8/20/2019 2015 CPNI Questionnaire.docx

1/13

2015 CPNI QuestionnaireBVU Authority (BVUA)

I. Use of CPNI for Marketin

1) Do you use CPNI  to market any telecommunications or non-telecommunications services, either through your own sales force or throughagents or other third parties

  !es No

If response to Question 1 is NO, skip to question 8.

") Do you use CPNI #N$! for one or more of the following purposes %&ee&ection II of CPNI &ummary)'

a) (o market service oerings that are within the same category of service that you already provide to the customer %i*e*, +total serviceapproach+see &ection II of CPNI &ummary)

.) (o provide your customer with customer premises e/uipment, callanswering, voice mail or messaging, voice storage or retrieval, fa0store and forward, and protocol conversion

c) (o provide inside wire installation, maintenance and repair services

d) or local carriers, to market features such as speed dialing,computer provided Directory ssistance, call tracing, call .locking, callreturn, repeat dialing, call tracking, call waiting, caller ID, callforwarding and certain Centre0 features

e) (o protect your Company2s rights or property

f) (o protect your customers and other carriers from fraudulent,a.usive or unlawful use or su.scription of service

g) or C34& providers only'

i) In con5unction with research on the health eects or C34&*

ii) or the provision of CP6 and information services*

  !es No

If the response to Question 2 is YES, no customer approval or notication is require! "" skip to Question #.

8/20/2019 2015 CPNI Questionnaire.docx

2/13

7) If you use CPNI for purposes other than those listed in 8uestion ", customerapproval is re/uiredplease respond to the following /uestions'

a) 60plain your procedures for notifying customers of their right torestrict use of, disclosure, and access to their CPNI, prior to asking forapproval to use CPNI* %&ee &ection 9*:* of CPNI &ummary for

noti;cation re/uirements*)

If you use opt-out approval, do you provide notice to customers everytwo years

  !es No

.) Descri.e the procedures that you use for o.taining customerapproval, esta.lishing proof that approval was o.tained, andmaintaining records of customer approval* or instance, do you rely onopt-in approval %where the customer aor electronic methods of approval* %&ee &ection 9* of CPNI &ummary)

 

?) If you use CPNI in a manner re/uiring customer approval, do you have asystem that indicates the status of the customer2s CPNI approval %e*g*, a @agin the customer service record) %&ee &ection 9I* of CPNI summary)

  !es No

8/20/2019 2015 CPNI Questionnaire.docx

3/13

A) Do you train your personnel as to when they are and are not authoriBed touse CPNI and have a disciplinary process in place %&ee &ection 9I* 6 of CPNIsummary)

  !es No

:rie@y descri.e*

:9 has a CPNI manual that covers disciplinary action and as part of the CPNI employees sign a document that acknowledges potentialdisciplinary action* or e0ample an e0cerpt states, + 9iolation .yCompany employees and agents of such CPNI re/uirements will lead toprompt disciplinary action %up to and including remedial training,reprimands, unfavora.le performance reviews, pro.ation, andtermination), depending upon the circumstances of the violation%including the severity of the violation, whether the violation was a ;rsttime or repeat violation, whether appropriate guidance was sought orreceived from the CPNI Compliance #

8/20/2019 2015 CPNI Questionnaire.docx

4/13

  d* the name and relationship of any third party to which CPNI wasdisclosed or provided, or  which was allowed to access CPNI= and

  e* what products and services were oered as part of the campaign*

F) 6ven if you do not use CPNI for marketing purposes, do you have processesin place to safeguard your customersG CPNI from %a) improper use ordisclosure .y your employees= and %.) attempts .y third parties to gainunauthoriBed access to CPNI*

 !es No

:rie@y descri.e the procedures you use*

#ur CPNI manual covers the processes and they are included in our training*He have procedures that cover in.ound calls from customer, out.ound callsto customers, customerGs re/uest for CPNI whether in person or .y phone,re/uest .y law enforcement, and protection and safeguarding of records*

) Do you maintain a record of all instances where CPNI was disclosed orprovided to third parties, or where third parties o.tained access to CPNI%&ee &ection 9I*J of CPNI &ummary)*

 !es No

8/20/2019 2015 CPNI Questionnaire.docx

5/13

II. !e"e#hone A$$ess to Ca"" %etai" & Ne' CC u"es

1K) Do you provide call detail information %a su.set of CPNI -- see &ection I of CPNI summary for de;nition) over the telephone

 !es No

If the response to Question 1$ is NO "" skip to Question 11.

