Papatel, Inc.

232 Poinciana Drive

Sunny Isles Beach

Marlene H. Dortch, Secretary

FL 33160-0000

Federal Communications Commission 445 l l th Street, SW Washington, DC 20554

RE: Certification of Compliance with Rule 64.1801

Dear Ms. Dortch:

Papatel, Inc. , FRN

February 25, 2016

with the geographic rate averaging and rate integration requirements of Commission Rule 64.1801 (47 C.F.R. § 64.1801).

I hereby verify that I am an officer of Papatel, Inc. am authorized to make this certification on its behalf, and that the foregoing certification is true, complete, and correct to the best of my knowledge. I declare under penalty of perjury under the laws of the United States that the foregoing is true and correct.

Signarure: � ())_

Print Name: E\..)lv1���

Title: C--c::-u ���.;;_:=-��������

0017825092

Federal Communications Commission Page Two

I, � � 9.?A::::t :t.. \ GED(Print Name and Title)

of Papatel, lnc. certify that I am an officer of the company named above, and acting as an agent of the company, that l have personal knowledge that the company has established operating procedures that are adequate to ensure compliance with the Commission's CPNl rules. See 47 C.F.R § 64.2001 et seq.

Attached to this certification as Exhibit "A" is an accompanying statement explaining how Papatel, Inc. procedures ensure that the company is in compliance with the requirements set forth in Section 64.2001 et seq. of the Commission's rules.

FCC Annual Filmg

Federal Communication Commission Page Three

Annual 47 C.F.R. § 64.2009(e) CPNI Certification

EB Docket 06-36

Papatel, lnc. has not taken any actions (proceedings instituted or petitions filed by a company at either state commissions, the court system, or at the Commission against data brokers) against data brokers in the past year. Companies must report on any infonnation that they have with respect to the processes pretexters are using to attempt to access CPNr, and what steps companies are taking to protect CPNJ.

Papatel, Inc. has not received any customer complaints in the past year concerning the unauthorized release of CPN1 ( number of customer complaints a company has received related to unauthorized access to CPNI, or unathorized disclosure ofCPNl, broken down by category or complaint, e.g., instances of improper access by employees, instances of improper disclosure to individuals not authorized to receive the information, or instances of improper access to online infonnation by individuals not authorized to view the infonnation).

Signature:��

Print Name: �� 2>4 t:;L

Title: Cq: D

Annual 47 C.F.R § 64.2009{e) CPNI Certification

EB Docket 06-36

Exhibit A

Papatel, Inc.

Compliance Requirements

Papatel, Inc.

232 Poinciana Drive Sunny Isles Beach FL 33160-0000

Compliance Requirements

Papatel, Inc. ("Companyj maintains the following operating procedures to

ensure compliance with the requirements set forth in Section 64.2001 e1 seq. of the Commission's rules.

Section 64.2005 Use of customer propridllry network information widlout customer

approval

(a} Any telecommun1cat1ons earner may use, disclose. or permit access to CPNI for the purpose of

providing or marketing service olferin� among the categories of scrvice (i.e� local. lntere:<change, and

CMRS) IO which the cusiomcr already subscribes from lhesame carrier, without customer approval.

( l) If a telecommunications carrier provides different categories of service, and a customer

subscribes 10 more than one category of service offered by the carrier, the carrier is permitted to share

CPNI among the carrier's affiliated cnoues that provide a service offering to the customer.

(2) If a telecommunicarions carrier provides different categories of service, but a cusiomer does

not subscribe to more than one offering by the carrier, the earner 1s not pemuned to share CPNl with its

affiliates, except as provided in § 64.2007(b).

(b) A telecommunications carrier may not use, disclose, or permit access to CPNI to market to a

cuslOmef service offcnn� that are within a category of service to which the subscriber does not already

subscribe from that carrier, unless that carrier has customer approval to do so, except as described in

paragraph(c ) oflhis section.

(I) A wueless provider may use. disclose or penmt access to CPNI denved from its provision of

CMRS, wilhou1 customer approval, for the provision ofCPE and information service(s). A wireline carrier

may use. disclose or pennit access to CPNI derived from its provision of local exchllJlge sen,ice or

interexchange service. withou1 customer approval, for the provision ofCPB and call answering, voice mail

or messaging, voice storage and retrieval services, fax store and forward protocol conversion.

(2) A telecommunica11ons carrier may no1 use. disclose, or permit access 10 CPNI to identify or

track customers tha1 call compe1ing service providers. For example, a local exchange carrier may not use

local service CPNJ to crack all cus1omers that call local service competitors.

