Customer Proprietory Network Information Manual1
-
Upload
federal-communications-commission-fcc -
Category
Documents
-
view
221 -
download
0
Transcript of Customer Proprietory Network Information Manual1
-
7/29/2019 Customer Proprietory Network Information Manual1
1/44
Revision 2013
Virginia GlobalCommunications
Systems
Customer ProprietaryNetwork Information
(CPNI)
Policy Manual
-
7/29/2019 Customer Proprietory Network Information Manual1
2/44
Table of Contents
Page
Customer Proprietary Network Information Manual - Objectives ...........................................4
Historical Background .................................................................................................................... 5
CPNI Policy ...........................................................................................................................................6
What is CPNI? ........................................................................................................................... 6
Scope of Rules ........................................................................................................................... 6
Obligation of Rules .......................................................................................................................... 7
Duty to Protect ........................................................................................................................... 7
Customer Authentication Requirements & Procedures ......................................................... 8
Notice to Customer of Account Changes Requirements & Procedures.............................. 8
Notice of Unauthorized Disclosure of CPNI Requirements & procedures ........................ 9
Carrier to Carrier Proprietary Information (CPI) .................................................................... 9
Limited Purpose (Marketing uses for CPNI) ........................................................................ 11
When Can a Carrier use CPNI without Customer Approval? ........................................... 11
Customer Notification Authorizing the Use of CPNI ......................................................... 11
When Does a Carrier Need Customer Approval to use CPNI? ......................................... 12
The Total Service Approach .............................................................................................. 13
Nature of Consents Opt-in and Opt-out Notifications and Consents ......................... 13
Oral Notification and Consent ............................................................................................... 14
Customer Consent Status ........................................................................................................ 15
Use of CPNI in Company Marketing Plans ........................................................................ 15
Outbound Marketing and Third Party Use .......................................................................... 16
Customer Authorization to Release CPNI to a Third Party ............................................... 16
Supervisory Review Process .................................................................................................. 16
Employee Training and Discipline for Misuse .................................................................... 16
-
7/29/2019 Customer Proprietory Network Information Manual1
3/44
Electronic Safeguards ............................................................................................................. 17
Annual CPNI Certification ..................................................................................................... 17
Violation of CPNI Rules......................................................................................................... 17
CPNI Notification, Authorizations, and Scripts .......................................................................... 19
CPNI Customer Notice ................................................................................................................. 19
Verbal Notification for Limited Use for Duration of Call ............................................... 21
CPNI Customer Written Authorization ................................................................................. 22
CPNI Customer Telephone Authorization ............................................................................ 23
Win-Back Marketing Script ................................................................................................... 24
CPNI Certification .................................................................................................................. 26
CPNI Support Statement ........................................................................................................ 27
CPNI Approvals ...................................................................................................................... 28
CPNI Notice Requirements ................................................................................................... 28
CPNI Safeguards..................................................................................................................... 30
CPNI Definitions .................................................................................................................... 31
CPNI FCC Rules .................................................................................................................... 33
-
7/29/2019 Customer Proprietory Network Information Manual1
4/44
CPNIPOLICY MANUAL
CUSTOMER PROPRIETARY NETWORK INFORMATION
(CPNI)
POLICY MANUAL
OBJECTIVES
The objectives of this document are to establish the Companys policies and practices in
connection with its treatment of Customer Proprietary Network Information or CPNI and to
provide information to Company employees about their responsibilities relating to CPNI.
As CPNI is subject to detailed FCC regulation, the Companys compliance with the regulatory
requirements is very important. Employees need to understand the significance of their handling
of CPNI and the ramifications of mishandling it.
This document establishes the Companys CPNI policies and practices with respect to theprotection of customers information and the use of CPNI in marketing efforts. This document
contains a customer notification for use in seeking opt-out consents from customers, a script
for potential Company use in seeking customer CPNI consents during inbound and outbound
calls, training material for use with employees and a copy of the Companys annual Certificate
of Compliance along with a support statement that details the Companys compliancy practices,
that must be filed with the FCC, beginning March 1, 2008.
Employees whose job positions allow them access to customer CPNI will receive training with
regard to CPNI requirements, and new employees entering job positions that allow them access
to customer CPNI will receive training with regard to CPNI requirements as part of theirorientation. All employees will have access to VGCSs CPNI Policy Manual and will be
notified, as necessary, when a change occurs in FCCs regulations that subsequently change the
companys obligations or any sensitivities associated with CPNI.
CPNI unquestionably involves complex situations in which detailed requirements pertaining to
Company conduct come into play. If the information contained in this document fails to
address a situation involving CPNI that arises, employees are strongly urged to seek guidance
before proceeding because, once CPNI is used or disclosed, there is no opportunity to reverse
that action. The FCC has indicated that it intends to enforce its CPNI regulations zealously, and as
consumer concerns over the privacy and confidentiality of their information has reached
unprecedented proportions, maintaining the confidentiality of customer CPNI is every bit as
important as providing good customer service.
Please review this document carefully and keep it for future reference and use.
-
7/29/2019 Customer Proprietory Network Information Manual1
5/44
CPNIPOLICY MANUAL
HISTORICAL BACKGROUND
As technology developed and changed the way people do business, privacy issues were getting
more attention from citizens concerned about the potential abuse of their personal information.
In response, the government, who also recognized the seriousness of this problem, enacted lawsand regulations to protect consumer privacy.
In 1998, the FCC identified the potential use of customer information in ways that could be
invasive of customer privacy and published rules that governed specific uses of customer
information by telecommunication companies. Customer Proprietary Network Information, or
CPNI, is the term for the information that can be gathered and used by telecommunication
companies for marketing services. The intent of these laws was to be pro-competitive and focus
on the use of information in ways that foster competition. The FCC identified what information
could be used by companies and in what form.
Recently, the FCC enacted more stringent rules in response to a pretexting scandal in
Washington DC that occurred in February 2006. An investigation followed, revealing that web-
based Data-Brokers advertised information gathering services, which included call detail records.
These Data-Brokers, also known as pretexters contacted telephone companies and were able to
obtain a consumers call detail records. The method used to obtain the call detail remains
uncertain, but the FCC speculates that either a pretexter fraudulently posed as a consumer to
request call detail records or a telephone company rogue employee released the records in
partnership with the pretexter. The FCC took immediate action to tighten the controls around a
customers CPNI, specifically, call detail information.
Consequently, the new rules not only reinforce the preceding rules but emphasize to telephone
companies the importance to protect and safeguard a customers CPNI. The FCC Enforcement
Bureau is strictly enforcing its rules and considers any unauthorized disclosure of a customers
CPNI as a failure of the telephone company to protect and safeguard. In other words, if a
complaint of unauthorized release of CPNI is lodged against a telephone company, the FCC will
assume that the companys policies and procedures failed in its obligation to protect the
customers CPNI and the company will face enforcement action.
The areas of CPNI requirements that companies must adhere to, to meet their CPNI compliancerequirements are identified as follows:
CPNI trained employees
Defined discipline process and accountability procedures
Customer Authentication via password on in-bound calls for call detail request
-
7/29/2019 Customer Proprietory Network Information Manual1
6/44
CPNIPOLICY MANUAL
Notifications to customers when password or billing address changes
Marketing ConsentOpt-Out versus Opt-In.
Tracking mechanism that quickly identifies customers consent status
Supervisory review process
Signed and filed compliance certification, with accompanying support statement
CPNI POLICY
WHAT IS CPNI?
Customer Proprietary Network Information (CPNI) is personally identifiable information
that the Company collects when providing telephone service to a subscriber. CPNI pertains to
service quantities, types, technical configurations, destinations, locations and amount of use of a
telecommunication service as well as billing information acquired in the course of furnishing
service, such as call detail and calling plan information.
CPNI does NOT include customer names, addresses, telephone numbers and advertising
classifications, which is defined as Subscriber List Information and usually found in telephone
directories. Subscriber List information may be used without customer consent.
CPNI does NOT include any Customer Premises Equipment (CPE) information or internet, asthese are defined as information services.
CPNI does NOT include aggregate information where all personal attributes have been removed.
