In accordance with Section 222 of the Communications Act and the Federal Communications Commission’s (“FCC”) CPNI Rules (47 C.F.R. § 64.2001, et seq.), Clarity Networks, LLC (“ClarityNetworks” or “Company”) has established the policies and procedures outlined below for collecting, accessing, using, and storing Customer Proprietary Network Information (“CPNI”). ClarityNetworks provides telecommunications services to retail customers. Therefore, because ClarityNetworks may collect, access, use, or store CPNI when providing these types of services, the Company undertakes the steps outlined in this Policy Statement to protect CPNI from unauthorized access or misuse.
Definition of CPNI
Under federal law, CPNI is certain customer information obtained by a telecommunications provider during the course of providing telecommunications and related services (including interconnected VoIP) to a customer. This includes information relating to the quantity, technical configuration, type, destination, location, and amount of use of a telecommunications service subscribed to by any customer of a telecommunications carrier.
Examples of CPNI include information typically available from telephone-related details on a monthly bill such as the types of services purchased by a customer, numbers called, duration of calls, directory assistance charges, and calling patterns. CPNI does not include names, addresses, and telephone numbers of customers, because that information is considered subscriber list information under applicable law.
Use of CPNI
It is the policy of ClarityNetworks not to use CPNI for any activity other than as permitted by applicable law. Any disclosure of CPNI to other parties (such as affiliates, vendors and agents) occurs only if it is necessary to conduct a legitimate business activity related to the services already provided by ClarityNetworks to the customer. If ClarityNetworks is not required by law to disclose CPNI or if the intended use is not otherwise permitted under FCC rules, the Company will first obtain the customer’s consent prior to using or sharing CPNI.
ClarityNetworks follows industry-standard practices to prevent unauthorized access to CPNI by a person other than the subscriber or Company. However, ClarityNetworks cannot guarantee that these practices will prevent every unauthorized attempt to access, use, or disclose personally identifiable information.
ClarityNetworks notifies customers immediately of any account changes, including address of record, authentication, online account, and password-related changes.
Employee Training Policies
All employees of ClarityNetworks are trained as to when they are, and are not, authorized to use CPNI. Specifically, ClarityNetworks prohibits its personnel from releasing CPNI based upon a customer-initiated telephone call except under the following three (3) circumstances.
• When the customer has pre-established a password and confirms that password when contacting ClarityNetworks about CPNI-related matters;
• When the information requested by the customer is to be sent to the customer’s address of record; or
• When ClarityNetworks calls the customer’s telephone number of record and discusses the information with the party initially identified by the customer when service was initiated.
Disclosure to Business Customers
ClarityNetworks may negotiate alternative authentication and CPNI procedures for services that the Company provides to business customers that have a dedicated account representative and a contract that specifically addresses the protection of the business customer’s CPNI.
ClarityNetworks has informed its employees and agents that it considers compliance with the Communications Act and FCC rules regarding the use, disclosure, and access to CPNI to be very important. Violation by company employees or agents of such CPNI requirements will lead to disciplinary action (including remedial training, reprimands, unfavorable performance reviews, probation, and/or termination), depending upon the circumstances of the violation (including the severity of the violation, whether the violation was a first time or repeat violation, whether appropriate guidance was sought or received from a supervisor, and the extent to which the violation was or was not deliberate or malicious).
Use of CPNI in Sales and Marketing Campaigns
ClarityNetworks does not use CPNI in its marketing campaigns. However, if ClarityNetworks does use CPNI in marketing campaigns, the company will maintain a record of all sales and marketing campaigns that use the CPNI. The record will include a description of each campaign, the specific CPNI that was used in the campaign, and what products and services were offered as part of the campaign.
ClarityNetworks will also implement a system to obtain prior approval and informed consent from its customers in accordance with the Commission’s CPNI rules. This system will allow for the status of a customer’s CPNI approval to be clearly established prior to the use of CPNI.
Prior to commencement of a sales or marketing campaign that utilizes CPNI, ClarityNetworks will establish the status of a customer’s CPNI approval. The following sets forth the procedure that will be followed by the Company:
• Prior to any solicitation for customer approval, ClarityNetworks will notify customers of their right to restrict the use of, disclosure of, and access to their CPNI.
• ClarityNetworks will use opt-in approval for any instance in which Company must obtain customer approval prior to using, disclosing, or permitting access to CPNI.
• A customer’s approval or disapproval remains in effect until the customer affirmatively revokes or limits such approval or disapproval.
• Records of approvals are maintained for at least two years.
• ClarityNetworks provides individual notice to customers when soliciting approval to use, disclose, or permit access to CPNI.
• The CPNI notices sent by ClarityNetworks will comply with FCC Rule 64.2008(c) and will be retained for at least one (1) year. ClarityNetworks will also maintain a supervisory review process regarding compliance with the CPNI rules for any outbound marketing situations relating to CPNI and will maintain such compliance and supervisory approval records for at least one (1) year consistent with FCC Rule 64.2009(d).
Company is prepared to provide written notice within five (5) business days to the FCC of any instance where the opt-in mechanisms do not work properly or to such a degree that consumers’ inability to opt-in is more than an anomaly.
Third Party Use of CPNI
To safeguard CPNI, prior to allowing joint venturers or independent contractors access to customers’ individually identifiable CPNI, ClarityNetworks will require all such third parties to enter into a confidentiality agreement that ensures compliance with this Policy, and ClarityNetworks shall also obtain opt-in consent from a customer prior to disclosing the information to such third parties. In addition, ClarityNetworks requires all outside agents to acknowledge and certify that they may only use CPNI for the purpose for which that information has been provided. ClarityNetworks requires express written authorization from the customer prior to dispensing CPNI to new carriers, except as otherwise required by law.
ClarityNetworks does not market or sell CPNI information to any third party.
Law Enforcement Notification of Unauthorized Disclosure
If an unauthorized disclosure of CPNI occurs, ClarityNetworks shall provide notification of the breach within seven (7) days to the United States Secret Service (“USSS”) and the Federal Bureau of Investigation (“FBI”). ClarityNetworks shall wait an additional seven (7) days from its government notice prior to notifying the affected customers of the breach. Notwithstanding the above, ClarityNetworks shall not wait the additional seven (7) days to notify its customers if the Company determines there is an immediate risk of irreparable harm to the customers.
ClarityNetworks shall maintain records of discovered breaches for a period of at least two (2) years.
Annual CPNI Certification
Pursuant to FCC regulations, 47 C.F.R. § 64.2009(e), ClarityNetworks will annually submit to the FCC, by March 1st or any subsequently established deadline, a CPNI Certification of Compliance and accompanying Statement regarding the company’s CPNI policies and operating procedures. These documents certify that ClarityNetworks complied with federal laws and FCC regulations regarding the protection of CPNI throughout the prior calendar year.