WORLDNET TELECOMMUNICATIONS, INC.
STATEMENT OF CPNI USAGE OPERATING PROCEDURES
The CPNI policies and operating procedures of WorldNet Telecommunications, Inc., are designed to ensure compliance with the FCC’s CPNI rules. Such policies and procedures are as follows:
I. CPNI Use
(A) WorldNet may use CPNI to protect its rights and property and to protect our customers and other carriers from fraudulent, abusive or unlawful use of our services.
(B) WorldNet may use CPNI to provide or market service offerings among the
categories of service — local and interexchange — to which the customer already subscribes. If a customer subscribes to only one service category, we will not share the customer’s CPNI without the customer’s consent.
(C) WorldNet may use CPNI derived from our provision of local exchange or interexchange service for the provision of CPE and call answering, voice mail or messaging, voice storage and retrieval services, fax store-and forward, and protocol conversion, without customer approval.
(D) WorldNet does not use CPNI to provide or market service offerings within a category of service to which the customer does not already subscribe without customer approval through an “opt-in mechanism”, discussed below. However, WorldNet may use CPNI to: (a) provide inside wiring installation, maintenance and repair services; and (b) market services formerly known as adjunct-to-basic services when we provide local service. These services include, but are not limited to, speed dialing, computer-provided directory assistance, call monitoring, call tracing, call blocking, call return, repeat dialing, call tracking, call waiting, caller ID, call forwarding, and certain Centrex features.
(E) WorldNet does not use CPNI to identify or track customers that call competing service providers.
II. CPNI Approvals
(A) WorldNet uses an “opt-in” CPNI customer approval mechanism.
(B) WorldNet honors our customers’ approval or disapproval until the customer revokes or limits such approval or disapproval. We maintain all records of customer approvals for at least one year.
III. CPNI Notice Requirements
(A) WorldNet will individually notify and inform each customer of his or her right to restrict the use of its CPNI. This notice may be accompanies by a solicitation of approval. WorldNet shall maintain records of that notification for at least one year. Customers receive bi-annual reminders of this CPNI policy.
(B) WorldNet uses an “opt-in” approval mechanism.
(C) WorldNet’s notifications provide information sufficient to enable our customers to make informed decisions as to whether to permit the use or disclosure of, or access to, their CPNI. WorldNet’s notifications: (a) contain a statement that the customer has a right, and we have a duty, under federal law, to protect the confidentiality of CPNI; (b) specify the types of information that constitute CPNI and the specific entities that will receive CPNI, describe the purposes for which the CPNI will be used, and inform the customer of his or her right to disapprove those uses and deny or withdraw access to CPNI use at any time. With regard to the latter, we indicate that any approval, or disapproval, will remain in effect until the customer affirmatively revokes or limits such approval or denial.
(D) WorldNet advises the customer of the precise steps the customer must take in order to grant or deny access to CPNI, and we clearly state that a denial of approval will not affect the provision of any services to which the customer subscribes. However, we may provide a brief statement, in clear and neutral language, that describes the consequences directly resulting from the lack of access to CPNI. In addition, we may state that the customer’s consent to use his or her CPNI may enhance our ability to offer products and services tailored to meet the customer’s needs.
(E) Our notifications are comprehensible and not misleading and are legible, sufficiently in large type, and placed in an area readily apparent to the customer. Where the notification is in a language other than English, all portions of the notification are in that language.
(F) We do not include in the notification any statement that attempts to encourage a
customer to freeze third-party access to CPNI.
IV. CPNI Safeguards
(A) WorldNet has implemented a system by which the status of a customer’s CPNI approval can be clearly established prior to the use of the CPNI.
(B) WorldNet has trained our personnel as to when they are, and are not, authorized to use CPNI, and has put into place an express disciplinary process in place to deal with employee failures.
(C) WorldNet has implemented a system for maintaining a record of our sales and marketing campaigns that use customers’ CPNI. The record includes a description of each campaign, the specific CPNI that was used in the campaign, and what products and services were offered as part of the campaign. WorldNet retains these records for at least one year.
(D) WorldNet has a supervisory-level employee who oversees all matters relating to CPNI compliance. In addition, a WorldNet officer signs a compliance certificate on an annual basis stating that the officer has personal knowledge that WorldNet has established operating procedures adequate to ensure compliance with applicable CPNI rules. WorldNet will provide a statement accompanying the Certificate that explains our operating procedures and demonstrates compliance with the CPNI rules.
V. Record of Customer Complaints Regarding the Unauthorized Release of CPNI
All customer complaints concerning the unauthorized release of CPNI will are logged and retained for a period of five years. This information is summarized and included with WorldNet’s annual certification to the FCC.
VI. Release of Call Detail Information
A) Customer initiated telephone account access.
Release of any CPNI information requested by the customer via a telephone call is prohibited except when:
1) the information is sent via mail USPS to the customer’s address of record; or
2) WorldNet calls the telephone number of record and disclose the call detail information to the account holder of record.
B) WorldNet will also proceed with routine customer care procedures if the customer can provide all of the call detail information. In these instances, WorldNet will not disclose any call detail other than the information the customer disclosed during that particular contact.
The requesting party must be on the account as a member/responsible party or an Authorized Account Rep (AAR) to access ANY customer account information: The only way to obtain customer account information is by one of the following:
1) Call customer back at the telephone number of record ONLY to speak with the customer or anyone the customer authorizes during that call.
