Contact Us

If you still have questions or prefer to get help directly from an agent, please submit a request.
We’ll get back to you as soon as possible.

Please fill out the contact form below and we will reply as soon as possible.

  • Contact Us
  • Home
  • Voice

Best Practices to Remain CPNI Compliant

Written by Mitchell Ivany

Updated at March 13th, 2025

Contact Us

If you still have questions or prefer to get help directly from an agent, please submit a request.
We’ll get back to you as soon as possible.

Please fill out the contact form below and we will reply as soon as possible.

  • Our Products & Services
  • Getting Started
    First Time Setup Baseline Configuration
  • Accounts
  • Communication
  • Billing
  • Companies
  • Financial
  • Integrations
  • Inventory
  • Jobs
  • ​Mapping
  • Misc.
  • Monitoring
  • Purchase Orders
  • Release Notes
  • Sonar Billing
  • Voice
  • Reporting
  • Security
  • sonarPay
  • Ticketing
  • Working With the Sonar Team & Additional Resources
    Sonar's Security Practices & Certifications
  • System
  • Networking
+ More

Table of Contents

What is CPNI Compliance How You Can Stay Compliant

What is CPNI Compliance

Customer Proprietary Network Information refers to any data collected over the course of a customer's phone call. This can include Originating Number, Destination Number, Duration, Time, and Date of the call. Private information, linkable to the customer directly, needs to be kept private and restricted. This often takes the form of account numbers, email addresses, and cell phone numbers.

To ensure this data remains private, the FCC mandates that an additional layer of customer verification occur before confirming or changing any CPNI. Additionally, as the Telecommunications Service Provider, your customers must be notified immediately whenever a password, customer response to a backup means of authentication for lost or forgotten password, or address of record is created or changed.

This notification is not required when the customer initiates service, including the selection of a password at service initiation.
 

A brief is available on the FCC's website here.

You can also download the Public Notice, which contains more information alongside Frequently Asked Questions here | DA-24-125A1.pdf

How You Can Stay Compliant

The basic requirements for staying compliant with the FCC mandates around CPNI compliance are:

  • Ensure the customer's data is protected by a PIN that must be confirmed before any information is divulged or changed.
  • Notify the customer any time a change is made to their data, as described in the CPNI definition.

Meeting these two basic requirements is possible in Sonar through:

  1. A Note on the account, set to Sticky with Confirmation, that confirms the Customer's configured PIN before a call or email thread continues.
  2. A notification sent to the user whenever changes are made to their account.
    1. Configuring these notifications can be done by leveraging the Triggered Message feature in Sonar. The following triggers are needed:
      1. A contact's password is changed
      2. An account address is changed
  3. Disable the UPDATE_CONTACT permission for your Portal User (if the Sonar Customer Portal is enabled for your instance.
    1. This permission change will ensure that users who log in to their account will be unable to make changes to their private profile information, and will need to reach out to your support team, verifying the PIN before those changes are made.
cpni compliance privacy practices

Was this article helpful?

Yes
No
Give feedback about this article

Related Articles

  • ACH Batching: Overview
  • CPUC Fixed Broadband Deployment by Address
  • FCC Broadband Data Collection (BDC) Filings: How Sonar Can Help
Expand