1.0 2.0 3.0 4.0 5.0 5.1 5.2 6.0 6.1 6.2 6.3 7.0 7.1 7.2 7.3 7.4 8.0 8.1 8.2 8.3 9.0 9.1 9.2 9.3 10.0 11.0 12.0
Purpose ............................................................................................................................................ 1 Scope ............................................................................................................................................... 1 Policy Owner .................................................................................................................................... 1 CPNI Defined & Described .............................................................................................................. 1 CPNI Protection ............................................................................................................................... 1 No CDR CPNI .............................................................................................................................. 1 Access to Non-CDR CPNI Restricted .......................................................................................... 1 Law Enforcement and Required Disclosures ................................................................................... 2 Notification of Account Changes ................................................................................................. 2 CPNI Disclosure to Designated Persons ..................................................................................... 2 CPNI Breach Notification ............................................................................................................. 2 CPNI Permitted Uses ....................................................................................................................... 3 Service Provision and Billing ....................................................................................................... 3 Protection of Rights, Property or Users ....................................................................................... 3 Telemarketing, Referral or Administrative Services .................................................................... 3 Provision of CPE and Other Non-Telecom Services ................................................................... 3 CPNI Marketing Uses....................................................................................................................... 3 Total Service Approach ............................................................................................................... 3 Affiliates and Third Parties ........................................................................................................... 3 Third Party Contracts ................................................................................................................... 3 Record Keeping & Training .............................................................................................................. 4 Training ........................................................................................................................................ 4 Marketing Campaigns Record ..................................................................................................... 4 Outbound Marketing Supervisory Review ................................................................................... 4 Certification ...................................................................................................................................... 4 Enforcement ..................................................................................................................................... 5 Definitions ........................................................................................................................................ 5
1.0 Purpose
This Policy describes and governs the permissible uses and disclosures of Customer Proprietary Network Information (CPNI). Hayes is committed to protecting the privacy of confidential and proprietary information about its Subscribers received by virtue of the provision of telecommunications services.
2.0 Scope
This Policy applies whenever CPNI data is used internally, shared among affiliates or disclosed to any third party.
5.2
Non-CDR CPNI may only be provided over-the-phone to authorized contacts on the Customers account. Non-CDR CPNI is not available to Customers on-line, on-site at Hayess offices or at any retail locations. 5.2.2 Third Party Access No third party shall have access to non-CDR CPNI, except as permitted under FCC regulations or required by law (see Sections 6.0 and 7.0 below).
6.2
6.3
6.3.2
6.3.3
After 7 days of USSS and FBI notice, if Hayes has not received written direction from USSS or FBI, Hayes will notify the Subscriber of the breach. The USSS and FBI may extend the period for such notice by 30 days or more. For 2 years, Hayes will maintain a record of (1) discovered breaches; (2) notifications to USSS and FBI; (3) USSS and FBI responses; (4) dates breaches discovered; (5) dates Hayes notified USSS and FBI; (6) details of CPNI breached; and (7) circumstances of breaches.
6.3.4
-2-
7.2
7.3
7.4
8.2
8.3
Any contract with a third party that includes the disclosure or sharing of CPNI requires a confidentiality agreement with the partner, contractor or agent. The confidentiality agreement must include the following: 1. Require that the partner, contractor or agent use the CPNI only for the purpose of marketing or providing the services for which it was provided; 2. Disallow the partner, contractor or agent from using, allowing access to or disclosing the CPNI to any other party, unless required to make such disclosure under force of law; and 3. Require that the partner, contractor or agent have appropriate protections in place to ensure the ongoing confidentiality of the Subscribers CPNI. All agreements with any partners, contractors and agents must be reviewed and approved by Bradford Hood.
9.2
9.3
10.0 Certification
Hayes shall have an officer sign a compliance certificate in January or February of each year stating that the officer has personal knowledge that Hayes has established operating procedures that are adequate to ensure compliance with the applicable CPNI rules and regulations. Hayes must provide a statement accompanying the certificate explaining how the operating procedures ensure compliance with the applicable rules. The certificate will also include (1) an explanation of any actions taken against data brokers; and (2) a summary of all Subscriber complaints received in the past year concerning the unauthorized release of CPNI.
-4-
Each annual certificate shall be filed with the FCC on or before March 1 of each year and certain information contained in the certificate or accompanying statement may be filed under confidential seal. Each annual certificate shall be retained for a period of at least two years.
11.0 Enforcement
Hayes will seek to employ appropriate remedies against those persons violating this Policy. Remedies may include, but are not limited to, financial, legal or disciplinary actions, including termination and referrals to law enforcement when appropriate. Any suspected violations of this policy should be reported to Bradford Hood. Exceptions For security and maintenance purposes, Hayes authorized individuals may monitor equipment, systems and network traffic limited by their duties. Hayes reserves the right for authorized individuals to audit networks and systems on a periodic basis to ensure compliance with this Policy.
12.0 Definitions
Term Address of Record Definition An address of record, whether postal or electronic, is an address that the Company has associated with the Subscribers account for at least 30 days. Hayes e-Government Resources, Inc. Call Detail Record is information that pertains to the transmission of specific telephone calls, including, for outbound calls, the number called, and the time, location, or duration of any call and, for inbound calls, the number from which the call was placed, and the time, location, or duration of any call. Customer Proprietary Network Information is information that relates to the quantity, technical configuration, type, destination, location, and amount of use of a telecommunications service subscribed to by a subscriber of a telecommunications carrier, and that is made available to the carrier by the subscriber solely by virtue of the carrier-subscriber relationship; and, information contained in the bills pertaining to telephone exchange service or telephone toll service received by a subscriber of a carrier. CPNI does not include a subscribers name, telephone numbers, addresses, or primary advertising classification. Federal Communications Commission. A Subscriber is the entity that purchases telecommunications services from Hayes.
FCC Subscriber
-5-