If the response to Question 1$ is YES, please respon! to thefollo%in& questions:

%a) Do you have procedures for esta.lishing customer password, andauthenticating a customerGs identity .efore issuing a password withoutusing readily availa.le .iographical information or accountinformation %&ee &ection 9II* and C of CPNI &ummary)

 !es No

:rie@y e0plain your procedures*

Passwords can .e designed in a manner that is privatelysigni;cant and memora.le to the customer %e.g.,Lpirates1E1,M L1F7alamo,M L.eatles?M)* Oowever,passwords may N#( .e .ased upon readily o.taina.le.iographical information %e.g., the customerGs name,motherGs maiden name, social security num.er or date of .irth) or account information %e.g., the customerGs telephonenum.er, address, account num.er, or amount of last .ill)*

 

%.) Do you have a .ack-up authentication method for lost or forgottenpasswords that does not prompt the customer for readily availa.le.iographical information or account information %&ee &ection 9II*C of CPNI &ummary)

 !es No

:rie@y e0plain your method*

o  (he Company will esta.lish a password %and a .ack-up

customer authentication method if the customer loses orforgets his or her password) for each new customer atthe time that the customer initiates service*

o  (he Company will esta.lish a new or replacement

8/20/2019 2015 CPNI Questionnaire.docx

6/13

password %and a .ack-up customer authenticationmethod if the customer loses or forgets his or herpassword) for e0isting customers desiring a passwordpursuant to the following procedure* (he Company mayperiodically announce on its we.site, in its newsletterand>or in its .illing materials that customers must have a

password for security and privacy purposes in order tocall the Company and o.tain their call detail informationover the telephone* (he Company announcements willinform customers that they may o.tain an initial orreplacement password' %i) if they come in person to theCompanyGs .usiness o

8/20/2019 2015 CPNI Questionnaire.docx

7/13

%c) If a customer cannot provide the correct password or response toany .ack-up authentication methods, do you re/uire them to esta.lisha new password %&ee &ection 9II*C of CPNI &ummary)

  !es No

8/20/2019 2015 CPNI Questionnaire.docx

8/13

d) Do you have in place a process that ensures that call detail is notdisclosed unless the customer either %i) provides a valid password or%ii) provides the call detail information that is the su.5ect of the in/uirywithout a customer service representativeGs assistance %&ee &ection9II*: of CPNI &ummary)

 !es No

%e) If the customer does not provide a password or fall into thee0ception in %d)%ii) a.ove, or if the customer seeks additional call detailinformation, do you only provide call detail .y sending it to thecustomerGs address of record or .y calling the customer at thetelephone num.er of record %&ee &ection 9II*: of CPNI &ummary)

  !es No

8/20/2019 2015 CPNI Questionnaire.docx

9/13

III. *n"ine A$$ess to CPNI & Ne' CC u"es

11) Do you provide online access to CPNI

 !es No

If the response to Question 11 is NO "" skip to Question 12.

If the response to Question 11 is YES, please respon! to thefollo%in& questions:

%a) Do you have procedures for esta.lishing customer password foronline access, and authenticating a customerGs identity .efore issuinga password without using readily availa.le .iographical information oraccount information %&ee &ection 9II*D of CPNI &ummary)

 !es No

:rie@y e0plain your procedures*

Customers may have access to their .illing via internet access to oursecure server* Customer must esta.lish a ser ID and Password incon5unction with their account num.er* Customers set up a security/uestion and answer for password retrieval*

If 'our compan' is a %ireline or %ireless provi!er %ith fe%er than 1#$$ emplo'ees or an interconnecte! (OI) provi!er %ithless than *+ million in annual revenue 'ou can !ela' implementation of the online authentication an! pass%or! requirements until une 8, 2$$8. )lease in!icate -elo% if thiseemption applies an! &o to Question 12. Other%ise, respon! to the follo%in& questions/

 

%.) Do you have a .ack-up authentication method for lost or forgottenpasswords that does not prompt the customer for readily availa.le

.iographical information or account information :rie@y e0plain yourprocedures* %&ee &ection 9II*C of CPNI &ummary)

  !es No

8/20/2019 2015 CPNI Questionnaire.docx

10/13

%c) If a customer cannot provide the correct password or response to any.ack-up authentication methods, do you re/uire them to esta.lish anew password %&ee &ection 9II*C of CPNI &ummary)

  !es No

%d) Do you re/uire a password .efore allowing online access %&ee&ection 9II*C of CPNI &ummary)

  !es No

IV. In+,tore (etai" -o$ation) A$$ess to CPNI & Ne' CC u"es

1") Do you allow in-store access to CPNI

 !es No

If the response to Question 12 is NO "" skip to Question 10.