SCOPE OF RULES
The FCC has implemented rules prohibiting communications service providers from using CPNI
for purposes other than providing services from which the CPNI is obtained, unless the customer
consents to its use for other purposes. The rules apply to all carriers furnishing local exchange,
long distance and wireless services. Effective December 8, 2007, the rules have been expanded
to include VoIP carriers too. All rules regarding CPNI apply to all telecommunications carriers
EXCEPT aggregators of telecommunications services
The FCC has stated that it intends to enforce it CPNI rules zealously and that carriers will be
subject to penalties for the improper use of CPNI. These penalties are in the form of fines and
forfeitures that could be substantial in amount. Every telecommunications carrier must abide by
the regulations.
-
7/29/2019 Customer Proprietory Network Information Manual1
7/44
CPNIPOLICY MANUAL
OBLIGATIONS OF THE RULES
Congress added CPNI provisions to the Communications Act of 1996 to provide balance
between a customers privacy interests and competitiveness. Section 222 establishes a general
duty to protectthe confidentiality of a customers proprietary information and restricts the useof that proprietary information to the limited purpose of providing the telecommunications
services from which the CPNI was derived in the first place. For any other use, a carrier must
first obtain the customers consent before using or disclosing CPNI - for example, to affiliates or
third parties who wish to use the customers information for marketing purposes.
ALL companies, regardless of plans to use CPNI for marketing purposes, must comply with
CPNI regulations.
DUTY TO PROTECT
All carriers have a duty to protect against the unauthorized disclosure of customers CPNI andmust have internal safeguards in place. These safeguards are the procedures of trained
employees, supervisory review, and discipline procedures.
In this obligation, FCC enforcement will be strict and unyielding as ANY complaint of
unauthorized CPNI disclosure will be assessed as a failure of safeguards in our duty to protect.
CUSTOMER AUTHENTICATION REQUIREMENTS
Effective December 8, 2007, Carriers are required to authenticate a customer via a password
before releasing call detail information to customers during customer-initiated telephone calls. Ifa customer (or its authorized user) does not provide a password, a service provider may release
call detail information only by sending it to the address of record or by calling the customer at
the telephone number of record. Carriers must also provide mandatory password protection for
on line account access.
Carriers will be prohibited from authenticating customers using any readily available biological
account information, for the purposes of releasing call detail information
EXCEPTION: Carriers and business customers are permitted to contractually agree toauthentication practices other than those adopted in the CPNI order. In order to do so, Carriers
must provide the business customer with a dedicated account representative as a primary contact
and specifically address CPNI protection in their contract.
-
7/29/2019 Customer Proprietory Network Information Manual1
8/44
CPNIPOLICY MANUAL
CUSTOMER AUTHENTICATION PROCEDURES
The latest CPNI rules address customer password authentication only for the release of call detail
information. However, the FCC is also considering a need to require passwords on ALL
customer-initiated calls in the future. In the interest of excellent customer service, meeting the
CPNI compliancy needs of today and preparing for potentially more stringent rules in the future,
the goal will be to invite the customer to establish password on all accounts.
CSRs will use the current standard methods to authenticate a customer on all in-bound calls that
are not related to call detail requests. Once the customer is confidently authenticated using
existing account information, the CSR will request a password and back-up question and insert
this information into the appropriate fields on the software Profile screen.
Customer education information was mailed in the November 2007 statements alerting the
customers that the FCC is requiring a password security for the release of call detail information.
Effective December 8, 2007, if any customer calls to request call detail and does not have apassword established on their account, the requested information will be mailed to the address of
record. The CSR can also call the customer at the telephone number of record to discuss call
detail and at the same time, will establish a password for the customers future needs.
NOTICE TO CUSTOMER OF ACCOUNT CHANGES
Carriers must notify the customer immediately when changes are made to their account. For
example, they must give notification (through voicemail, e-mail,-or mail) in the event of changes
to customers on-line accounts, passwords, password authentication procedures or address of
record, thus providing an additional measure of security against changes to their account withoutcustomers knowledge.
NOTICE TO CUSTOMER OF ACCOUNT CHANGES PROCEDURE
When customers call to change the password, password back-up questions or the billing address,
Employees will:
call the telephone number of record
if no answer, notification message will be left on voice mail (VM) or answering
machine.
if no VM or machine, an e-mail will be sent to the e-mail address of record
if no internet, a written notification will be mailed to address of record
(If notification is due to billing address change, notification will be mailed to previous
address)
-
7/29/2019 Customer Proprietory Network Information Manual1
9/44
CPNIPOLICY MANUAL
NOTICE OF UNAUTHORIZED DISCLOSURE OF CPNI PROCEDURES
Carriers must adhere to a notification process for both law enforcement and customers in the
event of a CPNI breach.
In the event of an unauthorized disclosure, either witnessed by an employee or reported by a
customer, obtain details, document all information, report to the supervisor who will report the
incident to the Regulatory department, who will contact legal counsel for process, that at this
time, is still under evaluation by authorities.
The most challenging portion of this obligation is the determination of when an unauthorized
disclosure occurs and by what means. Usually, if a data broker (a.k.a. pretexter) is involved in
attempting to obtain customers records, the customer would be the last to know about
unauthorized disclosure of his call records. Employees must be alert and adhere to the safeguard
procedures to ensure protection of all customer records. If any employee suspects another of
inappropriately handling any customer CPNI, the actions must be reported immediately to the
supervisor. If a customer calls suspecting that their CPNI was disclosed without authorization,
immediately contact the supervisor. In all cases, the supervisor will notify the Regulatory
department in any incident related to the unauthorized disclosure of a customers CPNI.
CARRIER TO CARRIER PROPRIETARY INFORMATION (CPI)
(WIN-BACK STRATEGIES)
The CPNI Rules state that carrier change request information transmitted to executing carriers
in order to effectuate a carrier change cannot be used for any purpose other than to provide theservice requested by the submitting carrier. Under no circumstances, can any CPI information
be used to win-back or retain a customer.
However, the FCC draws a distinction between "win-back" efforts and "retention" efforts as it
relates to the use of CPNI for marketing purposes.
Win-back is working to regain a customer that has switched to another provider. The FCC
permits the use of CPNI to win-back lost customers. The FCC clarifies that an executing carrier
may rely on its own information regarding carrier changes in win-back marketing efforts, so long
as the information is not derived exclusively from its status as an executing carrier.
Retention is working to change the mind of a customer who is going to, but has not yet,
switched to another provider. Carriers are prohibited from using CPNI to retain those customers,
if what has triggered the retention effort is carrier-to-carrier information (CPI) such as switch,
porting or PIC orders.
Note: The FCC does not presume that any contact with a customer that's changing carriers is a
CPNI violation. The FCC acknowledges that a carrier's retail operations may legitimately obtain
-
7/29/2019 Customer Proprietory Network Information Manual1
10/44
CPNIPOLICY MANUAL
notice that a customer plans to switch carriers, without violating CPNI restrictions on use of
carrier-to-carrier information. In the ordinary course of business, carriers may contact
customers, who in turn inform the company that they are considering changing carriers and
inquire what the company is willing to do to keep them as a customer. Other times, customers
call the company to ask what the company is willing to offer in the line of services and prices inorder to retain their business. Retention efforts under these circumstances are not a violation of
CPNI rules1. If this type of scenario should occur, VGCS requires employees to document the
reason for customer contact, substantiate the origin of the information and record the
retention efforts. If at all possible, the retail employee should record that outbound call.
1. Docket 99-223 para 78.
-
7/29/2019 Customer Proprietory Network Information Manual1
11/44
CPNIPOLICY MANUAL
LIMITED PURPOSE
Section 222 of the Telcom Act 96 restricts the use of CPNI to the limited purpose of providing
the telecommunications services from which the CPNI was derived in the first place. For any
other use, a carrier must first obtain the customers consent before using or disclosing CPNI.
Carriers must send a one-time notice to customers informing them about the FCC CPNI policy
and their right to restrict the Companys use of CPNI. This notification must provide sufficient
information to enable the customer to make an informed decision to permit the Company to use,
disclose, or permit access to CPNI.
