2013 CPNI Questionnaire BVU Authority (BVUA) I.

1) Use of CPNI for Marketin Do you use CPNI to market any telecommunications or non-telecommunications services, either through your own sales force or through agents or other third parties !es No

If response to Question 1 is NO, skip to question 8. ") Do you use CPNI #N$! for one or more of the following purposes %&ee &ection II of CPNI &ummary)' a) to market service offerings that are within the same category of service that you already provide to the customer %i(e(, )total service approach)*see &ection II+ of CPNI &ummary) to provide your customer with customer premises e-uipment, call answering, voice mail or messaging, voice storage or retrieval, fa. store and forward, and protocol conversion to provide inside wire installation, maintenance and repair services for local carriers, to market features such as speed dialing, computer provided Directory +ssistance, call tracing, call ,locking, call return, repeat dialing, call tracking, call waiting, caller ID, call forwarding and certain centre. features to protect your Company/s rights or property to protect your customers and other carriers from fraudulent, a,usive or unlawful use or su,scription of service 0or C12& providers only' i) ii) !es in con3unction with research on the health effects or C12&( for the provision of CP4 and information services( No

,) c) d)

e) f) g)

If the response to Question 2 is YES, no customer approval or notification is require !! skip to Question ".

5)

If you use CPNI for purposes other than those listed in 6uestion ", customer approval is re-uired *please respond to the following -uestions' a) 4.plain your procedures for notifying customers of their right to restrict use of, disclosure, and access to their CPNI, prior to asking for approval to use CPNI( %&ee &ection 7(8( of CPNI &ummary for notification re-uirements()

If you use opt-out approval, do you provide notice to customers every two years !es ,) No

Descri,e the procedures that you use for o,taining customer approval, esta,lishing proof that approval was o,tained, and maintaining records of customer approval( 0or instance, do you rely on opt-in approval %where the customer affirmatively agrees to the use of their CPNI), or #pt-#ut approval %where the customer is re-uired to notify you if they D# N#9 want you to use their CPNI): do you rely on oral, written, and;or electronic methods of approval( %&ee &ection 7( of CPNI &ummary)

<)

If you use CPNI in a manner re-uiring customer approval, do you have a system that indicates the status of the customer/s CPNI approval %e(g(, a flag in the customer service record) %&ee &ection 7I(+ of CPNI summary) !es No

=)

Do you train your personnel as to when they are and are not authori>ed to use CPNI and have a disciplinary process in place %&ee &ection 7I( 4 of CPNI summary) !es 8riefly descri,e( 87?+ has a CPNI manual that covers disciplinary action and as part of the CPNI employees sign a doument that acknowledges potential disciplinary action( 0or e.ample an e.erpt states, ) 7iolation ,y Company employees and agents of such CPNI re-uirements will lead to prompt disciplinary action %up to and including remedial training, reprimands, unfavora,le performance reviews, pro,ation, and termination), depending upon the circumstances of the violation %including the severity of the violation, whether the violation was a first time or repeat violation, whether appropriate guidance was sought or received from the CPNI Compliance #fficer%s), and the e.tent to which the violation was or was not deli,erate or malicious)( No

@)

Do you maintain a record of your company/s and any affiliate/s sales and marketing campaigns that use CPNI %&ee &ection 7I(C of CPNI summary) !es No

A)

Do you have a supervisory review process for compliance with CPNI rules for out,ound marketing situations to ensure that sales personnel o,tain supervisory approval of any proposed out,ound marketing re-uest for customer CPNI approval %&ee &ection 7I(D and 4 of CPNI summary) !es No

8riefly descri,e the process and recordkeeping( +ll out,ound marketing situations must ,e approved ,y the Compliance #fficer and after approval the effort is documented( 9he Compliance #fficer will maintain a record of each out,ound marketing activity or campaign, including' a( a description of the campaign: ,( the specific CPNI that was used in the campaign: c( the date and purpose of the campaign' d( the name and relationship of any third party to which CPNI was disclosed or provided, or which was allowed to access CPNI: and e( what products and services were offered as part of the campaign(

B)

4ven if you do not use CPNI for marketing purposes, do you have processes in place to safeguard your customersC CPNI from %a) improper use or disclosure ,y your employees: and %,) attempts ,y third parties to gain unauthori>ed access to CPNI( !es No

8riefly descri,e the procedures you use( #ur CPNI manual covers the processes and they are included in our training( De have procedures that cover in,ound calls from customer, out,ound calls to customers, customerCs re-uest for CPNI whether in person or ,y phone, re-uest ,y law enforcement, and protection and safeguarding of records(

E)

Do you maintain a record of all instances where CPNI was disclosed or provided to third parties, or where third parties o,tained access to CPNI %&ee &ection 7I(F of CPNI &ummary)( !es No

