Table of Contents

Best Practices to Remain CPNI Compliant

Mitchell Paul-Soumis Updated by Mitchell Paul-Soumis

Read Time: 2 mins

What is CPNI Compliance

Customer Proprietary Network Information refers to any data collected over the course of a customer's phone call. This can include Originating Number, Destination Number, Duration, Time, and Date of the call. Private information, linkable to the customer directly, needs to be kept private and restricted. This often takes the form of account numbers, email addresses, and cell phone numbers.

To ensure this data remains private, the FCC mandates that an additional layer of customer verification occur before confirming or changing any CPNI. Additionally, as the Telecommunications Service Provider, your customers must be notified immediately whenever a password, customer response to a backup means of authentication for lost or forgotten password, or address of record is created or changed.

This notification is not required when the customer initiates service, including the selection of a password at service initiation.

A brief is available on the FCC's website here.

You can also download the Public Notice, which contains more information alongside Frequently Asked Questions here | DA-24-125A1.pdf

How You Can Stay Compliant

The basic requirements for staying compliant with the FCC mandates around CPNI compliance are:

  • Ensure the customer's data is protected by a PIN that must be confirmed before any information is divulged or changed.
  • Notify the customer any time a change is made to their data, as described in the CPNI definition.

Meeting these two basic requirements is possible in Sonar through:

  1. A Note on the account, set to Sticky with Confirmation, that confirms the Customer's configured PIN before a call or email thread continues.
  2. A notification sent to the user whenever changes are made to their account.
    1. Configuring these notifications can be done by leveraging the Triggered Message feature in Sonar. The following triggers are needed:
      1. A contact's password is changed
      2. An account address is changed
  3. Disable the UPDATE_CONTACT permission for your Portal User (if the Sonar Customer Portal is enabled for your instance.
    1. This permission change will ensure that users who log in to their account will be unable to make changes to their private profile information, and will need to reach out to your support team, verifying the PIN before those changes are made.

How did we do?

API Changes for Voice Billing

Billing Voice Services in Sonar

Contact