WHEN CAN A CARRIER USE CPNI WITHOUT CUSTOMER APPROVAL?
Section 222 (c)(1) of the FCCs CPNI rules describes the circumstances when carriers can use,
disclose or permit access to CPNI without first obtaining customer approval. Carriers are
permitted to use CPNI without customer approval to market improvements or service
enhancements that are related to the customers existing services.
In addition, a carrier can obtain and use CPNI without customer approval to:
bill and collect for telecommunications services;
protect the rights or property of the carrier;
protect users of those services from unlawful or fraudulent use of these services;
provision inside wiring installation, maintenance and repair services.
publish an annual directory
provide CPE or voice mail,
use aggregate customer information with all personally identifiable traits removed.
disclose CPNI to LEC or customers designated agent as required in the course of
business
CUSTOMER NOTIFICATION AUTHORIZING THE USE OF CPNI
Companies that intend to use CPNI for marketing purposes must get a one-time authorization
from the customer to use that information. The Company must send a notification that will:
indicate the scope and duration of the companys use of CPNI,
explain the companys duty to protect the confidentiality of such information,
-
7/29/2019 Customer Proprietory Network Information Manual1
12/44
CPNIPOLICY MANUAL
advise customers of the precise steps that must be taken to grant or deny access to
CPNI,
clearly state that a denial of approval will not affect the provision of any services to
which the customer subscribes.
permit customers to approve via oral, written or electronic means.
For carriers that were previously obligated to obtain prior written authorization from business
customers with more than 20 access lines to use CPNI to market enhanced services, and in
circumstances where a carrier has provided annual notification and received prior written
authorization from those customers, the requirements for notice and approval are satisfied for
those customers.
WHEN DOES A CARRIER NEED CUSTOMER CONSENT TO USE CPNI?
Carriers may NOT use CPNI to market services that fall outside the scope of the customers
existing service relationship without first getting customer approval.
A company may market products related only to those telecommunications services to
which a customer presently subscribes, whether or not those services are provided by a
single company or an affiliated company.
If Carriers want to use CPNI to market additional telecommunications services, that do
not fall within the service category to which the customer currently subscribes, then
customer consent is necessary.
Carriers need prior customer consent to use CPNI to market non-communication related
services, such as Customer Premise Equipment (CPE), or information services, such as
Internet or Digital TV.
If a company affiliate wants to market new products or services to a customer based on
the CPNI of the individual customer, and the customer is not a subscriber of that affiliate,
then the carrier must get customer approval to use CPNI.
If a customer has not purchased CPE or information services from the carrier that is
providing its telecommunications services, the carrier is prohibited from using CPNI tomarket CPE and information services without prior customer approval.
Remember: Customer information derived from the provisioning of any non-telecommunications
service, such as CPE or information services, is not regulated by section 222 (c)( 1). This
customer information is not considered CPNI and may be used to provide or market any
telecommunications service regardless of telecommunications service categories or customer
-
7/29/2019 Customer Proprietory Network Information Manual1
13/44
CPNIPOLICY MANUAL
approval. Therefore, customer consent is not necessary for the use of any customer information
that comes from the sale of CPE or the provisioning of information services.
USING CPNI FOR MARKETING - THE TOTAL SERVICE APPROACH
The FCC has adopted an approach to safeguard CPNI based on the services to which a customersubscribes. This is called the total service approach. This approach permits the use of CPNI
for marketing of telecommunication services, depending on the existing service relationship
between a customer and the carrier.
Telecommunication services are segmented into three category silos, local, long distance and
wireless services. A carrier is allowed to use the customers CPNI for marketing purposes within
the particular silo, to which the customer already subscribes. The carrier may use that
information to market products and services that are directly related to those particular services,
but only those services.
For example: if a customer subscribes to local exchange service but not to long distance service,the company could use any existing information about that customer to market new products,
service enhancements, or other improvements related to the local exchange service, without any
additional customer approval. However, in order to use CPNI to market a service that is outside
the customers existing service relationship, in this example the long distance service, the
company is required to obtain express customer approval to use this information.
When a company wants to use a customers CPNI to market services outside of the existing
service relationship, the company will need the customers consent to do so.
NATURE OF CONSENTS
OPT-IN& OPT-OUT NOTIFICATIONS AND CONSENTS
The FCC has established specific rules governing customer notifications and consents. Two
approaches are available for company use: opt-in and opt-out.
Opt-in consent is required before there can be any CPNI use or disclosure with respect to
marketing other than communications-related services. This approach requires express
LOCAL LONGDISTANCE
WIRELESS
-
7/29/2019 Customer Proprietory Network Information Manual1
14/44
CPNIPOLICY MANUAL
customer consent that is obtained after giving customers actual notification of the intended use of
their CPNI. The consent must be affirmative not passive and must be manifested by a
customer signature, either actual or electronic. Opt-in consent is a tell us we can use
approach, such as no response by the customer means that the CPNI may not be used. In other
words, silence is NOT acceptance. (Opting-in is the more difficult approach because thepotential that CPNI may be more widely disseminated and used by those providing non-
communications related services, thereby justifying the solicitation and receipt of written
consents from customers.) Currently, the Company does not use CPNI for any marketing
requiring an opt-in consent.
Opt-out consent solicited by the Company, is obtained before the Company, or an affiliate
uses customer CPNI to market communications-related services. Individual customers are
notified of the intended use of their CPNI and are given the opportunity to indicate that the
Company may not use their CPNI. Any failure by the customers to respond to the Companys
CPNI notification by opting-out constitutes a knowing consent to the intended use of the
CPNI. (Opting-out is less onerous than opting-in because it is a tell me if we cant use the
CPNI, such that no response on the part of the customer constitutes a known consent to the
intended use.) In other words, silence is acceptance.
Opt-out notifications will be written and delivered by bill insert to affected customers. The
notice will provide information sufficient to enable customers to make informed decisions as to
whether to permit the Company to use, disclose, or permit access to the their CPNI. The notice
will inform customers of their ability to opt-out at no additional cost and at any time.
After notice is delivered to customers, the Company will wait at least 30 days before assumingconsent. (The 30-day timeframe begins on the third day after the notice is mailed.)
A copy of the a sample Opt-Out notice is listed in the Attachments to this policy manual. If
the Company decided to use this approach to marketing, an opt-out refresher notice must be
mailed every two years.
ORAL NOTIFICATION AND CONSENT
The FCCs rules allow carriers to seek and obtain consent to use CPNI for the limited purpose of
marketing to customers and prospective customers via inbound or outbound telephone calls,
provided that such calling is pre-approved, documented and records of marketing activities are
retained for at least one year. CSRs will obtain one time approval to up-sell services on in-bound
calls and records the consent in the customer account logs.
A script for the conduct of such calls is listed on page 19.
-
7/29/2019 Customer Proprietory Network Information Manual1
15/44
CPNIPOLICY MANUAL
CUSTOMER CONSENT STATUS
All customers received an opt-out CPNI notification in their November 2007 bill statements.
(A copy of that notification is appended hereto for reference) If the Company does not receive a
response from the customer within 33 days of the mailing of the notification, the Company will
consider the customer as consenting to the use of its CPNI in marketing campaigns. This is opt-out consent and the customer always has the option of withdrawing that consent by notifying
the company by telephone or e-mailat [email protected]. The CSR will enter the
consent status in the assigned field. All new customers will receive the CPNI notification as a
bill page insert in their first statement.
The consent field is established with a post-it note icon in the software Profile screen for easy
review by CSR to know the customers consent status.
USE OF CPNI IN COMPANY MARKETING PLANS
The FCCs CPNI rules govern the protection of the customers privacy, and specifically address
the use of customer information in marketing new services or products. Essentially, every
company must now determine whether the Companys use of CPNI in its marketing plans
protects the customers privacy according to the guidelines set forth by the FCC.
Marketing plans that do not use CPNI, or are not customer-specific, or are addressed to all
customers in the database or random individuals, are not subject to CPNI regulations.
Marketing plans that use the individuals customer information to target market new services and
products, and the services and products are NOT related to those to which the customer presently
subscribes, need to have prior customer consent or the campaign will be in violation of the CPNI
regulations and subject to enforcement proceedings.