II. 1G)

!e"e#hone A$$ess to Ca"" %etai" & Ne' (CC )u"es Do you provide call detail information %a su,set of CPNI -- see &ection I of CPNI summary for definition) over the telephone !es No

If the response to Question 1# is NO !! skip to Question 11. If the response to Question 1# is YES, please respon to the follo$in% questions : %a) Do you have procedures for esta,lishing customer password, and authenticating a customerCs identity ,efore issuing a password without using readily availa,le ,iographical information or account information %&ee &ection 7II(+ and C of CPNI &ummary) !es No

8riefly e.plain your procedures( Passwords can ,e designed in a manner that is privately significant and memora,le to the customer %e.g., Hpirates1EA1,I H1B5@alamo,I HJ,eatles<I)( Kowever, passwords may N#9 ,e ,ased upon readily o,taina,le ,iographical information %e.g., the customerCs name, motherCs maiden name, social security num,er or date of ,irth) or account information % e.g., the customerCs telephone num,er, address, account num,er, or amount of last ,ill)(

%,)

Do you have a ,ack-up authentication method for lost or forgotten passwords that does not prompt the customer for readily availa,le ,iographical information or account information %&ee &ection 7II(C of CPNI &ummary) !es No

8riefly e.plain your method( ,( 9he Company will esta,lish a password %and a ,ack-up customer authentication method if the customer loses or forgets his or her password) for each new customer at the time that the customer initiates service( c( 9he Company will esta,lish a new or replacement password %and a ,ackup customer authentication method if the customer loses or forgets his or her password) for e.isting customers desiring a password pursuant to the following procedure( 9he Company may periodically announce on its we,site, in its newsletter and;or in its ,illing materials that customers must have a password for security and privacy purposes in order to call the Company and o,tain their call detail information over the telephone( 9he Company announcements will inform customers that they may o,tain an initial or replacement password' %i) if they come in person to the CompanyCs ,usiness office, produce a driverCs license, passport or other government-

issued identification verifying their identity, and correctly answer certain -uestions regarding their service and address: or %ii) if they call a specified Company telephone num,er from their Htelephone num,er of recordI %see definition a,ove) and then wait at that num,er until a Company employee calls them ,ack and o,tains correct answers to certain -uestions regarding their service and address: or %iii) if they ask the Company to send a randomlygenerated Personal Identification Num,er %HPINI) to their Htelephone num,er of recordI %see definition a,ove) ,y voice, voicemail or te.t message or mail it to their Haddress of recordI %see definition a,ove), and then call the Company ,ack and provide the correct PIN( d( 9he CompanyCs H,ack-up customer authentication methodI will consist of a Hshared secretI com,ination of two pre-selected -uestions ,y the Company and two pre-selected answers ,y the customer regarding two non-pu,lic aspects of the customerCs life that would not ,e known ,y a prete.ter, hacker or other unauthori>ed entity( 0or e.ample, such Hshared secretI -uestions and answers might relate to the customerCs favorite Koliday, color, song, ,ook, movie, food, or sports team, or in what city were you ,orn %unless such characteristic are a matter of pu,lic record or known ,y a significant num,er of people)( If the customer claims to have lost or forgotten his or her password, ,ut can correctly provide the pre-selected answers to the two pre-selected Hshared secretI -uestions, the re-uested call detail information can ,e given to the customer over the telephone during the customer-initiated call(

%c)

If a customer cannot provide the correct password or response to any ,ack-up authentication methods, do you re-uire them to esta,lish a new password %&ee &ection 7II(C of CPNI &ummary) !es No

%d)

Do you have in place a process that ensures that call detail is not disclosed unless the customer either %i) provides a valid password or %ii) provides the call detail information that is the su,3ect of the in-uiry without a customer service representativeCs assistance %&ee &ection 7II(8 of CPNI &ummary) !es No

%e)

If the customer does not provide a password or fall into the e.ception in %d)%ii) a,ove, or if the customer seeks additional call detail information, do you only provide call detail ,y sending it to the customerCs address of record or ,y calling the customer at the telephone num,er of record %&ee &ection 7II(8 of CPNI &ummary) !es No

III. 11)

*n"ine A$$ess to CPNI & Ne' (CC )u"es Do you provide online access to CPNI !es No

If the response to Question 11 is NO !! skip to Question 12. If the response to Question 11 is YES, please respon to the follo$in% questions : %a) Do you have procedures for esta,lishing customer password for online access, and authenticating a customerCs identity ,efore issuing a password without using readily availa,le ,iographical information or account information %&ee &ection 7II(D of CPNI &ummary) !es No

8riefly e.plain your procedures( Customers may have access to their ,illing via internet access to our secure server( Customer must esta,lish a ?ser ID and Password ,y entering a = digit secret num,er in con3unction with their account num,er( If &our compan& is a $ireline or $ireless provi er $ith fe$er than 1"## emplo&ees or a interconnecte 'OI( provi er $ith less than )* million in annual revenue &ou can ela& implementation of the online authentication an pass$or requirements until +une 8, 2##8. (lease in icate ,elo$ if this e-emption applies an %o to Question 12. Other$ise, respon to the follo$in% questions.

