6712-01 FEDERAL COMMUNICATIONS COMMISSION [OMB 3060-0715, OMB 3060-0742; FR ID 227288] Information Collections Being Reviewed by the Federal Communications Commission AGENCY: Federal Communications Commission. ACTION: Notice and request for comments. SUMMARY: As part of its continuing effort to reduce paperwork burdens, and as required by the Paperwork Reduction Act (PRA) of 1995, the Federal Communications Commission (FCC or the Commission) invites the general public and other Federal agencies to take this opportunity to comment on the following information collection. Comments are requested concerning: whether the proposed collection of information is necessary for the proper performance of the functions of the Commission, including whether the information shall have practical utility; the accuracy of the Commission's burden estimate; ways to enhance the quality, utility, and clarity of the information collected; ways to minimize the burden of the collection of information on the respondents, including the use of automated collection techniques or other forms of information technology; and ways to further reduce the information collection burden on small business concerns with fewer than 25 employees. DATES: Written PRA comments should be submitted on or before [INSERT DATE 60 DAYS AFTER DATE OF PUBLICATION IN THE FEDERAL REGISTER]. If you anticipate that you will be submitting comments, but find it difficult to do so within the period of time allowed by this notice, you should advise the contact listed below as soon as possible. ADDRESSES: Direct all PRA comments to Nicole Ongele, FCC, via email PRA@fcc.gov and to nicole.ongele@fcc.gov. FOR FURTHER INFORMATION CONTACT: For additional information about the information collection, contact Nicole Ongele, (202) 418-2991. SUPPLEMENTARY INFORMATION: The FCC may not conduct or sponsor a collection of information unless it displays a currently valid control number. No person shall be subject to any penalty for failing to comply with a collection of information subject to the PRA that does not display a valid Office of Management and Budget (OMB) control number. OMB Control Number: 3060-0715. Title: Telecommunications Carriers’ Use of Customer Proprietary Network Information and Other Customer Information. Form Number: N/A. Type of Review: Revision of a currently approved collection. Respondents: Business or other for-profit entities, and state, local, or tribal government. Number of Respondents and Responses: 2,935 respondents; 24,427 responses. Estimated Time per Response: 0.1 - 120 hours. Frequency of Response: On occasion, annual, and one-time reporting requirements; recordkeeping; and third party disclosure requirements. Obligation to Respond: Mandatory. Statutory authority for these collections are contained in sections 201 and 222 of the Communications Act of 1934, as amended, 47 U.S.C. section 201, 222. Total Annual Burden: 206,203 hours. Total Annual Cost: No Cost. Needs and Uses: Section 222 of the Communications Act of 1934, as amended, 47 U.S.C. 222, establishes the duty of telecommunications carriers to protect the confidentiality of its customers’ proprietary information. This proprietary information includes personally identifiable information derived from a customer’s relationship with a provider of telecommunications services. This information collection implements the statutory obligations of Section 222. These regulations impose safeguards to protect Customer Proprietary Network Information (CPNI) and other customer proprietary information against unauthorized access and disclosure. On November 16, 2023, the FCC released the SIM Swap and Port-Out Fraud Order (88 FR 85794 (December 8, 2023)), which adopted a baseline framework to combat SIM swap fraud by amending section 64.2010 of the CPNI rules to add paragraph (h) on Subscriber Identity Module (SIM) changes and adds new information collection requirements in paragraphs (h)(2) through (6) and (h)(8) of that rule. A SIM swap involves the fraudulent transfer (or “swapâ€) of an account from a device associated with one SIM to a device associated with a different SIM, allowing a bad actor to control the victim’s mobile account and access the victim’s CPNI. The new rules establish a uniform framework that gives wireless providers flexibility to implement customer authentication and security methods to address SIM swap fraud. The SIM Swap and Port-Out Fraud Order modifies the existing CPNI collection requirements to require wireless providers to: (1) adopt processes for responding to failed authentication attempts in connection with a SIM change request; (2) immediately notify customers of any requests for a SIM change associated with the customer’s account before the SIM change is completed; (3) offer all customers, at no cost, the option to lock or freeze their account to stop SIM change requests; (4) provide customers with advance notice of any account protection measures offered; (5) maintain a clear process for customers to report SIM fraud, promptly investigate and remediate fraud, and promptly provide customers with documentation of fraud