|
Southern Montana Telephone Company
Policy & Procedure
Subject: PRIVACY & CPNI
POLICY: It is the policy of Southern Montana Telephone Company to maintain privacy for all subscribers and to ensure that all SMTC and regulatory agency guided standards are met. This includes the protections of Customer Proprietary Network Information (CPNI) as set forth in the FCC.
PURPOSE: This policy is a public policy available to SMTC administration and staff, SMTC subscribers, and any vendors or third-party service providers to guide the process SMTC uses to collect, use, and protect subscriber information.
Section I PRIVACY POLICY
Section II CPNI POLICY
I. PRIVACY POLICY
When a subscriber establishes an account for services, a variety of information is required to create a service relationship. Personal information such as name, address, telephone number, in addition to social security and driver’s license information may be required for billing and payment purposes. SMTC may also collect information about service options or long distance selections. If a subscriber rents the residence where service is requested, SMTC may require landlord consent or information to install facilities or services. SMTC may also collect protected information when subscribers’ ask for support, have questions about a bill, respond to survey’s or emails, engage in conversations, register for information, or participate in promotions or contests. In addition, SMTC may combine subscribers’ personal information collected as a part of regular business operations with personal information obtained for marketing purposes ( See subscriber’s right to limit or restrict uses of personal information in Policy Section II - CPNI Policy).
A. Use of Personal Information - SMTC is authorized to collect the personal information necessary to provide services.
SMTC is prohibited from collecting subscribers’ personal information for any other purpose without your consent.
SMTC considers the personal information contained in our business records to be confidential; however, SMTC is authorized to disclose personal information for three general purposes:
-
We may be required by law or legal process to disclose information to law enforcement personnel or to other parties in connection with litigation.
-
We may disclose the names and addresses of subscribers for business related purposes.
-Transmission of name/telephone number displayed on Caller ID
-Subscriber name/address/telephone number for public safety/E911 database services
-Subscriber name/address/telephone number to unaffiliated directory publishers and directory assistance providers for calling directories and directory assistance services.
-Personal information is occasionally used by SMTC and our affiliates for internal business purposes, as well as to outside auditors, professional advisors and service partners, and regulators.
-
We may disclose information necessary to provide your services.
The use of personal information includes, but is not limited to, the following examples:
-
provide subscriber services;
-
customize subscriber services;
-
configure-service related devices;
-
account security;
-
bill for subscriber services;
-
provide subscriber service and support;
-
manage the network supporting subscriber services;
-
make subscribers aware of new products or services that may be of interest;
-
service improvements;
-
detect use or abuse of subscriber services; and
-
compliance with policies or terms of service.
B. Information Collected During Use of Service - When subscribers use services, SMTC transmits information in order to provide subscriber services. Originating and terminating call data, such as the times, long distance providers used, and duration of calls is stored for billing services.
We may contract with third-party providers to provide specific services and features for subscriber services. If third-party providers use any personal information, they will collect, disclose, and protect personal information in accordance with the practices stated herein.
1. SMTC Communications - On a routine basis and in the normal scope of business operations, SMTC will communicate with subscribers in a variety of ways.
2. Special Offers &Updates - Subscribers may receive information from SMTC via U.S. mail, e-mail, and other means in an effort to provide service related announcements and information on SMTC services that may be of interest (See Do Not Call/Do Not Mail section below).
3. Customer Service - SMTC may regularly communicate with subscribers to provide requested services and support for questions and issues relating to a subscriber’s account.
4. Do Not Call/Do Not Mail Lists - SMTC is authorized to use subscriber contact information to place telephone calls or to sent print literature for marketing or promotional purposes. Subscribers may, at any time, put their name on the SMTC “Do Not Call” or “Do Not Mail” lists so that they do not receive promotional calls or mail. ( See subscriber’s right to limit or restrict uses of personal information in Policy Section - CPNI )
5. SMTC Website - The SMTC website is a regularly updated communication tool. SMTC may include within the website links to other websites or information sources. SMTC is not responsible for the privacy practices of linked sites.
C. Security - SMTC follows industry-standard practices to protect subscribers’ personal information from unauthorized access.
D. Correcting and Accessing Information - Subscribers may examine and copy personal information we collect and maintain upon reasonable notice during regular business hours. We may be unable to provide certain records without a subpoena, court order, or search warrant. SMTC reserves the right to charge a fee for the production of any documents.
Information is corrected on a going-forward basis when personal information we have collected is inaccurate. It is not possible for SMTC to correct information appearing in vendor directory lists until the next available publication of those directory lists. Further, SMTC has no control over information appearing in the directory lists or directory assistance services of directory publishers or directory assistance providers not affiliated with SMTC.
