TCD enforces the provisions of sections 201(b) and 222 of the Communications Act, as well as the accompanying Commission rules, relating to how telecommunications carriers protect the privacy and security of their customers’ (and certain other entities’) information. Section 201(b) of the Act requires that carriers’ practices be just and reasonable, including practices related to privacy, data protection, and cybersecurity. Section 222 restricts carriers’ use and disclosure of their customers’ (and certain other entities’) “proprietary” information and requires that telecommunications carriers protect the confidentiality of that information. In addition, the Commission’s rules require carriers and interconnected VoIP providers to take reasonable measures to safeguard certain sensitive data known as “customer proprietary network information” (CPNI), to notify consumers and law enforcement of data breaches involving CPNI, and to file annual certifications documenting their compliance with the CPNI rules (codified at 47 CFR § 64.2001 et seq).