(c) A telecommunications carrier may use. disclose, or permit access 10 CPNl, without customer

approval, as described Ill this paragraph (c ).

(I) A telecommunications carrier may use, disclose, or permit access to CPNL without cus1oroer

approval, in its provision of inside wiring installaoon, maintenance, and repair services.

(2) CMRS providers may use, disclose, or p.:rrrul access lo CCPNI for the purpose of conducting

research on the health effects of CMRS.

(3) LECs, CMRS providers. and interconnecu:d VoCP providers may use CPNI, without customer

approval. to market services formerly known as adjunct-to-basic services. such as, but 001 limited to, speed

dialing. computer-provided directory assistance. call monitoring. call tracing call blocking, call return,

repeat dialing, call tracking. call waiting, caller I.D., call forwarding. and cenain Centrex features.

(d) A telecommunications carrier may use, disclose, or penmt access to CPNI 10 protect the rights

or propeny of the carrier. or to protect users of those services and other carriers from fradulcnt, abusive, or

unlawful use of, or subscription lo, such services.

77,e Company has adopted specific C PN I policies to ensure that, in the absence of customer approval,

CPNI is only used t,y the Company to provide or market service offerings among the caJegories of

service (i.e., local interexchonge, and CMRS) to which the cwtomer already subscribes. The

Company's CPNT policies prohibit the sharing o/CPNI with affiliaJed companies. except os permitted

under Rule 64.2005(a)(I) or with customer appro,,a/ p11rsuant to Rule 64.2007(b). The only exceptions 10 these policies are as permiued under 47 U.S..C § 222(d) and Rule 64.2005.

Section 64.2007 Approv1l �uired for ow of customer proprietary network infomt1tion.

(a) A telecommunications carrier may obtain approval through written, oral or electronic

methods.

(l) A telecommunications carrier relying on oral approval shall bear the burden of demonstrating

that such approval has been given in compliance with the Commission's rules in this part.

(2) Approval or disapproval to use, disclose, or permit access to a customer's CPNI obtained by a

telecommunicallons carrier must remain in effect until the customer revokes or Limits such approval or

disapproval.

(3) A telecommunications earner must mainuiin records of approval. whether oral, •written, or

electronic, for at least one year.

In all circumstant2S wht!rt! o.s/omn appro�'DI is requirt!d to USI!, disclost! or permiJ access to CPNI, the Company's CPNJ polldt!S requfrt! that lht! Company obtain CllSlorrur approval through writtor, oral or

elt!dronic methods in compliance with Rule 6'.20()7. A customer's approval or disapproval remains in

efft!ct unJi/ th.e a1stomer revokes or limits the approval or disapproval Thi! Company maintains records of cuslomer approval (whether wrltt01, oral or der:tonic) for a mininu�m of one year.

(b) use of Opt-Ow and Opt-In Approval Procu.ses. A telecommunications carrier may, subject

to opt-out approval or opt-in approval, disclose ns custOITICl's individually idenufiable CPNI for the purpose of

marketing communications-related services to tbal customer A telecommunications carrier may, subject to

opt-out approval or opt-in approval, disclose its customer's individually identifiable CPNL for the purpose

of marketing communications-related services to that customer, to ,ts agents and its affiliates that provide

communications.r'elated savices. A telecommunications carrier may also permit such peiwn or eotiues 10

obtain access to such CPNI for such purposes. Except for use and disclosure ofCPNl that is permitted

withoot customer approval under section§ 64.2005, or that is described in Ibis paragraph, or as otherwise

provided in section 222 of the Communications Act of 1934, as amended. a telecommunications carrier

may only use, disclose, or permit access 10 its customei's individually identifiable CPNI subject to opt-in

approval.

The Company does not use CPNT for any purpose (including marketing comnumlcations-rdaud

suvlca) and does not disclose or grant access to CPNI to any party (mcluding to agt!llts or afJlllml!S tltaJ provide commm,iclllions-rdated servica), t!Xllpl as permitld under 47 U.S.C § 222(d) and Rule

M.2005.

2

Section 64.2008 Notice mJUil'til for use or ca<1tomer proprietary network irlformalion.

(a) NoJification. Generally. (I) Pnor to any solicitation for customer approval. a telecommunications carrier must provide notification LO the customcr or the customer's right to restrict use of, disclose of, and access 10 that customer's CPNI.

(2) 11. lelec:ommumcauons carrier must maintain records ofno1dication, whether oral. written, orelectronic, for at least one year

(b) Individual notice to customers must be provided when sobcitmg approval tO use, disclose. orpermit access t0 customers' CPNl

(c) ContenJ of Notice. Customer notifiication must provide sufficient informatJon to enable thecustomer to make an informed decision as to whether to permit a carrier- to use, disclose, or per-mil access

10, the c�'tomer's CPNI.

