Document headings vary by document type but may contain the following:
See the Document Drafting Handbook for more details.
AGENCY:
Federal Communications Commission.
ACTION:
Notice and request for comments.
SUMMARY:
As part of its continuing effort to reduce paperwork burdens, as required by the Paperwork Reduction Act (PRA) of 1995, the Federal Communications Commission (FCC or the Commission) invites the general public and other Federal Agencies to take this opportunity to comment on the following information collection. Pursuant to the Small Business Paperwork Relief Act of 2002, the FCC seeks specific comment on how it might “further reduce the information collection burden for small business concerns with fewer than 25 employees.”
The Commission may not conduct or sponsor a collection of information unless it displays a currently valid Office of Management and Budget (OMB) control number. No person shall be subject to any penalty for failing to comply with a collection of information subject to the PRA that does not display a valid OMB control number.
DATES:
Written comments and recommendations for the proposed information collection should be submitted on or before November 29, 2024.
ADDRESSES:
Comments should be sent to www.reginfo.gov/public/do/PRAMain. Find this particular information collection by selecting “Currently under 30-day Review—Open for Public Comments” or by using the search function. Your comment must be submitted into www.reginfo.gov per the above instructions for it to be considered. In addition to submitting in www.reginfo.gov also send a copy of your comment on the proposed information collection to Nicole Ongele, FCC, via email to PRA@fcc.gov and to Nicole.Ongele@fcc.gov. Include in the comments the OMB control number as shown in the SUPPLEMENTARY INFORMATION below.
FOR FURTHER INFORMATION CONTACT:
For additional information or copies of the information collection, contact Nicole Ongele at (202) 418-2991. To view a copy of this information collection request (ICR) submitted to OMB: (1) go to the web page http://www.reginfo.gov/public/do/PRAMain, (2) look for the section of the web page called “Currently Under Review,” (3) click on the downward-pointing arrow in the “Select Agency” box below the “Currently Under Review” heading, (4) select “Federal Communications Commission” from the list of agencies presented in the “Select Agency” box, (5) click the “Submit” button to the right of the “Select Agency” box, (6) when the list of FCC ICRs currently under review appears, look for the Title of this ICR and then click on the ICR Reference Number. A copy of the FCC submission to OMB will be displayed.
SUPPLEMENTARY INFORMATION:
As part of its continuing effort to reduce paperwork burdens, as required by the Paperwork Reduction Act (PRA) of 1995 (44 U.S.C. 3501-3520), the FCC invited the general public and other Federal Agencies to take this opportunity to comment on the following information collection. Comments are requested concerning: (a) Whether the proposed collection of information is necessary for the proper performance of the functions of the Commission, including whether the information shall have practical utility; (b) the accuracy of the Commission's burden estimates; (c) ways to enhance the quality, utility, and clarity of the information collected; and (d) ways to minimize the burden of the collection of information on the respondents, including the use of automated collection techniques or other forms of information technology. Pursuant to the Small Business Paperwork Relief Act of 2002, Public Law 107-198, see 44 U.S.C. 3506(c)(4), the FCC seeks specific comment on how it might “further reduce the information collection burden for small business concerns with fewer than 25 employees.”
OMB Control Number: 3060-0715.
Title: Telecommunications Carriers' Use of Customer Proprietary Network Information and Other Customer Information.
Form Number: N/A.
Type of Review: Revision of a currently approved collection.
Respondents: Business or other for-profit entities, and state, local, or tribal government.
Number of Respondents and Responses: 2,935 respondents; 91,735,200 responses.
Estimated Time per Response: 0.1-120 hours.
Frequency of Response: On occasion, annual, and one-time reporting requirements; recordkeeping; and third party disclosure requirements.
Obligation to Respond: Mandatory. Statutory authority for these collections are contained in Sections 201 and 222 of the Communications Act of 1934, as amended, 47 U.S.C. 201, 222.
Total Annual Burden: 269,534 hours.
Total Annual Cost: No Cost.
Needs and Uses: Section 222 of the Communications Act of 1934, as amended, 47 U.S.C. 222, establishes the duty of telecommunications carriers to protect the confidentiality of its customers' proprietary information. This proprietary information includes personally identifiable information derived from a customer's relationship with a provider of telecommunications services. This information collection implements the statutory obligations of Section 222. These regulations impose safeguards to protect Customer Proprietary Network Information (CPNI) and other customer proprietary information against unauthorized access and disclosure.