Marketing plans that use CPNI can be developed without customer notification or consent when:
An employee responds to a customer inquiry regarding existing services to which
they currently subscribe.
The Company intends to market any services the company offers currently or in the
future to ALL current customers, or any randomly selected group of customers.
The company uses customer information from information services. This includes
such services as voice mail, Internet access and Digital TV services. These are
services provided to consumers independently of their telecommunications service
and are not necessary to the provision of the customers telecommunications service.
mailto:at%[email protected]:at%[email protected]:at%[email protected] -
7/29/2019 Customer Proprietory Network Information Manual1
16/44
CPNIPOLICY MANUAL
In addition, all companies, whether or not they use CPNI in marketing services, must have a
marketing plan and supervisory review process in place to be in compliance with the FCCs
CPNI regulations.
OUTBOUND MARKETING AND THIRD PARTY USE
The Company neither provides CPNI to third parties nor uses it to out-bound marketing calls at
this time.
CUSTOMER AUTHORIZATION TO RELEASE CPNI TO A THIRD PARTY
If a customer wants to allow a third party, such as a Competitive Local Exchange Company, to
have access to his/her CPNI, authorization to release the CPNI must be given to the company
who presently has that information.
SUPERVISORY REVIEW PROCESS
The Marketing Manager will fulfill the role of CPNI Compliance Manager and will have the
following responsibilities:
Review and approve all marketing plans developed by company employees on behalf of
the company.
Review any request by marketing personnel to use CPNI for outbound marketing
purposes.
Maintain record of all sales and marketing campaigns that use CPNI for at least one year.These records include CPNI used by an affiliate.
Develop internal procedures to train all employees in the use of CPNI for marketing
purposes.
Assure complete compliance with the federal CPNI regulations with regard to the use or
non-use of CPNI and the need for prior customer consent.
Verify to the Company President, who signs the annual CPNI certification form, that
every marketing campaign is in compliance with the CPNI regulations.
EMPLOYEE TRAINING AND DISCIPLINE FOR MISUSE
Employees are trained on the rules regarding the use of CPNI, as implemented by the Company,
the guidelines established in this Policy and Practices statement, and the consequences of any
misuse. New employees are trained during their orientation.
-
7/29/2019 Customer Proprietory Network Information Manual1
17/44
CPNIPOLICY MANUAL
Any employee found violating the Companys CPNI Polices and Practices is subject to
disciplinary action ranging from written warnings to discharge, depending on the nature,
frequency, and severity of the violation(s).
Employees are also advised that Congress has recently enacted civil penalties against the act of
pretexting by data-brokers. Any employee who willfully violates the CPNI regulations may alsobe subject to the penalties of civil litigation.
ELECTRONIC SAFEGUARDS
The FCC also requires all telecommunications carriers to implement effective electronic
safeguards to protect unauthorized access to CPNI by employees, agents or unaffiliated third
parties. In addition, companies are required to track all customer accounts regarding use of
CPNI. Specifically, the Company has complied with its requirement to:
Develop and implement software systems that flag customer service records inconnection to CPNI; this flag would indicate whether a customer has approved the
marketing use of his or her CPNI.
Maintain an electronic audit mechanism (audit trail) that tracks access to customer
accounts. Information recorded would include when a customers record is opened,
by whom, and for what purpose.
ANNUAL CPNI CERTIFICATION
The Company must file an annual CPNI certification with the FCC, signed by an officer of thecompany, including a detailed support statement of how the CPNI rules are enforced within the
company procedures, and an explanation of any actions taken against so-called data brokers
engaging in pretexting, ( if any). The certification must also include a summary of all consumer
complaints received in the previous year regarding the unauthorized release of CPNI, (if any).
The Regulatory department will fulfill this annual requirement.
VIOLATION OF CPNI RULES
Violation of the CPNI rules could occur as a result of ignorance of their existence and/or
application or as a result of willful intent on the part of a carrier not to comply with them. The
primary rules associated with enforcement action is listed under CPNI-FCC RULES, following.
The FCC is strengthening its enforcement of the CPNI rules and what once was considered as
ignorance, or an unintentional violation of CPNI rules, and therefore not subject to enforcement
proceedings, will not be tolerated on a go-forward basis. The FCC regards the privacy issue"
associated with CPNI very seriously and will enact undercover activities, by hiring pre-texters, to
test how telephone companies are adhering to the new rules.
-
7/29/2019 Customer Proprietory Network Information Manual1
18/44
CPNIPOLICY MANUAL
Enforcement proceedings will initiate as a meeting between the carrier and the FCC, followed
by a Letter of Inquiry (LOI), Request for Information (RFI), subpoena or all three. If any of these
documents are received by departments outside of Regulatory, please forward them immediately
to the Regulatory Department. The willful or deliberate violation of CPNI rules or failure to
respond to LOI or RFI could result in substantial fines and forfeitures. Moreover, and in addition
to dollar forfeitures, it is possible that, in egregious instances of wrongdoing, a carrier could lose
its licenses and, thus, its business altogether, and criminal charges could be brought against the
officers and directors of a company. The penal provisions in the Communications Act speak to
fines and jail time per incident, although it is rare that these are ever invoked.
The FCC's enforcement procedure involves an initial determination, after investigation, that a
carrier has failed to comply with a rule. The facts usually disclose whether the failure was
willful or deliberate. The FCC then issues a "Notice of Apparent Liability" in which it sets forth
its findings and proposes a forfeiture amount, as explained below. The target then has an
opportunity to prove its innocence or, otherwise, negotiate a dollar settlement with the FCC. If a
settlement is reached, the parties then enter into a "consent judgment" in which the target
promises never again to violate the rules and, significantly, makes a "voluntary" contribution into
the U.S. Treasury based on its negotiation with the FCC.
As to forfeiture amounts, the FCC has established "forfeiture guidelines" to be used in
appropriate circumstances. The rules provide that for a common carrier, "the amount of any
forfeiture penalty ... shall not exceed $150,000 for each violation or each day of a continuing
violation, except that the amount assessed for any continuing violation shall not exceed a total of
$1,500,000 for any single act or failure to act ...." That provision sets a "cap" or "ceiling"
beyond which fines may not be increased. The actual amount to be assessed may be affected by
the FCC's taking into account "the nature, circumstances, and gravity of the violations and, with
respect to the violator, any history of prior offenses, ability to pay, and such other matters as
justice may require." All these factors will be taken into account by the FCC in setting the
violation amount.
The FCC has established guidelines for particular violations, e.g., "slamming" ($7,000 per
incident), but none addresses the violation of a CPNI rule. Even this amount, once established,
may be adjusted upwards or downwards based on the particular facts in a case.
-
7/29/2019 Customer Proprietory Network Information Manual1
19/44
CPNIPOLICY MANUAL
CUSTOMER NOTIFICATION
REGARDING CUSTOMER PROPRIETARY NETWORK INFORMATION (CPNI)
(Enclosed in customers November 2007 bill statement)
(Will be enclosed in the first statement for all new customers)
Important Customer Notice
VGCS employs comprehensive safeguards to protect the privacy of your information under federal law.
The Federal Communications Commission (FCC) requires VGCS to notify all customers of their
additional rights to restrict the use of their Customer Proprietary Network Information (CPNI).
What is Customer Proprietary Network Information (CPNI)?
CPNI is simply defined as a customers individual information that relates to the quantity, technical
configuration, type, destination and amount of use of your telecommunications service, including the
information contained in your bill. CPNI does not include your published directory information or any
information that is already in the public domain, such as your name, address or published telephonenumber:
Examples of CPNI include information about which services you purchase, the amount of your long
distance bill or call detail information. These examples are the kind of information that VGCS possesses
because we need that information to serve you.
Permitted Use of CPNI by VGCS Without Your Permission
CPNI can be used for certain purposes without your permission. CPNI may be used to offer you new or
enhanced services, such as speed calling, call forwarding or caller ID, that are related to the services to
which you currently subscribe or to respond to your inquiry regarding services which you currently use.CPNI may also be used for company functions related to billing and collection, repair and maintenance,
installation of inside wiring, to protect the property of VGCS and to prevent fraud.