(I) The notification must state that the customer- has a right, and the carrier has a duty, under

federal law, to protect the confideouality orCPNI.

(2) The notification must specify the types of informauon that constitute CPNI and the specificentities that will receive the CPNl, descnbe the purpo5eS for which CPNJ will be used, and inform the customer of his or her right 10 disapprove those uses. and deny or withdraw access 10 CPNJ at any lime.

(3) The notificauon must advise the customer of lhe percise steps the customer must fllkc m order to grant or deny access to CPNl, and must clearly state I.hat a denial of approval will not affect the provision of any services 10 which the customer subscribes. However, camers may provide a bnef �IJltemcnt, m a clear and neutral language, describing conrequences directly resulting from the lack of access to CPNI.

(4) The notification must be comprehensible and must not be misleading.

(5) tr wrinen notification is provided, the no1ice must be clearly legible, use sufficiently large

type. and be placed in an area so as to be readily apparent to a customer.

(6) lfany portion ofa notification is translated into another language, then all portions of the notification must be translated mto that language.

(7) A carrier may state in lbe norifK:ation lhat the customer's approval to use CPNI may enhance the carrier's ability to offer products and services tailored to the customer's needs. A earner also may srate in the notificatton lhat it may be compelled to disclose CPNl to any person upon affirmative written request by the customer.

(8) A carrrier may not include m the notificauon any statement attemptmg to encourage a customer to freeze tlurd-party access LO CPNL

(9) The notification must state that any approval, or denial or approval for the use of CPNJoutside of the service to which the customer already subscribes from that carrier is valid until the customer

affirmatively revokes or limits such approval or denial.

( I 0) A 1elecommumca1ions carrier's sobcnauon for approval must be proximate to the

notification of a cusomer's CPNJ rights.

The Company's CPNI policies require thaJ cu.stQmus 1H nmified of their righJs, and the Company's

obligaJions, with rapi!el to CPNI prior to turJ solldtaJio11for customer appruval All required customer

notices (whether writ/en, oral or electronic) comply with the requirements of Rule 61.2008. The

3

Company mainJalns rtc()rr/s of all rtqulred customer notices (wheather wrinm, oral or eledronfc) for a

minimum of one year.

(d) Notice Requrremenu Specific to Op,-0,11. A telecomumcations carrier must provide

notification 10 obtain opt--Out approval through electronicor written methods, but not by oral

communication (except as provided in paragraph (I) of this section). The contents of any such noulication

must comply with the requirements of paragraph (c) of this section.

(I) Carriers must wait a 30-<lay minimum period of time after giving customers notice and an

opportunity to opt-<>Ut before asswning customer approval to use, disclose. or permit access to CPNl A

carrier may, in its discretion. provide for a longer period. Caniers must notify customers as to the

applicable waiting period for a response before approval tS assumed.

(i) ln the case of an electronic fom, of notification, the waiting period shall begin to run from the

date on which the notification was sent; and

(ii) ln the case of notification by mail. the waiting period shall begin to run on the third day

following the date that the notification was mailed.

(2) Carriers using the opt-<>Ut mechanism must provide notices to their cuslOlllerS every two

years.

(3) Telecommunications carriers that use e-mail to provide opt-out notices must comply with the

following requirements in addition to the requirements generally applicable to notification:

(i) Carriers must obtain express. verifiable. prior approval from consumers to send notices via e-mail regarding their service in general. or CPNl in particular,

opt--0ut

(ii) Carriers must allow customers to reply directly io 1>-mails containing CPNI notices in order Lo

(iii) Opt-out e-mail notices that are returned to the carrier as undeliverable must be sent to the

customer m another fonn before carriers nay consider the customer to have received notice:

(iv) Carri= that use e-mail lo send CPNI notices must ensure lhat the subject line of the message

clearly and accurately identifies the subject matter of the e-mail: and

(v) Telecommunica11ons carriers must make available to every customer a medlod to opt-out that

is of no additional cost to the customer and that is available 24 hours a day, seven days a week. Carriers

may satisfy this requirement through a combination of methods, so long as all customers have the ability to

opt--0ut at no cost and are able to effectuate that choice whenever they choose.

