
TRS account through a password, as described in paragraph (e) of this
section.
(c) Online access to CPNI. A TRS provider shall authenticate a customer
without the use of readily available biographical information, or
account information, prior to allowing the customer online access to
CPNI related to his or her TRS account. Once authenticated, the
customer may only obtain online access to CPNI related to his or her
TRS account through a password, as described in paragraph (e) of this
section.
(d) In-store access to CPNI. A TRS provider may disclose CPNI to a
customer who, at a TRS provider's retail location, first presents to
the TRS provider or its agent a valid photo ID matching the customer's
account information.
(e) Establishment of a password and back-up authentication methods for
lost or forgotten passwords. To establish a password, a TRS provider
shall authenticate the customer without the use of readily available
biographical information, or account information. TRS providers may
create a back-up customer authentication method in the event of a lost
or forgotten password, but such back-up customer authentication method
may not prompt the customer for readily available biographical
information, or account information. If a customer cannot provide the
correct password or the correct response for the back-up customer
authentication method, the customer shall establish a new password as
described in this paragraph.
(f) Notification of account changes. TRS providers shall notify
customers immediately whenever a password, customer response to a
back-up means of authentication for lost or forgotten passwords, online
account, or address of record is created or changed. This notification
is not required when the customer initiates service, including the
selection of a password at service initiation. This notification may be
through a TRS provider-originated voicemail, text message, or video
mail to the telephone number of record, by mail to the physical address
of record, or by email to the email address of record, and shall not
reveal the changed information or be sent to the new account
information.
Effective Date Note: At 78 FR 40613 , July 5, 2013, § 64.5110 was
added. This section contain information collection and recordkeeping
requirements and will not become effective until approval has been
given by the Office of Management and Budget.
return arrow Back to Top
CiteFind - See documents on FCC website that
cite this rule
Want to support this service?
Thanks!
Report errors in
this rule. Since these rules are converted to HTML by machine, it's possible errors have been made. Please
help us improve these rules by clicking the Report FCC Rule Errors link to report an error.