Opt-Out Consent for Marketing Communication
We are sending this notification regarding your CPNI rights because we need your consent to use this
information to provide you with marketing information for new and progressive communications services
that we offer.. You need to respond only if you do not wish to give us permission to use your information
in our marketing plans. These plans may include using your information to contact you about Digital TV,
High-Speed DSL, Home Networking Services, Internet Content, Select Packages and other new services.
You need to respond only if you wish to deny permission to use your information in our marketing plans.
If you have not denied consent within 30 days, VGCS will be authorized use your CPNI for marketing
purposes.
In addition to your right to disapprove of the use of CPNI as set forth above, and you may withdraw
consent at any time by notifying us in writing at [email protected]. Your consent will
remain valid until we receive a notice withdrawing consent. If you deny consent for use of your CPNI, it
will not effect our provisioning your services.
mailto:at%[email protected]:at%[email protected] -
7/29/2019 Customer Proprietory Network Information Manual1
20/44
CPNIPOLICY MANUAL
Notice (contd)
This notification was sent in all customers November 2007 bill statement and will be enclosed
in the first bill of every new customer. i
FCC STRENGTHENING PRIVACY RULES
The Federal Communications Commission has strengthened its privacy rules by requiring telephone and
wireless carriers to adopt additional safeguards to protect personal telephone records of consumers from
unauthorized disclosure. The new safeguards include not releasing call detail information during a
customer-initiated telephone call unless the customer provides a password. In order to comply with these
new requirements, VGCS will implement new procedures effective December 8, 2007.
As you have contact with VGCS over the course of the next few months you may be asked to complete
the password set-up process. We encourage all customers to set up a password on their account to ensure
full access to account information over the phone. Furthermore, such password protection will better
allow us to serve your needs in the manner that works for you. If there is no password established foryour account, VGCS will be required to wither mail the information to the address of record or to call
the customer at the telephone of record. Access to personal telephone records at our retail offices will
require presentation of a valid government issued photo ID. Ensuring the privacy of your information is
very important to VGCS and though the password set-up may seem cumbersome, it is designed to protect
your information from those who might try to gain access to it.
If you have questions, please contact Customer Care at 540-463-4451
. Thank you for your cooperation.
-
7/29/2019 Customer Proprietory Network Information Manual1
21/44
CPNIPOLICY MANUAL
INBOUND/OUTBOUND CUSTOMER CALLS
VERBAL NOTIFICATION OF CUSTOMER RIGHTS FOR LIMITED USE OF CPNI FOR
THE DURATION OF THE CALL
Under federal and state law, you have the right - and the Company has a dutyto protect the
confidentiality of information about your telecommunications services that is collected in the
normal course of our business relationship, including information about how many
telecommunication services you have, which services and features you use, how many calls you
make, what time of day you make most calls, and the related billing for these services.
With your permission, I can obtain access to and use your information for the duration of this
call to inform you of services provided by the Company or an affiliate. Do I have your
permission for such limited, one-time use?
Your decision to grant or deny permission will not affect the service you receive.
The Company respects your privacy, and will not sell, trade or share your confidential
information with unaffiliated third parties without your approval, except as required by law.
-
7/29/2019 Customer Proprietory Network Information Manual1
22/44
CPNIPOLICY MANUAL
CPNI Customer Authorization for Release of CPNI
(WRITTEN AUTHORIZATION)
I authorize VGCS to release any information in its possession protected under the FederalCommunications Commission (FCC) CPNI rules. I have read the customer notification
information and understand my rights under FCC CPNI rules. I understand that I may limit orrevoke this authorization at any time upon proper notice to VGCS. My authorization is effectiveuntil I revoke it.
Customer Name:
Address:
Phone #:
Date:
Signature:
Please return this customer authorization to our business office at:
VGCS Customer Care Center
30 Crossing Lane
Lexington, VA 24450
Facsimile copies can be sent to: VGCSFAX
Number: (540) 463-4438
-
7/29/2019 Customer Proprietory Network Information Manual1
23/44
CPNIPOLICY MANUAL
CPNI Customer Authorization for Release of CPNI
Script
(TELEPHONE AUTHORIZATION)
(To be read by employee to customer via telephone. If customer has questions, employee may need to refer to the
Customer Notification Regarding CPNI section. This information must be verified by either an independent third
party, such as audio-taping, independent verification company or authorized company employee.)
Employee:
I understand that you are interested in giving VGCS your permission to use your customer
proprietary network information. This information may be used to market new services that may
be of interest to you. If you are interested in authorizing VGCS to use this information, I have an
authorization form that I need to read to you that will give us your permission. Also, thisconversation is recorded for verification purposes OR for independent, third party
verification.
If you have no further questions about this information or how companies can use this
information, I will read the following statement. If you agree with it, I will then sign it and will
then have a supervisor sign it.
If customer agrees, employee will continue and read the following:
I authorize VGCS to use any information in its possession protected under FCC CPNI rules. I
understand my rights under Federal CPNI rules. I understand that I may limit or revoke this
authorization at any time upon proper notice to VGCS.
Customer Information:
Name: Phone:
Address: Date:
Signed: _________________________________________ Job Title:
(company employee)
Date:
-
7/29/2019 Customer Proprietory Network Information Manual1
24/44
CPNIPOLICY MANUAL
SCRIPT FOR WIN-BACK MARKETING
Hello, this is _______________________________ from VGCS.
We noticed that you recently disconnected service with us. In order for us to improve ourservices with our customers, your feedback would be very helpful. Would you be able to answer
a couple questions for us?
Customer Response:
NoCSR: Okay. Before you go, we just wanted to let you know that we have {
INSERT CURRENT MARKETING PLAN HERE}. Please take a look at what you are
paying currently and see if VGCS can save you some money. We appreciated you as a
customer and hope that we can do business with you in the future.
YesCSR: Thank you. What was the main reason for leaving VGCS?
Customer Response:
New Carrier had cheaper rates/prices Go to line 1
New Carrier had a bundle with cable and phone Go to line 1
Other price related responsesGo to line 1
Quality of service/service issuesGo to line 2
1. Thank you for taking the time to talk to us. If we offered you a phone package that included
{Insert marketing plan here} would you switch back to VGCS? (includes free activation)
Customer Response:
YesCSR: Great! It will only take a few minutes to get you switched back to VGCS.
We also have a new DSL package {insert latest offering here} includes
free activation). Would you be interested in signing up for High-Speed DSL today?
YesCSR: Great! Thank you for switching back to VGCS. It will just take a few minutesto get you signed up for our new services.
NoCSR: Okay. Thank you again for signing up on our {marketing plan}.
NoCSR: If we offered a DSL package with {Latest offering}(includes free activation),
would you switch back to VGCS?
-
7/29/2019 Customer Proprietory Network Information Manual1
25/44
CPNIPOLICY MANUAL
NoCSR: Okay. We appreciated you as a customer and hope that we can do
business with you in the future.
YesCSR: Great! Thank you for switching back to VGCS. It will just take a
few minutes to get you signed up for our new DSL Basic package for {latestoffering}.
SCRIPT FOR WIN-BACK MARKETING (Contd)
2. If the customer had quality/service issues, please document the problems that occurred and
why they left. Apologize for the service quality and explain that we strive to provide the best
service possible to our customers and ask if there is anything we can do to win them back as a
customer. If they are open to switching back for better service and pricing, please refer to #1.
If they dont want to switch back:
CSR: We appreciated you as a customer and hope that we can do business with you in the
future.
-
7/29/2019 Customer Proprietory Network Information Manual1
26/44
CPNIPOLICY MANUAL
EXAMPLE of CPNI Certification
December XX, 200X
The undersigned _____________________________________________ is president of
VGCS, 30 Crossing Lane Suite 206 Lexington, VA 24450, and provides this Certification of
CPNI Compliance for 2006 in accord with 47 CFR 64.2009(e).
Our Company has established operating procedures that are adequate to ensure its compliance
with the rules in Title 47Telecommunications, Section 64.2009.
Furthermore I am certifying that I have personal knowledge of these procedures, that our
Companys personnel are trained on these procedures, and that these procedures are in fact
insuring that our Company is in compliance with the rules in Title 47Telecommunications ,
Section 64.2009.