Thi! Cq,rrpany dOl!S nqf currently solicit "opt quJ" customer approval for IM TISI! qr dlsd<lSUTI! of CPNI,

The Company does not use CPNI for any purposa (induding marketing comnunricatlons-relaJed

services) and does not disclose or gnurt accesy to CPNI to an, party (including to agents or affiliatts thal

provide c.omnuutfcatlons-re/ated sen.ices), l!XCl!pf as pennittl!J/ under '7 U.S.C § 12l(d) atrd Rule

64.1005.

(e) Nqtice Requfremen1s Specific to Opt-In. A telecommunications carrier may provule

notification to obtain opt-in approval through oral, written. or elecLTonic methods. The contents of any such

notification must comply with the requirements of paragraph (c) of this section.

The CDffl/Hlll1 dots not aurenl/y solidi 'opt-in" CllSIOmtr approval for the use qr disclosure of CPNT.

The Company dOl!S not use, dislclOSl! or grant acca$ lo CPNI for ant purpqse, to any party or In any

manntr thaJ would require a customer's "opt In" approval undtr tht Commissi'1n's CPNI Rules.

4

(I) NO/ice Req111rem.ents Specific to One-Time Use ofCPNI. (I) Carriers use oral nouce to

obtian limited. one-time use of CPNl for inbound and outbound customer contacts for the

duralton of the call, regardless of whether carriers use opt-out or opt-in approval based on the nature of the

contacL

(2) lbe contents of any such nooficauon must comply with the requirements of paragraph (c) of

this section, except that telecommunications carriers may omit any of the following notice provisions if not

relevant l() the limited use for which the earner seeks CP1'll:

(i) Carriers need not advise customers tha1 if they have opted-out previously, no action is needed

to maintain the opt-out elecuon.

(ii) Carriers need oot advise customers that they may share CPNl with their affiliates or third

parties and need not any those entities, if the limited CPNJ usage will not result in use by, or disclosure

to, an affiliate or third party;

(iii) Carriers need not disclose the means by which a customer can deny or withdraw future sccess

to CPN.l, so long as carriers explain to customers that lhescope of lhe approval the canier seeks is limited

to one-time use aod;

(iv) Carriers may omit disclosure of the precise slepS a customer must take in order to gamt or

deny access to CPN I, as long as the carrier clearly communicates tho1 the customer can deny access to his

CPNl for the call.

In Instances where the Company sulcs one-time cuslomer approval for the use or dlsclosure of CPNI,

the Company obtains such approval in accordance with the disclosuns, mdltods and Tt!qulrUl'fQIJs

contained In Rllle 2008(/).

Sttion 64.2009 Safeguards required for use of customer propritary aeht'ork i11formatlon.

(a) Telecommumcauons earners must 1mplemett a system by which the status of a customer's

CPNI approval can be clearly es1ablisbed pnor to the useofCPNL

The Compnay's billing system allows authorized company personnel to easily determine the slatus of a

customer's CPNJ approval on the customLr account sctror prior to the u.se or disclosure ofCPNI.

(b) Telecommunications carricrs must tram their personncl as to wheu tbay are and are not

authori:red to use CPNI, and carriers must have an express disciplinary process in place.

The Company has established CPNI c:ompllan« pofica that include employu training on restric:Jions

on the use and disclosure ofCPNI and required safeguards to protea against unauthorlud use or

dlsclasure ofCPNL Employees have signed that they unde�tand the CPNI policies and a violation of

those po/ides will result in d/sdplinary action.

(c) All carriers shall maintain a record, eleironically or in some other manner, of their own and

their affil iares' sales and marketing campaigns that use I.heir customers' CPNL All caniers shall maintain a

record of all instances wi1ere CPNI was disclosed or provided to third parties, or where third parues were

allo\\oo access to CPNL The record must include a descnption of each campaign, the specific CPNl that

was used in the campaign, and what products and SCl'Yio:s were offered as a part of the campaign. Carriers

shall retain the record for a mmmmum of one year.

The Company's CPNI policies require that all sales ani marketing campaigns including those utilizing

CPNI be recorded and kept on file for at least one year. Records ore also maintained for disclosure or

access to CPNI by third parties. The records include tht rt!qulred information fisted in Rule 64.2009 {c).

5

(d) Telecommunications carriers must establish a supervisory review process regarding carrier

compliance with the rules in this subpart for out-bound marketing situations and maintain records of carrier

compliance for a minimum period of one year. Specifically, sales personnel must obtain supervisory

approval of any proposed out-bound marketing request for customer approval.

The Company'y CPNI pollcia reqlli� onployees to obt11in approval from the Company'$ CPNI

Compliance Officer for all rrnuketlng campaigns, Including those utilizing CPNI, prior to Initiating thlll

campaign. Record of the marl.ding campaigns, along with the appropralte YUperllisory approval I.,

maintained for at lt!0$1 one year.

