6712-01
FEDERAL COMMUNICATIONS COMMISSION
[OMB 3060-0715, OMB 3060-0742; FR ID 227288]
Information Collections Being Reviewed by the Federal Communications Commission
AGENCY: Federal Communications Commission.
ACTION: Notice and request for comments.
SUMMARY: As part of its continuing effort to reduce paperwork burdens, and as required by
the Paperwork Reduction Act (PRA) of 1995, the Federal Communications Commission (FCC or
the Commission) invites the general public and other Federal agencies to take this opportunity to
comment on the following information collection. Comments are requested concerning: whether
the proposed collection of information is necessary for the proper performance of the functions of
the Commission, including whether the information shall have practical utility; the accuracy of
the Commission's burden estimate; ways to enhance the quality, utility, and clarity of the
information collected; ways to minimize the burden of the collection of information on the
respondents, including the use of automated collection techniques or other forms of information
technology; and ways to further reduce the information collection burden on small business
concerns with fewer than 25 employees.
DATES: Written PRA comments should be submitted on or before [INSERT DATE 60 DAYS
AFTER DATE OF PUBLICATION IN THE FEDERAL REGISTER]. If you anticipate that
you will be submitting comments, but find it difficult to do so within the period of time allowed
by this notice, you should advise the contact listed below as soon as possible.
ADDRESSES: Direct all PRA comments to Nicole Ongele, FCC, via email PRA@fcc.gov and
to nicole.ongele@fcc.gov.
FOR FURTHER INFORMATION CONTACT: For additional information about the
information collection, contact Nicole Ongele, (202) 418-2991.
SUPPLEMENTARY INFORMATION: The FCC may not conduct or sponsor a collection of

information unless it displays a currently valid control number. No person shall be subject to any
penalty for failing to comply with a collection of information subject to the PRA that does not
display a valid Office of Management and Budget (OMB) control number.
OMB Control Number: 3060-0715.
Title: Telecommunications Carriers’ Use of Customer Proprietary Network Information and
Other Customer Information.
Form Number: N/A.
Type of Review: Revision of a currently approved collection.
Respondents: Business or other for-profit entities, and state, local, or tribal government.
Number of Respondents and Responses: 2,935 respondents; 24,427 responses.
Estimated Time per Response: 0.1 - 120 hours.
Frequency of Response: On occasion, annual, and one-time reporting requirements;
recordkeeping; and third party disclosure requirements.
Obligation to Respond: Mandatory. Statutory authority for these collections are contained in
sections 201 and 222 of the Communications Act of 1934, as amended, 47 U.S.C. section 201,
222.
Total Annual Burden: 206,203 hours.
Total Annual Cost: No Cost.

Needs and Uses: Section 222 of the Communications Act of 1934, as amended, 47 U.S.C. 222,
establishes the duty of telecommunications carriers to protect the confidentiality of its customers’
proprietary information. This proprietary information includes personally identifiable
information derived from a customer’s relationship with a provider of telecommunications
services. This information collection implements the statutory obligations of Section 222. These
regulations impose safeguards to protect Customer Proprietary Network Information (CPNI) and
other customer proprietary information against unauthorized access and disclosure.
On November 16, 2023, the FCC released the SIM Swap and Port-Out Fraud Order (88
FR 85794 (December 8, 2023)), which adopted a baseline framework to combat SIM swap fraud

by amending section 64.2010 of the CPNI rules to add paragraph (h) on Subscriber Identity
Module (SIM) changes and adds new information collection requirements in paragraphs (h)(2)
through (6) and (h)(8) of that rule. A SIM swap involves the fraudulent transfer (or “swap”) of an
account from a device associated with one SIM to a device associated with a different SIM,
allowing a bad actor to control the victim’s mobile account and access the victim’s CPNI. The
new rules establish a uniform framework that gives wireless providers flexibility to implement
customer authentication and security methods to address SIM swap fraud. The SIM Swap and
Port-Out Fraud Order modifies the existing CPNI collection requirements to require wireless
providers to: (1) adopt processes for responding to failed authentication attempts in connection
with a SIM change request; (2) immediately notify customers of any requests for a SIM change
associated with the customer’s account before the SIM change is completed; (3) offer all
customers, at no cost, the option to lock or freeze their account to stop SIM change requests; (4)
provide customers with advance notice of any account protection measures offered; (5) maintain
a clear process for customers to report SIM fraud, promptly investigate and remediate fraud, and
promptly provide customers with documentation of fraud involving their accounts; and (6) track
and maintain for three years a record of SIM change requests and authentication measures used.