The attached Statement demonstrates such compliance.
President
Dated:
Attachment
-
7/29/2019 Customer Proprietory Network Information Manual1
27/44
CPNIPOLICY MANUAL
CPNI SUPPORT STATEMENT
The operating procedures of Virginia Global Communications Systems (VGCS), is designed to
ensure compliance with the CPNI rules applicable to them. Such procedures are as follows.
CPNI Use
(1) We use, disclose or permit access to CPNI to protect our rights and property, our
Customers, and other carriers from fraudulent, abusive or unlawful use of, or
subscription to, our services.
(2) We use, disclose or permit access to CPNI to provide or market service offerings among
the categories of servicelocal, and interexchange - to which the Customer already
subscribes. When we provide different categories of service, and a Customer subscribes
to more than one service category, we share the Customers CPNI with the affiliate that
provides service to the Customer; but if a Customer subscribes to only one service
category, we do not share the customers CPNI with an affiliate without the Customers
approval.
(3) We use, disclose or permit access to CPNI derived from our provision of local exchange
or interexchange service for the provision of CPE and call answering, voice mail or
messaging, voice storage and retrieval services, fax store-and-forward, and protocol
conversion, without Customer approval.
(4) Without Customer approval, we do not use, disclose or permit access to CPNI to provideor market service offerings within a category of service to which the Customer does not
already subscribe, except that we use, disclose or permit access to CPNI to: (a) provide
inside wiring installation, maintenance and repair services; and (b) market, when we
provide local service or interexchange services formerly known as adjunct-to-basic
services such as, but not limited to, speed dialing, computer-provided directory
assistance, all monitoring, call tracing, call blocking, call return, repeat dialing, call
tracking, call waiting, caller ID, call forwarding, and certain Centrex features.
(5) We do not use, disclose or permit access to CPNI to identify or track Customers that call
competing service providers. For example, as a local exchange carrier, we do not uselocal service CPNI to track Customers that call local service competitors.
-
7/29/2019 Customer Proprietory Network Information Manual1
28/44
CPNIPOLICY MANUAL
CPNI Approvals
(1)When Customer approval to use, disclose or permit access to Customer CPNI is required,
we obtain approval through written, oral or electronic methods. If we rely on oral
approval, we understand we bear the burden of demonstrating that such approval was
given in compliance with the CPNI rules. We honor a Customers approval or
disapproval until the Customer revokes or limits such approval or disapproval. We
maintain all records of Customer approvals for at least one year.
(2)Subject to opt-out approval requirements, we use a Customers individually
identifiable CPNI to market communications-related services to that Customer, and we
disclose that CPNI to our affiliates that provide communications-related services. We
also allow these to obtain access to such CPNI to market communications-related
services.
(3)If we disclose or allow access to Customers individually identifiable CPNI to our joint
venturers or independent contractors, we will require, in order to safeguard that
information, their entry into confidentiality agreements that: (a) require their use of the
CPNI only for the purpose of marketing or providing the communications-related
services for which the CPNI has been provided; (b) disallow their permitting any other
party to use, allow access to, or disclose the CPNI to any other party, unless they are
required to make disclosure under force of law; and (c) require that they have in place
appropriate protections to ensure the ongoing confidentiality of the CPNI.
CPNI Notice Requirements
(1)We individually notify and inform each Customer of his or her right to restrict the use or
disclosure of, and access to, CPNI along with a solicitation of approval, and we maintain
records of that notification, whether oral or written, for at least one year.
(2)Our notifications provide information sufficient to enable our Customers to make
informed decisions as to whether to permit the use or disclosure of, or access to, their
CPNI. Our notifications: (a) contain a statement that the Customer has a right, and we
have a duty, under federal law, to protect the confidentiality of CPNI; (b) specify thetypes of information that constitute CPNI and the specific entities that will receive CPNI,
describe the purposes for which the CPNI will be used, and inform the Customer of his or
her right to disapprove those uses and deny or withdraw access to CPNI use at any time.
With regard to the latter, we indicate that any approval, or disapproval, will remain in
effect until the Customer affirmatively revokes or limits such approval or denial.
-
7/29/2019 Customer Proprietory Network Information Manual1
29/44
CPNIPOLICY MANUAL
(3) We advise the Customer of the precise steps the Customer must take in order to grant or
deny access to CPNI, and we clearly state that a denial of approval will not affect the
provision of any services to which the Customer subscribes. However, we may provide a
brief statement, in clear and neutral language, that describes the consequences directly
resulting from the lack of access to CPNI. In addition, we may state that the Customersconsent to use his or her CPNI may enhance our ability to offer products and services
tailored to meet the Customers needs and that we will disclose the Customers CPNI to
any person upon the affirmative written request of the Customer.
(4)Our notifications are comprehensible and not misleading and, if written, are legible,
sufficiently in large type, and placed in an area readily apparent to the Customer. And, if
any portion of a notification is in another language, all portions of the notification will be
in that language.
(5)We do not include in the notification any statement that attempts to encourage a
Customer to freeze third-party access to CPNI.
(6)For opt-out approvals, our notifications satisfy (1) (5). We do not use oral
notifications except to obtain limited, one-time use of CPNI for inbound and outbound
customer telephone contacts for the duration of the call. When we use oral notice in this
manner, we comply with (1)(5), except that, if none of the following situations are
relevant to the limited use for which we seek CPNI, we will not: (a) advise Customers, if
they have opted out previously, that no action is needed to maintain the opt-out
election; (b) advise Customers that we may share CPNI with our named or unnamed
affiliates or third parties if the limited CPNI usage does not result in use by, or disclosure
to, an affiliate or third party; (c) disclose the means by which a Customer can deny or
withdraw future access to CPNI, so long as we explain that the scope of the approval is
limited to one-time use; and (d) disclose the precise steps a Customer must take to grant
or deny access to CPNI, so long as we clearly communicate that the Customer can deny
access to his or her CPNI for the call.
(7)In addition, for opt-out approvals, we wait at least 30 days aftergiving Customers
notice and an opportunity to opt-out before assuming Customer approval to use, disclose,
or permit access to CPNI and notify Customers of the applicable waiting period for a
response before approval is assumed. For electronic notifications, we recognize that the
waiting period begins to run on the date the notification is sent and, for mail notifications,
it begins to run on the third day following the date the notification was mailed. For e-
mail opt-out notices, in addition to other requirements, we: (a) obtain express, verifiable,
prior approval to send notices by e-mail regarding their service in general or their CPNI,
in particular; (b) allow Customers to reply directly to e-mails in order to opt-out; (c) use
another means of communicating the notice if the e-mail is returned as undeliverable
-
7/29/2019 Customer Proprietory Network Information Manual1
30/44
CPNIPOLICY MANUAL
before considering the Customer to have received notice; and (d) ensure that the subject
line in the e-mail clearly and accurately identifies the subject matter of the e-mail.
(8)In addition, for opt-out approvals, we provide notices to our customers every two years,
and we make available to every customer a method to opt-out that is of no additional cost
to the Customer and is available 24 hours a day, seven days a week. We may satisfy this
requirement through a combination of methods, but we allow Customers to opt-out at no
cost and whenever they choose.
(9) For opt-in approvals, we provide notification to Customers through oral, written or
electronic methods that satisfy the requirements of (1)(5).
CPNI Safeguards
(1)We have implemented a system by which the status of a Customers CPNI approval can
be clearly established prior to the use of the CPNI.
(2)We have trained our personnel as to when they are, and are not, authorized to use CPNI,
and we have an express disciplinary process in place to deal with employee failures.
(3)We maintain a record of our own and our affiliates sales and marketing campaigns that
use Customers CPNI. The record includes a description of each campaign, the specific
CPNI that was used in the campaign, and what products and services were offered as part
of the campaign. We retain these records for at least one year.
(4)We have established a supervisory review process regarding compliance with the CPNIrules for outbound marketing situations and we maintain compliance records for at least
one year. Specifically, our sales personnel obtain supervisory approval of any proposed
outbound marketing request for customer approval of the use of CPNI.
