Professional Documents
Culture Documents
Collab9, Inc.
CONTENTS
Purpose ...................................................................................................................................................................................................... 3 Scope.......................................................................................................................................................................................................... 3 Definition ................................................................................................................................................................................................... 3 Applicability ............................................................................................................................................................................................... 3 Use of CPNI without prior customer approval ........................................................................................................................................... 3 Customer administrator designation ......................................................................................................................................................... 4 Customer approval database ..................................................................................................................................................................... 4 Approval to use CPNI ................................................................................................................................................................................. 4 Opt-Out Approval................................................................................................................................................................................... 4 Opt-In Approval ..................................................................................................................................................................................... 4 Approval Request Notices .......................................................................................................................................................................... 4 CPNI Disclosure .......................................................................................................................................................................................... 5 Supervisory Review .................................................................................................................................................................................... 5 Training ...................................................................................................................................................................................................... 5 Disciplinary Action ..................................................................................................................................................................................... 5 Reporting ................................................................................................................................................................................................... 5 Notification of Account Changes ............................................................................................................................................................... 5 Recordkeeping ........................................................................................................................................................................................... 5 Data Brokers .............................................................................................................................................................................................. 6
Collab9, Inc.
PURPOSE
The purpose of this policy is to define required access control measures to all Collab9 customer proprietary network information (CPNI) and applications to protect the privacy, security, and confidentiality of COLLAB9 and customer information assets and systems, especially highly sensitive systems.
SCOPE
This policy is applicable to those responsible handling and management of customer proprietary network information in COLLAB9 systems & applications or access to such information. Such information can be held within a database, application or shared file space.
DEFINITION
The term customer proprietary network information (CPNI) relates to the technical configuration, type, destination, location quantity, and usage of a telecommunications service subscribed to by any customer of a telecommunications carrier, and that is made available to the carrier by the customer solely by virtue of the carrier-customer relationship; and information contained in the bills pertaining to telephone exchange service or telephone toll service received by a customer of a carrier; except that such term does not include Subscriber List Information.
APPLICABILITY
CPNI policy is applicable to the following: Information related to the service customer has purchased from COLLAB9. This information may include type of service, technical configuration, or location of a service. Customer design layout reports, service addresses, originating and terminating locations, circuit speed and capacity, etc. Information about the amount of service a customer purchased from COLLAB9. For example, this may include the number of lines, circuits, calls, minutes, or the amount of equipment, subscribed to by the customer. Information about a customers usage of telecommunications services, including numbers called, calls received, a nd optional features utilized. Information contained in a bill sent to the customer by COLLAB9.
Information that was not obtained by COLLAB9 as part of their carrier-customer relationship. For example, market information that a third party company may purchase from an outside source that happens to include data concerning one of COLLAB9 customers. However, information obtained from a COLLAB9 affiliate that also provides service to a customer is deemed to be CPNI. Subscriber List Information, it is a defined term under Federal law, and it means any information of an COLLAB9 subscriber (such as name, address, telephone number or classification) that the company or an affiliate has published, caused to be published, or accepted for publication in a directory. While Subscriber List Information is not CPNI, COLLAB9 does require that third party vendors, partners, sales and marketing agents maintain the confidentiality of this information.
Collab9, Inc. Aggregate Customer Information may be used without restriction. However, if the company uses Aggregate Customer Information for purposes other than providing telecommunications services, it must make the same aggregate information available to other parties upon request, on reasonable and non-discriminatory terms and conditions
OPT-OUT APPROVAL
The opt-out approval method requires that the customer administrators receive an individual notice (by written or electronic means) that COLLAB9 intends to use the customers CPNI. Such notices must be sent by the COLLAB9 30 days before the customers approval to use CPNI is inferred (33 days for notices sent by mail). If the customer communicates to COLLAB9 that use of the CPNI is not approved; the company will honor that customers decision to opt -out.
OPT-IN APPROVAL
Opt-in Approval requires COLLAB9 to obtain from the customer admin an affirmative, express consentin electronic or written formallowing the requested CPNI usage, disclosure or access, after receiving appropriate notification. Opt-in consent must be obtained if COLLAB9, its agents or affiliates or an unrelated third party uses a customers CPN Ito market a non-Communications-Related Service. Opt-in consent also must be obtained if a third party agent, vendor or contractor uses CPNI to market any service, including a Communications-Related Service, to a customer.
Collab9, Inc.
CPNI DISCLOSURE
COLLAB9 must provide CPNI to any person designated by the customer, upon receipt of an affirmative written request from the customer. In general, COLLAB9 cannot encourage a customer to freeze third-party access to CPNI. When required by law, such as through a subpoena or other request from law enforcement, to disclose CPNI, COLLAB9 must be notified using the below contact immediately: billing@collab9.com
SUPERVISORY REVIEW
Company employees, agents and affiliates must obtain supervisory review before making any request to a customer to use, disclose or permit access to CPNI. All requests for such review should be directed to the COLLAB9 Manager. The review shall ensure that the requirements of this policy statement are followed.
TRAINING
COLLAB9 will provide a means for all its employees, legal/company agents and affiliates to receive training in the proper uses of CPNI, including a familiarity with this policy statement. Employees will be required to sign off on the training that they understand the policies and procedure for maintaining CPI.
DISCIPLINARY ACTION
Failure to abide by the CPNI policy, after the training has been provided and employee has signed off, will result in disciplinary action taken against such employee, which may result in termination for said offence.
REPORTING
COLLAB9 will provide a written report to the Federal Communications Commission (FCC) of an y instance in which the opt-out method has failed to work properly, to such a degree that consumers inability to opt -out is more than an anomaly. The companys report will be filed with the FCC within five business days after learning of such failure. Any employee who becomes aware of any malfunction in the opt out system should immediately report it to COLLAB9 is subject to strict reporting obligations to certain Federal authorities as soon as practicable in connection with maintenance, use, disclosure, breach or misuse of CPNI
RECORDKEEPING
COLLAB9 will maintain records of customer approvals to use access or disclose CPNI, whether written or electronic, for a minimum of one year. A customers approval or disapproval will remain in effect until the customer revokes or limits such approval or disapproval. These records are generated by adding to a database each customer who does not approve the use of CPNI. COLLAB9 will maintain records of all sales and marketing campaigns that involve these, disclosure or giving of permission for access to customers CPNI, including those of the companys affiliates or third parties. Such disclosure to shall only be of customers who have given their explicit opt-in consent to disclose to third parties. All such records will include a description of the campaign, identification of the CPNI used, and a listing of the products and services being offered to customers. Onetime uses of CPNI are not generally considered to be sales or marketing campaigns, and individualized records of such onetime uses are not required, except that every disclosure of CPN Ito a person or entity outside of COLLAB9 must be Customer Proprietary Network Information (CPNI) Policy v1.2 5
Collab9, Inc. documented and recorded with the same information that would be required in a sales or marketing campaign. The records required under this paragraph will be maintained for a minimum of one year. COLLAB9 must maintain a record, electronically or in some other manner, of any breaches discovered, notifications made to the U.S. Secret Service and the FBI and of notifications made to customers. The record must include, if available, dates of discovery and notification of the breach, a detailed description of the CPNI that was the subject of the breach, and the circumstances of the breach. COLLAB9 must retain the record for a minimum of one year.
DATA BROKERS
COLLAB9 does not sell CPNI information to any third party agents or data brokers.