On December 21, 2023, the Commission released the Data Breach Report and Order (89
FR 9968 (February 12, 2024)), which modifies the scope of customer data and reportable
breaches covered by the Commission’s rules, and also modifies the Commission’s data breach
notification rules to require covered service providers to electronically notify the FCC of a
reportable data breach through a link to a central reporting facility, contemporaneously with the
existing obligation to notify the United States Secret Service Bureau (Secret Service) and the
Federal Bureau of Investigation (FBI), and adopts equivalent requirements for
Telecommunications Relay Services (TRS) providers. Covered service providers include
providers of telecommunications, interconnected Voice over Internet Protocol (VoIP), and TRS.
All covered providers are required to maintain a record, electronically or in some other manner,
of any breaches discovered, and notifications made. Covered providers are also required to

submit, via the central reporting facility, an annual reporting of certain small breaches.

OMB Control Number: 3060-0742.
Title: Sections 52.21 through 52.37, Telephone Number Portability, 47 CFR part 52, subpart (C),
and CC Docket No. 95-116.
Form Number: N/A.
Type of Review: Revision of a currently approved collection.
Respondents: Business or other for profit entities.
Number of Respondents and Responses: 6,026 respondents; 10,002,000 responses.
Estimated Time per Response: 0.0666 hours - 60 hours.
Frequency of Response: On occasion and one-time reporting requirements, recordkeeping
requirement, and third party disclosure requirement.
Obligation to Respond: Required to obtain or retain benefits. Statutory authority for this
information collection is contained in 47 U.S.C. 151, 152, 154(i), 201–205, 215, 251(b)(2),
251(e)(2) and 332 of the Communications Act of 1934, as amended.
Total Annual Burden: 748,410 hours.
Total Annual Cost: No cost.
Needs and Uses: Section 251(b)(2) of the Communications Act of 1934, as amended, requires
LECs to “provide, to the extent technically feasible, number portability in accordance with
requirements prescribed by the Commission.” Through the LNP process, consumers have the
ability to retain their phone number when switching telecommunications service providers,
enabling them to choose a provider that best suits their needs and enhancing competition. In the
Porting Interval Order and Further Notice, the Commission mandated a one business day porting
interval for simple wireline-to-wireline and intermodal port requests. The information collected
in the standard local service request data fields is necessary to complete simple wireline-towireline and intermodal ports within the one business day porting interval mandated by the
Commission and will be used to comply with section 251 of the Telecommunications Act of
1996.

On November 16, 2023, the FCC released a Report and Order and Further Notice of
Proposed Rulemaking (88 FR 85794 (Dec. 8, 2023)) (SIM Swap and Port-Out Fraud Order), which
adds new information collection requirements. The SIM Swap and Port-Out Fraud Order
adopted baseline measures to increase protections for customers against fraudulent port-outs by
adding new section 52.37 in part 52, and adds new information collection requirements in
paragraphs (c) through (e), and (g), of that rule. Port-out fraud occurs where a bad actor
impersonates a customers of a wireless provider and convinces the provider to port the real
customer’s telephone number to a new wireless provider and a device that the bad actor controls,
allowing a bad actor to control the victim’s mobile account and receive text messages and phone
calls intended for the victim. The new rules establish a uniform framework that gives wireless
providers flexibility to implement customer authentication and security methods to address portout fraud. Wireless providers are required to comply with the new or modified rules except
where the Safe Connections Act requires alternate procedures to be used. The SIM Swap and
Port-Out Fraud Order modifies the existing Local Number Portability collection requirements to
require wireless providers to: (1) immediately notify customers of any requests for a port-out
request associated with the customer’s account before effectuating the request; (2) offer all
customers, at no cost, the option to lock or freeze their account to prohibit wireless providers
from processing requests to port the customer’s number; (3) provide customers with advance
notice of any account protection measures offered; and (4) maintain a clear process for customers
to report fraudulent number ports, promptly investigate and take reasonable steps within its
control to remediate fraudulent ports, and promptly provide customers with documentation of
fraudulent ports involving their accounts.

FEDERAL COMMUNICATIONS COMMISSION.

Katura Jackson,

Federal Register Liaison Officer.
[FR Doc. 2024-13882 Filed: 6/24/2024 8:45 am; Publication Date: 6/25/2024]