%,)

Do you have a ,ack-up authentication method for lost or forgotten passwords that does not prompt the customer for readily availa,le ,iographical information or account information 8riefly e.plain your procedures( %&ee &ection 7II(C of CPNI &ummary) !es No

%c)

If a customer cannot provide the correct password or response to any ,ack-up authentication methods, do you re-uire them to esta,lish a new password %&ee &ection 7II(C of CPNI &ummary) !es No %&ee &ection 7II(C of CPNI

%d)

Do you re-uire a password ,efore allowing online access &ummary) !es No

IV. 1")

In+,tore ()etai" -o$ation) A$$ess to CPNI & Ne' (CC )u"es Do you allow in-store access to CPNI !es No

If the response to Question 12 is NO !! skip to Question 1/. If the 0esponse to Question 12 is YES, ans$er the follo$in% question. %a) Do you only disclose CPNI if the customer has presented a valid photo ID matching his;her account information %&ee &ection 7II(4 of CPNI &ummary)

!es No 9hey can answer the password word in person too or respond to challenge -uestions( V. 15) Notifi$ation of A$$ount Chan es & Ne' (CC )u"es Do you notify customers of the following types of account changes without revealing the changed information or sending the notification to the new account information' %i) password changes: %ii) change to a response to a ,ack-up means of authentication: %iii) change to online account: %iv) change or creation of an address of record %other than at service initiation) !es No 8riefly e.plain the method of notification used %e(g(, carrier originated voice mail, te.t message to phone num,er of record, or mail to the address of record)( %&ee &ection 7II(0 of CPNI &ummary) 9he notice may ,e provided ,y' %i) a Company call or voicemail to the customerCs telephone num,er of record: %ii) a Company te.t message to the customerCs telephone num,er of record: or %iii) a written notice mailed to the customerCs address of record %to the customerCs prior address of record if the change includes a change in the customerCs address of record)(

VI. 1<(

Notifi$ation of CPNI Brea$hes & Ne' (CC )u"es %a) Do you have in place procedures to notify law enforcement %the ?nited &tates &ecret &ervice and the 08I) of a ,reach of a customerCs CPNI within A ,usiness days %&ee &ection 7III(+ of CPNI &ummary) !es %,) No

Do you have in place procedures to notify customers of the ,reach, ,ut only A ,usiness days after notification to law enforcement %&ee &ection 7III(8 of CPNI &ummary) !es No

%c)

Do you maintain records of' %i) any ,reaches discovered: %ii) notifications made to the ?&&& and 08I: and %iii) notifications made to customers !es No

%d)

Do your records include the dates of discovery and notification, a detailed description of the CPNI that was ,reached and the circumstances of the ,reach %&ee &ection 7III(C of CPNI &ummary) !es No

VII. 1=)

A$tions A ainst %ata Brokers & Ne' (CC )u"es Kave you taken any actions against data ,rokers in the last year !es No

If yes, e.plain the actions taken(

VIII. 1@)

Custo.ers Co.#"aints a/out CPNI & Ne' (CC )u"es Did you receive any complaints a,out unauthori>ed release or disclosure of CPNI from Decem,er B, "GGA %effective date of new rules) through Decem,er 11, "G11 !es No

If the response to Question 1* is YES, please respon to the follo$in% questions : Provide the total num,er of complaints received ,roken down ,y the following categories' %a) instances of improper access ,y employees: %,) instances of improper disclosure to individuals not authori>ed to receive the information: %c) instances of improper access to online information ,y individuals not authori>ed to view the information(

I0. 1A)

Prete1ters Pro$esses Kave you developed any information with respect to the processes that prete.ters are using to attempt to access CPNI !es No

If so, provide the information( De have stated the following in our CPNI manual' In some unfortunate instances, prete.ters have o,tained CPNI from telephone company representatives who have cooperated for friendship, financial or other reasons( 9he Company will take any and all disciplinary, termination and;or remedial actions permitted ,y applica,le federal and state employment law against any Company representative that is reasona,ly suspected to have cooperated knowingly and intentionally with a prete.ter( Prete.ters may use a variety of tactics to try to fool telephone company representatives in order to get unauthori>ed and unlawful access to CPNI( &ome of these tactics involve mock anger and ,ullying: others entail pleading and playing upon normal human emotions(