On November 16, 2023, the FCC released the SIM Swap and Port-Out Fraud Order (88 FR 85794 (December 8, 2023)), which adopted a baseline framework to combat SIM swap fraud by amending section 64.2010 of the CPNI rules to add paragraph (h) on Subscriber Identity Module (SIM) changes and adds new information collection requirements in paragraphs (h)(3), (h)(5), (h)(6), and (h)(8) of that rule. A SIM swap involves the fraudulent transfer (or “swap”) of an account from a device associated with one SIM to a device associated with a different SIM, allowing a bad actor to control the victim's mobile account and access the victim's CPNI. The new rules establish a uniform framework that gives wireless providers flexibility to implement customer authentication and security methods to address SIM swap fraud. The SIM Swap and Port-Out Fraud Order modifies the existing CPNI collection requirements to require wireless providers to: (1) immediately notify customers of any requests for a SIM change associated with the customer's account before the SIM change is completed; (2) provide customers with advance notice of any account protection measures offered; (3) maintain a clear process for customers to report SIM fraud and promptly provide customers with documentation of fraud involving their accounts; and (4) track and maintain for three years a record of SIM change requests and authentication measures used.
On December 21, 2023, the Commission released the Data Breach Report and Order (89 FR 9968 (February 12, 2024)), which modifies the scope of customer data and reportable breaches covered by the Commission's rules, and also modifies the Commission's data breach notification rules to require covered service providers to electronically notify the FCC of a reportable data breach through a link to a central reporting facility, contemporaneously with the existing obligation to notify the United States Secret Service Bureau (Secret Service) and the Federal Bureau of Investigation (FBI), and adopts equivalent requirements for Telecommunications Relay Services (TRS) providers. Covered service providers include providers of telecommunications, interconnected Voice over Internet Protocol (VoIP), and TRS. All covered providers are required to maintain a record, electronically or in some other manner, of any breaches discovered, and notifications made. Covered providers are also required to submit, via the central reporting facility, an annual reporting of certain small breaches.
OMB Control Number: 3060-0742.
Title: Sections 52.21 through 52.37, Telephone Number Portability, 47 CFR part 52, subpart (C), and CC Docket No. 95-116.
Form Number: N/A.
Type of Review: Revision of a currently approved collection.
Respondents: Business or other for profit entities.
Number of Respondents and Responses: 1,626 respondents; 13,672,050 responses.
Estimated Time per Response: 0.0666 hours-60 hours.
Frequency of Response: On occasion and one-time reporting requirements, recordkeeping requirement, and third party disclosure requirement.
Obligation to Respond: Required to obtain or retain benefits. Statutory authority for this information collection is contained in 47 U.S.C. 151, 152, 154(i), 201-205, 215, 251(b)(2), 251(e)(2) and 332 of the Communications Act of 1934, as amended.
Total Annual Burden: 792,235 hours.
Total Annual Cost: No cost.
Needs and Uses: Section 251(b)(2) of the Communications Act of 1934, as amended, requires LECs to “provide, to the extent technically feasible, number portability in accordance with requirements prescribed by the Commission.” Through the LNP process, consumers have the ability to retain their phone number when switching telecommunications service providers, enabling them to choose a provider that best suits their needs and enhancing competition. In the Porting Interval Order and Further Notice, the Commission mandated a one business day porting interval for simple wireline-to-wireline and intermodal port requests. The information collected in the standard local service request data fields is necessary to complete simple wireline-to-wireline and intermodal ports within the one business day porting interval mandated by the Commission and will be used to comply with Section 251 of the Telecommunications Act of 1996.
On November 16, 2023, the FCC released a Report and Order and Further Notice of Proposed Rulemaking (88 FR 85794 (Dec. 8, 2023)) ( SIM Swap and Port-Out Fraud Order), which adds new information collection requirements. The SIM Swap and Port-Out Fraud Order adopted baseline measures to increase protections for customers against fraudulent port-outs by adding new section 52.37 in Part 52, and adds new information collection requirements in paragraphs (c), (e), and (g), of that rule. Port-out fraud occurs where a bad actor impersonates a customers of a wireless provider and convinces the provider to port the real customer's telephone number to a new wireless provider and a device that the bad actor controls, allowing a bad actor to control the victim's mobile account and receive text messages and phone calls intended for the victim. The new rules establish a uniform framework that gives wireless providers flexibility to implement customer authentication and security methods to address port-out fraud. Wireless providers are required to comply with the new or modified rules except where the Safe Connections Act requires alternate procedures to be used. The SIM Swap and Port-Out Fraud Order modifies the existing Local Number Portability collection requirements to require wireless providers to: (1) immediately notify customers of any requests for a port-out request associated with the customer's account before effectuating the request; (2) provide customers with advance notice of any account protection measures offered; and (3) maintain a clear process for customers to report fraudulent number ports, and promptly provide customers with documentation of fraudulent ports involving their accounts.
Federal Communications Commission.
Marlene Dortch,
Secretary, Office of the Secretary.
[FR Doc. 2024-25103 Filed 10-28-24; 8:45 am]
BILLING CODE 6712-01-P