Professional Documents
Culture Documents
Cpni Comp RJ 2013
Cpni Comp RJ 2013
(Company) does not use, disclose or permit access to, Customer Proprietary Network In ormation (CPNI) e!cept as permitted under "# $.%.C. & '''(d), e!cept as ot(erwise re)uired *y law pursuant to "# $.%.C. & '''(c)(+) or e!cept as permitted under "# $.%.C. && '''(c)(+)(,) and '''(c)(+)(-). A. Definitions T(e terms used in t(is %tatement (a.e t(e same meanin/ as set ort( in "# C.0.R. & 1".'223. B. Use of CPNI (+) T(e Company does not use, disclose, or permit access to CPNI or marketin/ purposes, and t(e Company does not use, disclose, or permit access to CPNI to market ser.ice o erin/s to a customer t(at re)uire opt4in or opt4out consent o a customer under "# C.0.R. & 1".'22+ et seq. (') T(e Company does not use, disclose or permit access to CPNI to identi y or track customers t(at call competin/ ser.ice pro.iders. (3) Notwit(standin/ t(e or/oin/5 It is t(e Company6s policy t(at t(e Company may use, disclose, or permit access to CPNI to, amon/ ot(er t(in/s, protect t(e ri/(ts or property o t(e Company, or to protect users o t(ose ser.ices and ot(er carriers rom raudulent, a*usi.e, or unlaw ul use o , or su*scription to, suc( ser.ices. C. Safeguards Required for the Use of CPNI (+) It is t(e policy o t(e Company to train its personnel as to t(e circumstances under w(ic( CPNI may, and may not, *e used or disclosed. In addition, t(e Company (as esta*lis(ed a e!press disciplinary process in instances w(ere its personnel do not comply wit( esta*lis(ed policies. (') In compliance wit( %ection 1".'227(e), t(e Company will prepare a compliance certi icate si/ned *y an o icer on an annual *asis statin/ t(at t(e o icer (as personal knowled/e t(at t(e Company (as esta*lis(ed operatin/ procedures t(at are ade)uate to ensure compliance wit( "# C.0.R. & 1".'22+ et seq. T(e certi icate is to *e accompanied *y t(is statement and will *e iled in 8- 9ocket No. 21431 annually on :arc( +, or data pertainin/ to t(e pre.ious calendar year. T(is ilin/ will include an e!planation o any actions taken a/ainst data *rokers and a summary o all customer complaints recei.ed in t(e past year concernin/ t(e unaut(ori;ed release o CPNI. D. Safeguards on the Disclosure of CPNI It is t(e Company6s policy to take reasona*le measures to disco.er and protect a/ainst attempts to /ain unaut(ori;ed access to CPNI. T(e Company does not (a.e access to call detail in ormation (as it is de ined in "# C.0.R & 1".'223) and does not pro.ide t(is in ormation to its
customers *ut, w(en applica*le, will properly aut(enticate a customer prior to disclosin/ CPNI *ased on customer4initiated telep(one contact descri*ed (erein. (+) Methods of Accessing CPNI. (a) Telephone Access to CPNI. <(en applica*le, it is t(e Company6s policy to only disclose call detail in ormation o.er t(e telep(one, *ased on customer4initiated telep(one contact, i t(e customer irst pro.ides t(e Company wit( a password, as descri*ed in %ection ('), t(at is not prompted *y t(e carrier askin/ or readily a.aila*le *io/rap(ical in ormation, or account in ormation. I t(e customer is a*le to pro.ide call detail in ormation to t(e Company durin/ a customer4initiated call wit(out t(e Company6s assistance, t(en t(e Company may discuss t(e call detail in ormation pro.ided *y t(e customer. (*) Online Access to CPNI. T(e Company does not pro.ide online access to customer account in ormation. (') Password Procedures. <(en applica*le, to esta*lis( a password, t(e Company will aut(enticate t(e customer wit(out t(e use o readily a.aila*le *io/rap(ical in ormation, or account in ormation. T(e Company may create a *ack4up customer aut(entication met(od in t(e e.ent o lost or or/otten passwords, *ut suc( *ack4up customer aut(entication met(od will not prompt t(e customer or readily a.aila*le *io/rap(ical in ormation or account in ormation. I t(e customer cannot pro.ide t(e correct password or correct response or t(e *ack4up customer aut(entication met(od, t(e customer must esta*lis( a new password as descri*ed in t(is para/rap(. (3) Notification of Account Changes. <(en applica*le, t(e Company will noti y customers immediately w(ene.er a password, customer response to a *ack4up means o aut(entication or lost or or/otten passwords, online account, or address o record is created or c(an/ed. T(is noti ication is not re)uired w(en t(e customer initiates ser.ice, includin/ t(e selection o a password at ser.ice initiation. T(is noti ication may *e t(rou/( a Company ori/inated .oicemail or te!t messa/e to t(e telep(one num*er o record, or *y mail to t(e address o record, and must not re.eal t(e c(an/ed in ormation or *e sent to t(e new account in ormation. E. Notification of CPNI Securit Breaches (+) It is t(e Company6s policy to noti y law en orcement o a *reac( in its customers6 CPNI as pro.ided in t(is section. T(e Company will not noti y its customers or disclose t(e *reac( pu*licly until it (as completed t(e process o noti yin/ law en orcement pursuant to para/rap( ('). (') ,s soon as practica*le, and in no e.ent later t(an se.en (#) *usiness days, a ter reasona*le determination o t(e *reac(, t(e Company will electronically noti y t(e $nited %tates
%ecret %er.ices ($%%%) and t(e 0ederal -ureau o In.esti/ation (0-I) t(rou/( a central reportin/ acility. (a) Notwit(standin/ state law to t(e contrary, t(e Company will not noti y customers or disclose t(e *reac( to t(e pu*lic until # ull *usiness days (a.e passed a ter noti ication to t(e $%%% and t(e 0-I, e!cept as pro.ided in para/rap(s (*) and (c). (*) I t(e Company *elie.es t(at t(ere is an e!traordinarily ur/ent need to noti y any class o a ected customers sooner t(an ot(erwise allowed under para/rap( (a), in order to a.oid immediate and irrepara*le (arm, it will so indicate in its noti ication and may proceed to immediately noti y its a ected customers only a ter consultation wit( t(e rele.ant in.esti/ation a/ency. T(e Company will cooperate wit( t(e rele.ant in.esti/atin/ a/ency6s re)uest to minimi;e any ad.erse e ects o suc( customer noti ication. (c) I t(e rele.ant in.esti/atin/ a/ency determines t(at pu*lic disclosure or notice to customer would impede or compromise an on/oin/ or potential criminal in.esti/ation or national security, t(e Company will comply wit( suc( a/ency6s written directi.es, includin/ directi.es not to so disclose or noti y or an initial period o up to 32 days, and e!tended periods as reasona*ly necessary in t(e =ud/ment o t(e a/ency. (3) , ter t(e Company (as completed t(e process o noti yin/ law en orcement pursuant to para/rap( ('), it will noti y its customers o a *reac( o t(ose customers6 CPNI. (") Record keeping. T(e Company will maintain a record, electronically or in some ot(er manner, o any *reac(es disco.ered, noti ications made to t(e $%%% and t(e 0-I pursuant to para/rap( ('), and noti ications made to customers. T(e record will include, i a.aila*le, dates o disco.ery and noti ication, a detailed description o t(e CPNI t(at was t(e su*=ect o t(e *reac(, and t(e circumstances o t(e *reac(. T(e Company will maintain t(e record or a minimum o ' years.