involving their accounts; and (6) track and maintain for three years a record of SIM change requests and authentication measures used. On December 21, 2023, the Commission released the Data Breach Report and Order (89 FR 9968 (February 12, 2024)), which modifies the scope of customer data and reportable breaches covered by the Commission’s rules, and also modifies the Commission’s data breach notification rules to require covered service providers to electronically notify the FCC of a reportable data breach through a link to a central reporting facility, contemporaneously with the existing obligation to notify the United States Secret Service Bureau (Secret Service) and the Federal Bureau of Investigation (FBI), and adopts equivalent requirements for Telecommunications Relay Services (TRS) providers. Covered service providers include providers of telecommunications, interconnected Voice over Internet Protocol (VoIP), and TRS. All covered providers are required to maintain a record, electronically or in some other manner, of any breaches discovered, and notifications made. Covered providers are also required to submit, via the central reporting facility, an annual reporting of certain small breaches. OMB Control Number: 3060-0742. Title: Sections 52.21 through 52.37, Telephone Number Portability, 47 CFR part 52, subpart (C), and CC Docket No. 95-116. Form Number: N/A. Type of Review: Revision of a currently approved collection. Respondents: Business or other for profit entities. Number of Respondents and Responses: 6,026 respondents; 10,002,000 responses. Estimated Time per Response: 0.0666 hours - 60 hours. Frequency of Response: On occasion and one-time reporting requirements, recordkeeping requirement, and third party disclosure requirement. Obligation to Respond: Required to obtain or retain benefits. Statutory authority for this information collection is contained in 47 U.S.C. 151, 152, 154(i), 201–205, 215, 251(b)(2), 251(e)(2) and 332 of the Communications Act of 1934, as amended. Total Annual Burden: 748,410 hours. Total Annual Cost: No cost. Needs and Uses: Section 251(b)(2) of the Communications Act of 1934, as amended, requires LECs to “provide, to the extent technically feasible, number portability in accordance with requirements prescribed by the Commission.†Through the LNP process, consumers have the ability to retain their phone number when switching telecommunications service providers, enabling them to choose a provider that best suits their needs and enhancing competition. In the Porting Interval Order and Further Notice, the Commission mandated a one business day porting interval for simple wireline-to-wireline and intermodal port requests. The information collected in the standard local service request data fields is necessary to complete simple wireline-towireline and intermodal ports within the one business day porting interval mandated by the Commission and will be used to comply with section 251 of the Telecommunications Act of 1996. On November 16, 2023, the FCC released a Report and Order and Further Notice of Proposed Rulemaking (88 FR 85794 (Dec. 8, 2023)) (SIM Swap and Port-Out Fraud Order), which adds new information collection requirements. The SIM Swap and Port-Out Fraud Order adopted baseline measures to increase protections for customers against fraudulent port-outs by adding new section 52.37 in part 52, and adds new information collection requirements in paragraphs (c) through (e), and (g), of that rule. Port-out fraud occurs where a bad actor impersonates a customers of a wireless provider and convinces the provider to port the real customer’s telephone number to a new wireless provider and a device that the bad actor controls, allowing a bad actor to control the victim’s mobile account and receive text messages and phone calls intended for the victim. The new rules establish a uniform framework that gives wireless providers flexibility to implement customer authentication and security methods to address portout fraud. Wireless providers are required to comply with the new or modified rules except where the Safe Connections Act requires alternate procedures to be used. The SIM Swap and Port-Out Fraud Order modifies the existing Local Number Portability collection requirements to require wireless providers to: (1) immediately notify customers of any requests for a port-out request associated with the customer’s account before effectuating the request; (2) offer all customers, at no cost, the option to lock or freeze their account to prohibit wireless providers from processing requests to port the customer’s number; (3) provide customers with advance notice of any account protection measures offered; and (4) maintain a clear process for customers to report fraudulent number ports, promptly investigate and take reasonable steps within its control to remediate fraudulent ports, and promptly provide customers with documentation of fraudulent ports involving their accounts. FEDERAL COMMUNICATIONS COMMISSION. Katura Jackson, Federal Register Liaison Officer. [FR Doc. 2024-13882 Filed: 6/24/2024 8:45 am; Publication Date: 6/25/2024]