(5)We have a corporate officer who acts as agent for the Company and signs a compliance
certificate on an annual basis stating that the officer has personal knowledge that the
Company has established operating procedures adequate to ensure compliance with
applicable CPNI rules. We provide a Statement accompanying the Certificate that
explains our operating procedures and demonstrates compliance with the CPNI rules.
(6)We are prepared to provide written notice within five business days to the FCC of any
instance where the opt-out mechanisms do not work properly to such a degree that
consumers inability to opt-out is more than an anomaly. That notice would be in the
form of a letter and would include the Companys name, a description of the opt-out
mechanism(s) used, the problem(s) experienced, the remedy proposed and when it would
be/was implemented, whether relevant state commission(s) were notified and what action
was taken, a copy of any notice provided to customers, and contact information. We
-
7/29/2019 Customer Proprietory Network Information Manual1
31/44
CPNIPOLICY MANUAL
would submit the notice even if other methods by which consumers may opt-out were
offered.
CPNI DEFINITIONS
Employee: a person hired to perform work on behalf of the company. The employee is either
directly employed by the Company or is employed by an Affiliate of the company and is
performing work on behalf of, and charging time to, the accounts of the company.
Telecommunications Carriers: includes telephone companies, wireline carriers, and service
providers, local exchange carriers, interexchange carriers, competitive access providers, operator
service providers, telephone operators, wireless carriers, cellular service carriers, mobile service
carriers, broadband PCS licensees, SMR licensees and resellers. All rules regarding CPNI apply
to all telecommunications carriers. This does not include aggregators of telecommunicationsservices
Telecommunications Services: distinct telecommunications offerings of a telecommunications
carrier which can be further classified into one of the three service groups as defined within,
and for the sole purpose of, these CPNI rules. The following are related service group categories:
local exchange service,
toll service, or
Commercial Mobile Radio Service (CMRS).
Customer Premise Equipment (CPE): any equipment employed on the premises of a person to
originate, route, or terminate telecommunications.
Customer Proprietary Network Information (CPNI): the information that is extremely
personal to customers as well as commercially valuable to carriers. This includes such
information as to whom, where and when a customer places a call, as well as the types of service
offerings to which the customer subscribes and the extent to which the service is used.
Aggregate Customer information: the collective data that relates to a group or category of
services or customers from which individual customer identities and characteristics have been
removed.
Subscriber List Information: although contains individually identifiable information, it is
defined in terms of public (not private) information including the listed names, numbers,
-
7/29/2019 Customer Proprietory Network Information Manual1
32/44
CPNIPOLICY MANUAL
addresses or classifications that the carrier or an affiliate has published, caused to be published or
accepted for publication in any directory format.
Information Services: involve the offering of a capability for generating, acquiring, storing,
transforming, processing, retrieving, utilizing, or making available information via
telecommunications. This includes such services as call answering, voice mail or messaging,
voice storage and retrieval services, fax store and forward and Internet access services. These are
services that are provided to consumers independent of their telecommunications service and are
not necessary to the provision of the customers telecommunications service.
Customer information: there are three categories of customer information to which different
privacy and carrier obligations apply:
Individually identifiable CPNI
Aggregate customer information
Subscriber list information
Services which cannot be classified into one of the three groupings listed in this section of the
rules, such as yellow-page listings or CPE sales, are not telecommunications services. As such,
use of CPNI to market such non-telecommunications services is prohibited unless notification
and authorization by customers has been secured
NOTE: The definitions of the terms employee and service as used for the purpose(s)defined within this section of the Company policy manual are used solely for the purpose(s)
defined within this section of the policy manual and have no effect on the terms employeeor
service as those terms may be used in other sections of this manual, or other company
documents.
-
7/29/2019 Customer Proprietory Network Information Manual1
33/44
CPNIPOLICY MANUAL
CPNI FCC RULES
47 CFR Part 64-- MISCELLANEOUS RULES RELATING TO COMMON CARRIERS
Subpart U --Customer Proprietary Network Information
64.2001 Basis and Purpose.
(a)Basis. These rules in this subpart are issued pursuant to the Communications Act of 1934, as
amended.
(b)Purpose. The purpose of these rules in this subpart is to implement section 222 of the
Communications Act of 1934, as amended, 47 U.S.C. 222.
64.2003 Definitions.
Terms used in this subpart have the following meanings:
(a)Account information. Account information" is information that is specifically connected tothe customer's service relationship with the carrier, including such things as an account number
or any component thereof, the telephone number associated with the account, or the bill's
amount.
(b)Address of record. An address of record," whether postal or electronic, is an address thatthe carrier has associated with the customer's account for at least 30 days.
(c)Affiliate. An affiliate is an entity that directly or indirectly owns or controls, is owned orcontrolled by, or is under common ownership or control with, another entity.
(d)Call detail information. Any information that pertains to the transmission of specifictelephone calls, including, for outbound calls, the number called, and the time, location, or
duration of any call and, for inbound calls, the number from which the call was placed, and the
time, location, or duration of any call.
(e)Communications-related services. The term communications-related services meanstelecommunications services, information services typically provided by telecommunicationscarriers and services related to the provision or maintenance of customer premises equipment.
(f) Customer. A customer of a telecommunications carrier is a person or entity to which thetelecommunications carrier is currently providing service.
(g)Customer proprietary network information (CPNI). Customer proprietary networkinformation (CPNI) is:
-
7/29/2019 Customer Proprietory Network Information Manual1
34/44
CPNIPOLICY MANUAL
(1) information that relates to the quantity, technical configuration, type, destination, and
amount of use of a telecommunications service subscribed to by any customer of a
telecommunications carrier, and that is made available to the carrier by the customer
solely by virtue of the customer-carrier relationship;
(2) information contained in the bills pertaining to telephone exchange service or
telephone toll service received by a customer of a carrier. Customer proprietary
network information does not include subscriber list information.
(h)Customer premises equipment (CPE). Customer premises equipment (CPE) is equipmentemployed on the premises of a person (other than a carrier) to originate, route, or terminate
telecommunications.
(i)
Information services typically provided by telecommunications carriers. The phraseinformation service typically provided by telecommunications carriers means only those
information services that are typically provided by telecommunications carrier, such as Internet
access or voice mail services that offer a capability for generating, acquiring, storing,
transforming, processing, retrieving, utilizing, or making available information via
telecommunications and includes electronic publishing, but does not include any use of any such
capability for the management, control, or operation of a telecommunications system or the
management of a telecommunications service.
(j) Local exchange carrier (LEC). A local exchange carrier (LEC) is any person that isengaged in the provision of telephone exchange service or exchange access. For purposes of thissubpart, such term does not include a person insofar as such person is engaged in the provision of
commercial mobile service under 47 U.S.C. 332(c).
(k)Opt-In Approval. The term opt-in approval refers to a method for obtaining customerconsent to use, disclose, or permit access to the customers CPNI. This approval method
requires that the carrier obtain from the customer affirmative, express consent allowing the
requested CPNI usage, disclosure or access after the customer is provided appropriate
notifications of the carriers request consistent with the requirements set forth in this subpart.
(l) Opt-Out Approval. The term opt-out approval refers to a method for obtaining customerconsent to use, disclose, or permit access to the customers CPNI. Under this approval method, a
customer is deemed to have consented to the use, disclosure, or access to the customers CPNI if
the customer has failed to object thereto within the waiting period after the customer is provided
appropriate notification of the carriers request for consent.
-
7/29/2019 Customer Proprietory Network Information Manual1
35/44
CPNIPOLICY MANUAL
(m)Readily available biographical information. Readily available biographical information"is information drawn from the customer's life history and includes such things as the customer's
social security number, or the last four digits of that number; mother's maiden name; home
address; or date of birth.
(n) Subscriber list information (SLI). Subscriber list information (SLI) is any information:
(1) identifying the listed names of subscribers of a carrier and such subscribers telephone
numbers, addresses, or primary advertising classifications (as such classifications are
assigned at the time of the establishment of such service), or any combination of such
listed names, numbers, addresses, or classifications;
(2) that the carrier or an affiliate has published, caused to be published, or accepted for
publication in any directory format.
