Attachment A PULASKI ELECTRIC SYSTEM STATEMENT REGARDING CPNI PROCEDURES AND COMPLIANCE

BACKGROUND Established in 1891, Pulaski Electric System (PES) is Tennessee's oldest municipal electric utility. PES currently ser es appro!imately 1",### customers and operates o er 1,$## miles o% line throu&hout 'iles (ounty. )t pro ides electric ser ice to the (ity o% Pulaski (pop. *,8*") and nei&hborin& communities in 'iles (ounty. The (ity o% Pulaski, +hich operates PES, is a ,small &o ernmental -urisdiction. (de%ined as &o ernments o% cities, counties, to+ns, to+nships, illa&es, school districts, or special districts, +ith a population o% less than %i%ty thousand). )n $##*, PES completed the construction o% a state/o%/the/art %iber/to/the/home (0TT1) net+ork. $#1$ marked the %i%th complete calendar year in +hich PES pro ided ideo, oice and data ser ices o er its %iber system to residents and businesses in and around Pulaski. The ser ices pro ided o er this 0TT1 net+ork are marketed under the name PES Ener&i2e. 3oice ser ice is o%%ered in the %orm o% 34)P. PES does not o%%er oice ser ice as a standalone ser ice, but only as part o% a packa&e o% ser ices +ith ideo and data. 5t the end o% 6ecember $#1$, PES had 1##7 residential oice subscribers and 18* commercial oice subscribers. PES has a contract +ith a +holesale pro ider o% interconnected 34)P ser ices, 9omentum :holesale, ;;( (,9omentum.), throu&h +hich PES pro ides its 34)P ser ice to subscribers. PES pro ides the retail ser ice to the customer. The PES Ener&i2e Terms o% Ser ice ha e al+ays re<uired a ne+ customer to authori2e 9omentum to act as its authori2ed a&ent %or all matters pertainin& to the telephone number assi&ned to the customer. COMPLIANCE REPORT 1. 64. !!"# U$e %& c'$t%me( )(%)(*eta(+ net,%(- *n&%(mat*%n ,*th%'t c'$t%me( a))(%.a/.

PES uses, discloses, or permits access to (P=) %or the purpose o% pro idin& the ser ice o%%erin&(s) to +hich the customer already subscribes %rom PES> to support its customers> and to bill and collect %or its ser ice(s). PES also uses (P=) to protect the ri&hts or property o% PES, or to protect users o% those ser ices and other carriers %rom %raudulent, abusi e, or unla+%ul use o% or subscription to such ser ices. 5s a small local pro ider, PES does not en&a&e in e!tensi e marketin& acti ities. :hen it does en&a&e in marketin&, PES typically does so throu&h &eneral mass mailin&s. PES has ne er used customers? indi idually identi%iable (P=) %or marketin& purposes and has no intention o% doin& so in the %uture. PES does not ha e any a%%iliated entities. 1o+e er, as stated abo e, the %iber/to/the/home ser ices are marketed to subscribers usin& the name PES Ener&i2e.

PES has ne er used, disclosed, or permitted access to (P=) to identi%y or track customers that call competin& ser ice pro iders, and has no intention o% doin& so in the %uture. . 64. !!0# A))(%.a/ (e1'*(e2 &%( '$e %& c'$t%me( )(%)(*eta(+ net,%(- *n&%(mat*%n.

PES has ne er used, disclosed to its a&ents or a%%iliates, or permitted such persons or entities to obtain access to its customers? indi idually identi%iable (P=) %or the purpose o% marketin& communications/related ser ices, and it has no intention o% doin& so in the %uture. Since the 34)P ser ice that PES sells includes all a ailable call %eatures ( oice mail, etc.), there is no reason %or it to use (P=) %or marketin& or up/sellin& additional %eatures to its customers. There%ore, PES has not used and does not plan to use its customers? indi idually identi%iable (P=) %or marketin& purposes that re<uire their appro al. 3. 64. !!4# N%t*ce (e1'*(e2 &%( '$e %& c'$t%me( )(%)(*eta(+ net,%(- *n&%(mat*%n.

Since PES does not use its customers? (P=) %or marketin& purposes, it does not solicit their appro al to do so. PES does, ho+e er, use a +ritten notice procedure to solicit their appro al to use their names and addresses %or marketin& purposes in the %ollo+in& manner@ PES pro ides customers +ith a +ritten Pri acy Policy applicable to all PES Ener&i2e ser ices ( ideo, 34)P, )nternet) at the initiation o% ser ice and annually therea%ter. The Pri acy Policy describes the collection, use, disclosure and retention o% personally identi%iable in%ormation about customers, includin& %or marketin& purposes. The Pri acy Policy ad ises customers that their names and addresses mi&ht be disclosed %or mailin& lists in connection +ith the promotion o% PES Ener&i2e products and ser ices and other le&itimate business acti ities. The Pri acy Policy also states that no in%ormation +ill be disclosed to third parties %or marketin& purposes. )t %urther pro ides customers +ith the opportunity to remo e or limit the use o% their names and addresses on mailin& lists by contactin& PES Ener&i2e by telephone or in +ritin&. The Pri acy Policy does not speci%ically seek appro al to collect, use or disclose ,indi idually identi%iable (P=). %or marketin& purposes, and as noted abo e, PES does not collect, use or disclose indi idually identi%iable (P=) %or marketin& purposes. 4. 64. !!5 Sa&e6'a(2$ (e1'*(e2 &%( '$e %& c'$t%me( )(%)(*eta(+ net,%(- *n&%(mat*%n.

