CPNI Policy
Broadband Customer Proprietary Network Information (CPNI) Policy
Effective March 26, 2019
CPNI Protections
As a User of our telephone services, you have the right, and BrightRidge has a duty, under federal law, to protect the confidentiality of certain types of telephone related services, including: (1) information about the quantity, technical configuration, type, destination, location, and amount of your use of your telephone usage, and (2) information contained on your telephone bill concerning the services that you receive. That information, when matched to your name, address, and telephone number is known as “Customer Proprietary Network Information” or CPNI. Examples of CPNI include information typically available from telephone-related details on your monthly bill, technical information, type of service, current telephone charges, long distance and local service billing records, directory assistance charges, call usage data and calling patterns. CPNI does not include your name, address and telephone number, as this is common publicly available information. CPNI protections do not extend to Internet access services.
Giving Permission
From time to time, BrightRidge would like to use the CPNI information it has access to provide you with information about our communications-related products and services or special promotions. Our use of CPNI may also enhance our ability to offer products and services tailored to your specific needs. Accordingly, we would like your permission so that we may use this CPNI to let you know about communications-related services other than those to which you currently subscribe. IF YOU GIVE THIS PERMISSION, YOU DO NOT HAVE TO TAKE ANY ACTION.
However, you do have the right to restrict our use of your CPNI. YOU MAY DENY OR WITHDRAW BrightRidge’s RIGHT TO USE YOUR CPNI AT ANY TIME BY CALLING 423-952-5000. If you deny or restrict your permission for use your CPNI, you will suffer no effect, now or in the future, on how BrightRidge provides any services to which you subscribe. Any denial or restriction of your permission remains valid until your services are discontinued or you affirmatively revoke or limit such permission.
From time-to-time BrightRidge may want to share your individual CPNI with its independent contractors and joint venture partners in order to provide you with additional or promotional communications-related products and services or special promotions. Prior to sharing your individual CPNI with its independent contractors or joint venture partners BrightRidge will obtain written permission from you to do so.
Customer Authentication
Federal privacy rules require BrightRidge establish a CPNI password/PIN and two Security Questions to authenticate the identity of its customer prior to disclosing CPNI. CPNI password/PIN and Security Questions will Billing and collections Administration Surveys be established at account creation. Customers calling BrightRidge can discuss their services and billings with a BrightRidge representative once that representative has verified the caller’s identity. There are three methods by which we will conduct customer authentication:
• by having the Customer provide a pre-established password and/or PIN;
• by calling the Customer back at the telephone number associated with the services purchased; or
• by mailing, if applicable, the requested documents to the Customer’s address of record.
Passwords and/or PINs may not be any portion of the Customer’s social security number, family relations (mother’s maiden name, etc.), telephone number associated with the Customer’s account or any pet name. In the event the Customer fails to remember their password and/or PIN, the BrightRidge representative will ask the Customer a series of questions known only to the Customer and BrightRidge, i.e. Security Questions in order to authenticate the Customer. In such an instance, the Customer will then establish a new password/PIN associated with their account.
Notifications of Certain Account Changes
BrightRidge will be notifying Customers of certain account changes. For example, whenever an online account is created or changed, or a password or other form of authentication (such as a “security question and answer”) is created or changed, BrightRidge will notify the account holder by either the E-mail address that they provided or by mailing the notification to their address of record. Additionally, after an account has been established, when a customer’s address (whether postal or E-mail) changes or is added to an account, BrightRidge will also send a notification.
Disclosure of CPNI
BrightRidge may disclose CPNI in the following circumstances:
• When the Customer has provided permission for the use of their CPNI;
• When disclosure is required by law or court order;
• To protect the rights and property of BrightRidge or to protect Customers and other carriers from fraudulent, abusive, or unlawful use of services;
• When a carrier requests to know whether a Customer has a preferred interexchange carrier (PIC) freeze on their account; or
• For directory listing services to be provided.
• To provide the services to the Customer, including Customer reported trouble management.
• To bill the Customer for services.
Protecting CPNI
BrightRidge uses numerous methods to protect your CPNI. All BrightRidge employees are trained on the how CPNI is to be protected and when it may or may not be disclosed.
BrightRidge maintains records of its own and its joint venture partners and/or independent contractors (if applicable) sales and marketing campaigns that utilize Customer CPNI. Included in this, is a description of the specific CPNI that was used in the sales or marketing campaign. We also maintain records of all instances in which CPNI is disclosed to third parties or where third parties were allowed access to Customer CPNI. Maintenance of records is in accordance with our Records Retention Policy.
BrightRidge will not release CPNI during customer initiated contact without first authenticating the Customer’s identity in the manner set-forth herein. Violation of this CPNI policy by any BrightRidge employee will result in disciplinary action as set-forth in the BrightRidge Employee Manual.
Breach of CPNI Protections
In the event BrightRidge experiences a privacy breach and CPNI is disclosed to unauthorized persons, Federal rules require BrightRidge to report such breaches to law enforcement. Specifically, BrightRidge will notify law enforcement no later than seven (7) business days after a reasonable determination that such breach has occurred by sending electronic notification through a central reporting facility to the United States Secret Service and the FBI. A link to the reporting facility can be found at: https://www.cpnireporting.gov. BrightRidge cannot inform its Customers of the CPNI breach until at least seven (7) days after notification has been sent to law enforcement, unless the law enforcement agent instructs the carrier to postpone disclosure pending investigation. Additionally, BrightRidge is required to maintain records of any discovered breaches, including the date that the breach was discovered, the date carriers notified law enforcement and copies of the notifications to law enforcement, a detailed description of the CPNI breach, including the circumstances of the breach, and law enforcement’s response (if any) to the reported breach. BrightRidge will retain these records for a period of no less than two (2) years.
Notifications of Changes to Our CPNI Policy
BrightRidge reserves the right to modify this CPNI Policy at any time. We will notify you of any material changes via written, electronic, or other means permitted by law, including by posting it on our website (www.brightridge.com). If you find the changes unacceptable, you have the right to cancel the Services. If you continue to use the Services after receiving notice of such changes, we will consider that as your acceptance of the changes.
Rvsd 3/10/2020