2) If fictitious billing, call the main service number on record or;
3) Mail the requested information to the address of record. (Mail to the previous address in self-serve, if it has been changed within the last 30 days)
4) NO OTHER MEASURES ARE REQUIRED IF ASKING FOR THE TOTAL DUE ON THE ACCOUNT.
5) NO OTHER MEASURES ARE REQUIRED FOR TECHNICAL
SUPPORT OR TROUBLE CALLS. However, IP information will not be released without a verbal authorization from the customer.
VII. On-Line Account Access
A) WorldNet requires an on-line password to protect on-line access to CPM. Passwords will be designed by the customer and will consist of alpha and numeric characters with a maximum length of 13 characters. On-line passwords are not required if the customer chooses to receive call detail information via either of the two methods above.
B) WorldNet will authenticate both new and existing customers seeking on-line access to their CPNI.
C) WorldNet can reinitialize existing passwords for on-line access but will NOT base on-line access on readily available biographical or account information. This procedure will relate to all customer information, not just call detail.
D) On-line access to CPN7II will be blocked after five (5) unsuccessful attempts to log on.
VIII. Notification of Account Changes
A) WorldNet will notify any customer immediately of any account changes including password, customer response to company designed back-up means of authentication, on-line account, address of record, and any other record that may be created or changed. This notification will be through e-mail (if not changed) a voicemail or by USPS mail to the address of record as it was prior to the change.
B) New customers are exempt from this notification at service initiation.
IX. Procedures to Protect Against “Pretexting”
A) Pretexting is the practice of pretending to be a particular customer or other authorized person in order to obtain access to that customer’s call detail or other private communications record. WorldNet has employed the above procedures and safeguards in order to achieve reasonable measures designed to discover and protect against pretexting.
X. Notice of Unauthorized Disclosure of CPNI
A) WorldNet is required by FCC rules to notify law enforcement of any CPNI breaches no later than seven (7) business days after a reasonable determination that a breach has occurred.
B) WorldNet will send an electronic notification through the central reporting facility to the United States Secret Service (USSS) and the Federal Bureau of Investigation (FBI). This notification will include a description of the CPNI that was disclosed, how the breach was discovered, an analysis of the sensitivity of the breached CPNI, and any corrective measures taken to prevent recurrence of such breach.
C) Responsibility to notify USSS and FBI has been assigned to the Director of Marketing or designee.
XI. Notification of CPNI Security Breaches
A) Notification of law enforcement agencies. WorldNet will notify law enforcement of a breach of its customers’ CPNI as stated in this section. WorldNet will not notify any of its customers or disclose the breach publicly, whether voluntarily or under state or local law or these rules, until it has completed the process of notifying law enforcement as required and spelled out below.
B) Limitations. As soon as practicable, but in no event later than seven (7) business days, after reasonable determination of the breach, WorldNet shall electronically notify the United States Secret Service (USSS) and the Federal Bureau of Investigation (FBI) through a central reporting facility. This will be done through the FCC’s link to the reporting facility at http://www.fcc.gov/eb/cptii.
1) Notwithstanding any state law to the contrary, WorldNet shall not notify customers or disclose the breach to the public until 7 full business days have passed after notification to the USSS and the FBI except as in the following:
a) If WorldNet believes that there is an extraordinarily urgent need to notify any class of affected customers sooner than otherwise allowed under the above paragraph of this section, in order to avoid immediate and irreparable harm, it shall so indicate in its notification and may proceed to immediately notify its affected customers only after consultation with the relevant investigating agency. WorldNet shall cooperate with the relevant investigating agency’s request to minimize any adverse effects of such customer notification.
b) If the relevant investigating agency determines that public disclosure or notice to customers would impede or compromise an ongoing or potential criminal investigation or national security, such agency may direct WorldNet not to disclose or notify for an initial period of up to 30 days. Such period may be extended by the agency as reasonably necessary in the judgment of the agency. If such direction is given, the agency shall notify WorldNet when it appears the public disclosure or notice to affected customers will no longer impede or compromise a criminal investigation or national security. The agency shall provide in writing its initial direction to WorldNet, any subsequent extension, and any notification that notice will no longer impede or compromise a criminal investigation or national security and such writing shall be contemporaneously logged on the same reporting facility that contains records of notifications filed by carriers.
C) Customer Notification. After WorldNet has completed the process of notifying law enforcement as listed above, it shall notify its customers of a breach of those customers’ CPNI.
D) Recordkeeping. WorldNet will maintain a record, electronically or in some other manner, of any breaches discovered, notifications made to the USSS and the FBI as defined in the above section of this manual, and all notifications made to customers. This record must include, if available:
1) Dates of discovery and notification.
2) A detailed description of the CPNI that was the subject of the breach.
3) The circumstances of the breach.
4) WorldNet will retain the record for a minimum of 2 years.
E) Supersede. This section does not supersede any statute, regulation, order, or interpretation in any State, except to the extent that such statute, regulation, order, or interpretation is inconsistent with federal law, and then only to the extent of the inconsistency.
XII. Annual Certification
A) WorldNet will certify annually compliance to the CPNI rules. This certification
will be filed with the FCC by March 1 each year and will be made publicly available by request.
B) WorldNet’s annual certification will be signed by an officer as an agent of the Company, stating that he/she has personal knowledge the company has established operating procedures that are adequate to comply with the FCC CPNI rules.
C) In addition to the annual certification, WorldNet will provide an accompanying statement explaining how the company’s procedures ensure the company is or is not in compliance with the FCC’s CPM rules.