E. Retention of Information - SMTC maintains subscriber information in our regular business records while subscribers are active and for a period of time after. The time period information is kept is based on typical business, legal or regulatory requirements. If there are no pending requests, orders, or court orders for access to this data, we may destroy the information after it is no longer necessary.
II CUSTOMER PROPRIETARY NETWORK INFORMATION (CPNI) POLICY
SMTC is committed to maintaining subscriber privacy. In addition to protecting personal information, SMTC is obliged to give additional protections to certain information about which displays how subscribers use their services. This information is known as Customer Proprietary Network Information or CPNI.
A. Definition of CPNI - CPNI is the information about the quantity, technical configuration, type, destination, location, and the amount of subscriber use. It is also information contained on a subscriber telephone bill concerning the services subscribers’ receive. That information when matched with a subscriber’s name, address, and telephone number is known as “Customer Proprietary Network Information”, or “CPNI”. Examples of CPNI are:
-
information a telecommunications provider has as a result of providing service to a subscriber;
-
type of service purchased by a subscriber;
-
providers selected or used by a subscriber;
-
information appearing on the subscriber’s bill;
-
who a subscriber calls, where they call, when they call, or how much they call;
-
how much a subscriber uses their services; and
-
how a subscriber uses their services.
CPNI is not:
-
a customers name, address or telephone number (when used in phone books and directory listings/publishing services);
-
aggregate information, or data that is lumped together and is not specific to a single customer – reports containing total counts, number of subscribers selecting various long distance carriers, etc.; and
-
customer premise equipment, internet access or related data, or voice mail information.
-
Subscribers receiving services with SMTC have a right, and SMTC has a duty, under federal law to protect the confidentiality of subscriber CPNI. Unless approval is obtained, SMTC may not use CPNI to market products and services to subscribers other than for the services a subscriber currently purchases.
B. Authentication Requirements - Following the FCC amendments to CPNI regulation on August 2, 2007, SMTC will utilize new authentication methods to establish subscriber identity. Customers of SMTC must be authenticated prior to releasing any CPNI in one of the following three methods:
-
Subscribers may provide a pre-established password
-
SMTC may call the subscriber back at the telephone number associated with the services purchased
-
SMTC may mail the records to the address of record
-
SMTC is prohibited from releasing call detail information during customer initiated conversations without a verification method to identify the customer of record.
-
Passwords and/or PIN numbers will be provided to subscribers for security purposes. They must not be social security numbers, mother’s maiden name, amount of the last bill or pet’s names. Back-up authentication is accepted ;however, if a subscriber fails to provide the correct password and/or back-up response, they must be re-authenticated prior to gaining online access.
C. When Can SMTC Disclose CPNI
-
When the subscriber has been properly identified using an accepted method to verify identity
-
When the subscriber has approved use of their CPNI for sales and marketing efforts
-
When disclosure is required by court order or law
-
When the subscriber provides oral, written or electronic authorization to disclose their information to another individual. Proof of authorization must be retained on the customer’s account for a period of at least one year.
-
To protect the rights, property of SMTC, or to protect subscribers and other carriers from fraudulent, abusive, or unlawful use of services
-
When a carrier request to know if the customer has a preferred carrier (PIC) freeze
-
For all directory listing services
-
To provide the services purchased by the customer
-
To bill the customer for services purchased
-
To assist the customer with troubles associated with their troubles
D. Use Approval for CPNI - The use of CPNI enhances the ability of SMTC to offer products and services tailored to a subscriber’s specific needs; this could include any communications products and services or special promotions.
SMTC will send out notices once every two years explaining subscriber rights related to CPNI; this will include directions for subscribers to restrict CPNI use. If a subscriber denies or restricts the use of CPNI, the restriction remains in effect until services are discontinued or the subscriber affirmatively revokes the request.
Unless a subscriber contacts SMTC and restricts the use of CPNI, it is the policy of SMTC to assume that all subscribers approve the use of CPNI.
E. Protecting CPNI - SMTC uses numerous methods to protect subscriber CPNI. This process begins with software enhancements which display whether or not a subscriber has approved the use of their CPNI. Other ways SMTC protects CPNI are as follows:
-
Access into SMTC buildings and facilities is limited
-
Subscriber account information access is restricted to authorized personnel
-
Subscriber accounts are limited to the authorized customer with passwords or other information used to verify identity
-
Subscriber correspondence and information is shredded
-
Training for all SMTC staff is held on an annual basis and during orientation for new hires
-
Marketing campaigns are reviewed for CPNI
-
Vendors with access to proprietary information must sign non-disclosure agreements and have the ability to keep CPNI secure
|