(o) Telecommunications carrier. A telecommunications carrier is any provider of
telecommunications services, except that such term does not include aggregators of
telecommunications services (as defined in 47 U.S.C. 226(a)(2)).
(p) Telecommunications service. The term telecommunications service" has the same
meaning given to such term in section 3(46) of the Communications Act of 1934, as amended, 47
U.S.C. 153(46).
(q) Telephone number of record. The telephone number associated with the underlying
service, not the telephone number supplied as a customer's contact information."
(r) Valid photo ID. A valid photo ID" is a government-issued means of personal identificationwith a photograph such as a driver's license, passport, or comparable ID that is not expired.
64.2005 Use of Customer Proprietary Network Information Without Customer Approval
(a) Any telecommunications carrier may use, disclose, or permit access to CPNI for the purpose
of providing or marketing service offerings among the categories of service (i.e., local,
interexchange, and CMRS) to which the customer already subscribes from the same carrier,
without customer approval.
(1) If a telecommunications carrier provides different categories of service and a
customer subscribes to more than one category of service offered by the carrier, the
carrier ispermitted to share CPNI among the carriers affiliated entities that provide a
service offering to the customer.
(2) If a telecommunications carrier provides different categories of service, but a
customer does not subscribe to more than one offering by the carrier, the carrier is not
permitted to share CPNI among the carriers affiliated entities.
-
7/29/2019 Customer Proprietory Network Information Manual1
36/44
CPNIPOLICY MANUAL
(b) A telecommunications carrier may not use, disclose, or permit access to CPNI to market to a
customer service offerings that are within a category of service to which the customer does
not already subscribe from that carrier, unless the carrier has customer approval to do so,
except as described in paragraph (c) of this section.
(1) A telecommunications carrier may use, disclose, or permit access to CPNI derivedfrom its provision of local service, interexchange service, or CMRS, without
customer approval, for the provision of CPE and information services, including call
answering, voice mail or messaging, voice storage and retrieval services, fax store
and forward, and Internet access services.
(2) A telecommunications carrier may not use, disclose, or permit access to CPNI to
identify or track customers that call competing service providers. For example, a
local exchange carrier may not use local service CPNI to track all customers that call
local service competitors.
(c) A telecommunications carrier may use, disclose, or permit access to CPNI, without customer
approval, as described in this subparagraph.
(1) A telecommunications carrier may use, disclose, or permit access to CPNI, without
customer approval, in its provision of inside wiring installation, maintenance, and
repair services.
(2) CMRS providers may use, disclose, or permit access to CPNI for the purpose of
conducting research on the health effects of CMRS.
(3) LECs and CMRS providers and entities that provide interconnected VoIP service
may use CPNI, without customer approval, to market services formerly known as
adjunct-to-basic services, such as, but not limited to, speed dialing, computer-
provided directory assistance, call monitoring, call tracing, call blocking, call return,
repeat dialing, call tracking, call waiting, caller I.D., call forwarding, and certain
Centrex features.
(d) A telecommunications carrier may use, disclose, or permit access to CPNI to protect the
rights or property of the carrier, or to protect users of those services and other carriers from
fraudulent, abusive or unlawful use of, or subscription to, such services.
64.2007 Approval required for Use of CPNI
(a) A telecommunications carrier may obtain approval through written, oral or electronic
methods.
-
7/29/2019 Customer Proprietory Network Information Manual1
37/44
CPNIPOLICY MANUAL
(1) A telecommunications carrier relying on oral approval shall bear the burden of
demonstrating that such approval has been given in compliance with the
Commissions rules.
(2) Approval or disapproval to use, disclose, or permit access to a customers CPNI
obtained by a telecommunications carrier must remain in effect until the customerrevokes or limits such approval or disapproval.
(3) A telecommunications carrier must maintain records of approval, whether oral,
written or electronic, for at least one year.
(b) Use of Opt-out and Opt-In Approval Processes. A telecommunications carrier may, subject
to opt-out approval or opt-in approval, use its customer's individually identifiable CPNI for the
purpose of marketing communications-related services to that customer. A telecommunications
carrier may, subject to opt-out approval or opt-in approval, disclose its customer's individually
identifiable CPNI, for the purpose of marketing communications-related services to thatcustomer, to its agents and its affiliates that provide communications-related services. A
telecommunications carrier may also permit such persons or entities to obtain access to such
CPNI for such purposes. Except for use and disclosure of CPNI that is permitted without
customer approval under section Sec. 64.2005, or that is described in this paragraph, or as
otherwise provided in section 222 of the Communications Act of 1934, as amended, a
telecommunications carrier may only use, disclose, or permit access to its customer's
individually identifiable CPNI subject to opt-in approval.
(1) Joint Venture/Contractor Safeguards. A telecommunications carrier that discloses or
provides access to independent contractors shall enter into confidentiality agreementswith independent contractors or joint venture partners that comply with the following
requirements. The confidentiality agreement shall:
(i) Require that the independent contractor or joint venture partner use the CPNI only
for the purpose of marketing or providing the communications-related services for
which that CPNI has been provided;
(ii) Disallow the independent contractor or joint venture partner from using, allowing
access to, or disclosing the CPNI to any other party, unless required to make such
disclosures under force of law; and
(iii)Require that the independent contractor or joint venture partner have appropriate
protections in place to ensure the ongoing confidentiality of consumers CPNI.
(2) Except for use and disclosure of CPNI that is permitted without customer approval
under section 64.2005 or that is described in paragraph (b)(1) of this section, or as
otherwise provided in Section 222 of the Communications Act of 1934, as amended,
-
7/29/2019 Customer Proprietory Network Information Manual1
38/44
CPNIPOLICY MANUAL
a telecommunications carrier may only use, disclose, or permit access to its
customers individually identifiable CPNI subject to opt-in approval
64.2008 Notice required for use of CPNI
(a) Notification generally:
(1)Prior to any solicitation for customer approval, a telecommunications carrier must
provide a one-time notification to the customer of the customers right to restrict use
of, disclosure of, and access to that customers CPNI.
(2)A telecommunications carrier must maintain records of notification, whether oral or
electronic, for at least one year.
(b) Individual notice to customers must be provided when soliciting approval to use, disclose or
permit access to customers CPNI.
(c) Content of notice. Customer notification must provide sufficient information to enable the
customer to make an informed decision as to whether to permit a carrier to use, disclose
or permit access to the customers CPNI.
(1) The notification must state that the customer has a right, and the carrier a duty, under
federal law, to protect the confidentiality of CPNI.
(2) The notification must specify the types of information that constitute CPNI and the
specific entities that will receive the CPNI, describe the purposes for which CPNI will
be used, and inform the customer of his or her right to disapprove those uses and denyor withdraw access to CPNI at any time.
(3) The notification must advise the customer of the precise steps the customer must take
in order to grant or deny access to CPNI and must clearly state that a denial of
approval will not affect the provision of any services to which the customer
subscribes. However, carriers may provide a brief statement, in clear and neutral
language, describing consequences directly resulting from the lack of access to CPNI.
(4) The notification must be comprehensible and not be misleading.
(5) If written notification is provided, the notice must be clearly legible, use sufficiently
large type, and be placed in an area so as to be readily apparent to a customer.
(6) If any portion of a notification is translated into another language, then all portions of
the notification must be translated into that language.
-
7/29/2019 Customer Proprietory Network Information Manual1
39/44
CPNIPOLICY MANUAL
(7) A carrier may state in the notification that the customers approval to use CPNI may
enhance the carriers ability to offer products and services tailored to the customers
needs. A carrier also may state in the notification that it may be compelled to
disclose CPNI to any person upon affirmative written request by the customer.
(8) A carrier may not include in the notification any statement attempting to encourage acustomer to freeze third-party access to CPNI.
(9) The notification must state that any approval, or denial of approval for the use of
CPNI outside of the service to which the customer already subscribes from that
carrier is valid until the customer affirmatively revokes or limits such approval or
denial.
(10)A telecommunications carriers solicitation for approval must be proximate to the
notification of a customers CPNI rights.
(d) Notice Requirements Specific to Opt-Out . A telecommunications carr