PES pro ides on&oin& trainin& to its personnel as to +hen they are and are not authori2ed to use (P=). )n addition, PES employees are trained to noti%y the 3ice President o% Aroadband 4perations o% PES immediately upon detectin& or becomin& a+are o% an inappropriate disclosure o% (P=). PES has an e!press disciplinary process in place. 5s noted abo e, PES does not en&a&e in any sales and marketin& campai&ns that use its customers? (P=). PES only uses the customer?s name, address and telephone number %or marketin&. The only third party +ith access to PES?s customers? (P=) is 9omentum, but this access is %or ser ice pro ision and not %or marketin& purposes. ". 64. !1! Sa&e6'a(2$ %n the 2*$c/%$'(e %& c'$t%me( )(%)(*eta(+ net,%(- *n&%(mat*%n.

PES takes reasonable measures to disco er and protect a&ainst attempts to &ain unauthori2ed access to (P=). PES protects its electronic data and internal computer net+ork throu&h the use o% %ire+alls, anti/ irus so%t+are and other industry/accepted security mechanisms. (P=), such as call detail records, is electronically stored on e<uipment o+ned by 9omentum, located on

9omentum?s premises. E ery employee o% PES +ho is permitted access to electronic data has an indi idual user account and maintains a uni<ue pass+ord. Telephone Access to Call Detail Information@ )n a customer/initiated telephone contact PES customer ser ice representati es only disclose call detail in%ormation o er the telephone i% the customer %irst pro ides PES +ith a pass+ord that is not prompted by PES askin& %or readily identi%iable bio&raphical in%ormation or account in%ormation. This pass+ord is the same pass+ord used %or online access and is established in the manner described belo+. )% the customer does not pro ide a pass+ord, PES only discloses call detail in%ormation by sendin& it to the customer?s address o% record, or by callin& the customer at the telephone number o% record. PES customer ser ice representati es record in the trouble/ticketin& system +hether the pass+ord +as pro ided, alon& +ith in%ormation about ho+ the ser ice problem +as resol ed. They also document +hene er (P=) is disclosed and the method o% eri%ication that +as used prior to makin& the disclosure. (ustomer ser ice representati e trainin& has al+ays emphasi2ed that all customer data is con%idential and should only be shared +ith the customer o% record. In-store Access to CPNI@ PES customer ser ice representati es disclose (P=) to a customer at a PES retail location only i% the customer %irst presents to PES or its a&ent a alid photo )6 matchin& the customer?s account in%ormation. They also document +hene er (P=) is disclosed and the method o% eri%ication that +as used prior to makin& the disclosure. Online Access to CPNI@ PES customers ha e the option o% accessin& some o% their (P=) online usin& systems o+ned and operated by 9omentum. Aecause the systems are o+ned and operated by 9omentum, most o% the online access controls and chan&e noti%ication procedures are established by 9omentum. :hen a PES customer?s ser ice is initially acti ated, PES asks the customer to establish a username and pass+ord at the time they order their phone ser ice. :hen PES establishes a username and pass+ord %or the customer, the online system is con%i&ured to authenticate the PES customer +ithout the use o% readily a ailable bio&raphical in%ormation or account in%ormation. 4nce authenticated, the customer is only able to obtain online access to (P=) related to the customer?s ser ice account throu&h a pass+ord that is not prompted by the online system askin& %or readily a ailable bio&raphical in%ormation or account in%ormation. The online backup method o% customer authentication in the e ent o% a lost or %or&otten pass+ord is mana&ed by 9omentum. )% a customer %or&ets his or her pass+ord, the customer can click on a link to ha e the pass+ord e/mailed to him or her only i% he or she has pro ided 9omentum +ith an e/mail address. )% 9omentum does not ha e the customer?s e/mail, the link +ill not +ork but the customer can call PES and PES +ill &i e him or her the pass+ord either by callin& them back at the number o% record or by askin& him or her to come into the o%%ice +ith photo )6 to &et the pass+ord in person. Notification of Account Changes@ :here customers ha e pro ided 9omentum +ith an e/mail address, 9omentum (and not PES) has responsibility %or noti%yin& customers +hene er an online username or pass+ord, customer response to a backup means o% authentication %or lost or %or&otten pass+ords, online account, or e/mail address o% record is created or chan&ed. :here customers ha e not pro ided 9omentum +ith an e/mail address, PES relies on 9omentum to noti%y PES o% these account chan&es by e/mail, and PES then noti%ies the customer by sendin& an e/mail to the e/ mail account o% record, or a letter to the physical address o% record, or by placin& a phone call to the telephone number o% record. (ustomers may not make chan&es to postal addresses o% record online. These may only be made by contactin& PES. PES then noti%ies the customer o% these

chan&es by sendin& an e/mail to the e/mail account o% record, or a letter to the physical address o% record, or by placin& a phone call to the telephone number o% record. The noti%ication in all cases does not re eal the chan&ed in%ormation. )t states only that a chan&e +as made. PES has no business customers that ha e contracted to authentication re&imes that di%%er %rom the one described abo e. 6. 64. !11 N%t*&*cat*%n %& c'$t%me( )(%)(*eta(+ net,%(- *n&%(mat*%n $ec'(*t+ 7(eache$.

PES +ill noti%y la+ en%orcement and customers o% any breach o% its customers? (P=) and maintain a record o% such any such breaches in the manner and accordin& to the deadlines as pro ided by the (ommission?s rules. To date, PES has not become a+are o% any breaches.

B arB+++BappsBcon ersionBtmpBscratchC$B$178*$11#.doc