If the esponse to Question 12 is YES, ans%er the follo%in&question/

%a) Do you only disclose CPNI if the customer has presented a validphoto ID matching his>her account information %&ee &ection 9II*6 of CPNI &ummary)

  !es No (hey can answer the password word in person too or respond to challenge/uestions*

V. Noti$ation of A$$ount Chanes & Ne' CC u"es

17) Do you notify customers of the following types of account changes withoutrevealing the changed information or sending the noti;cation to the newaccount information' %i) password changes= %ii) change to a response to a.ack-up means of authentication= %iii) change to online account= %iv) changeor creation of an address of record %other than at service initiation)

:rie@y e0plain the method of noti;cation used %e*g*, carrier originated voicemail, te0t message to phone num.er of record, or mail to the address of record)* %&ee &ection 9II* of CPNI &ummary)

 (he notice may .e provided .y' %i) a Company call or voicemail to thecustomerGs telephone num.er of record= %ii) a Company te0t message to thecustomerGs telephone num.er of record= or %iii) a written notice mailed to thecustomerGs address of record %to the customerGs prior address of record if the change includes a change in the customerGs address of record)*

8/20/2019 2015 CPNI Questionnaire.docx

11/13

VI. Noti$ation of CPNI Brea$hes & Ne' CC u"es1?*

%a) Do you have in place procedures to notify law enforcement %the nited&tates &ecret &ervice and the :I) of a .reach of a customerGs CPNI

within E .usiness days %&ee &ection 9III* of CPNI &ummary)

  !es No

%.) Do you have in place procedures to notify customers of the .reach,.ut only E .usiness days after noti;cation to law enforcement %&ee&ection 9III*: of CPNI &ummary)

  !es No

%c) Do you maintain records of' %i) any .reaches discovered= %ii)noti;cations made to the &&& and :I= and %iii) noti;cations made to

customers

 !es No

%d) Do your records include the dates of discovery and noti;cation, adetailed description of the CPNI that was .reached and thecircumstances of the .reach %&ee &ection 9III*C of CPNI &ummary)

  !es No

VII. Actions against Data Brokers – New FCC Rules

15) Have you taken any actions against data brokers in the last year?

 !es No

If yes, explain the actions taken.

 

8/20/2019 2015 CPNI Questionnaire.docx

12/13

VIII. Customers Complaints about CPNI – New FCC Rules

16) id you receive any co!plaints about unauthori"ed release or disclosure of #$%I fro! ece!ber 

&, '(( *effective date of ne+ rules) through ece!ber 11, '(11?

 !es No

If the response to Question 1+ is YES, please respon! to thefollo%in& questions:

$rovide the total nu!ber of co!plaints received broken do+n by the follo+ing categories *a)

instances of i!proper access by e!ployees- *b) instances of i!proper disclosure to individualsnot authori"ed to receive the infor!ation- *c) instances of i!proper access to online infor!ation

 by individuals not authori"ed to vie+ the infor!ation.

IX. Preteters Processes

1) Have you developed any infor!ation +ith respect to the processes that pretexters are using to

atte!pt to access #$%I?

 !es No

If so, provide the infor!ation.

He have stated the following in our CPNI manual' In some unfortunateinstances, prete0ters have o.tained CPNI from telephone company

representatives who have cooperated for friendship, ;nancial or otherreasons* (he Company will take any and all disciplinary, termination and>orremedial actions permitted .y applica.le federal and state employment lawagainst any Company representative that is reasona.ly suspected to havecooperated knowingly and intentionally with a prete0ter*

Prete0ters may use a variety of tactics to try to fool telephone companyrepresentatives in order to get unauthoriBed and unlawful access to CPNI*

8/20/2019 2015 CPNI Questionnaire.docx

13/13

&ome of these tactics involve mock anger and .ullying= others entailpleading and playing upon normal human emotions*