(e) A telecommunications carrier must have an officer, as an agent of the carrier, sign and file

with the Commission a compliance cert11icate on an annual bas1s. The officer must stale in tile certification

that he or she has personal knowledge that the company has established operating procedures that are

adequate to ensure compliance with Lhe rules in this subpart. The carrier must provide a statement

accompanying the certificate explaining bow its operating procedures ensure that it is or is not in

compliance with the rules in this subject. In addition. the carrier must include an explaination of any

actions taken against data brokers and a summary of all customer complaints received in the past tear

concerning the authorm..'CI release of CPNI. This filing must be made annually wilh the Enforcement

Bureau on or before March I in EB Docket No. 06-36, for data pertaining to the previous calendar year.

The r�uirt!d officu certlflcatiun actions talcor against data brokers and YUmmary of Cl/Slomer

complaint documenJs are Included with thiN accomanying stateme11l The Company will file th­

documents on an annual basis on or IH!fore March I for data pt!rtaining to the previoUY calendar year.

(I) Carriers must provide written notice within five business days to the Commission of any

instance where the opt-out mechanisms do oot work properly, to such a degree that consumers' inability to

opt-out is more than an anomaly.

(I) The notice shall be in the fonn of a letter, and shall include the carriel's name. a description of

the opt--OUt mecbanism(s) used, the problem(s) experienced, the remedy proposed and when it will be/was

implemented, whether the relevant state commission(s) has been notified and whether rt has taken any

action. a copy of the notice provjded to cust0meis and contact infonnation.

(2) Such notice must be submitted even if the carrier otTers other methods by which consumers

may opt-out.

The Company doa not currt!1f1/y solidi "opt out" cllSJOmer approval for the ,ue or disclosure of CPNJ.

Section 64.20 I 0 S.(eg:u.nh on I.he disdosun of castomer proprietary network iofonnatioe.

(a) Safeguarding CPNI. Telecommunications carriers must take reasonable measures to discover

and protect against attempts to gain unauthorfacd access to CPNI. Telecommunications earners must

properly authenieate a customer prior to dislclosing CPNI based on customer-initiated telephone contact,

on line account access, or an on-store visit.

The CompQJfJ's CPNJ po/odes and onployu tarfrring indude rl!llSonablt! mt!(lfflres to dlscovt!T and

protecJ against activity that Is lndlCllllvt! of prdt!Xling and employees are brslrueud to notify the CPNT

Compliana Offl-= if an:, such aCIJvity ls suspedt!d.

(b) Telephone access to CPNI. Telecommunications carriers may only disclose call detail

information over the telephone, based on customer-initiated telephone contact. if the customer first

provides the carrier with a password, as described m paragraph (e) of this section. that is not prompted by

the carrier asking for readily available biographical information, or account information. If the customer

does not provide a password, the telecomminicatioos earner may only disclose call detail information by

sending it to the customer's address of record, or by calling the customer ai the telephone number of

record. If the customer is able 10 provide call detail information to the telecommunications earner during a

6

custt>mer-initiated call without the telecommunications camel's assistance. then the telecommunications

carrier is permitted to discuss the call delllil information provided by the cllSlomer.

The Company's CPNI pol/des ensure that a 01stomu t's only able to access call detail information over

the tdephont on one of tht ways listed in R.lllt 64.201 O(b). If tht customer amnot remtmber thdr

pOS$Word, they are prompted to answu a security question. /\ieilher the pmsword nor the stcurlty

question OTe based on readily available biographical informaJlon or account information. Customer

service repre.setrJadvts are instruc:Jed to authmicale OlStomers ovu tl,e telephone tn a/11 lmtances except

in the case where the CU.$/omu provides the call detail information withouJ the ilSSlstance of the

Company.

(c) Online access to CPNI. A tclecommumcations earner must authenticate a customer without

the use of readily available biographical informauon, or account information, prior to allowing the

CustoJlli)r onli.oe access to CPNI related to a telecommunications service account. Once authenticated, the

customer may only obtam access lo CPNI related to a telecommunications service account through a

password, as described in paragraph (e) of this section, that is not prompted by the carrier asking for readily

available b1ograph1cal mformatton. or account information.

The company authenticates cunomers without the use of readily wal/able blogn,ph/cal or account lmormatlon prior to

allowing on IICC8SS to CPNI "*'9d to an account Once .uthentJcated. the wston,er may only obC8lrl .:cess ID CPNJ

through • passWOt"d, tha1 Is not prompted by readily twdable biogntphlcal or account�

(d) In Slore access to CPNJ. A telecommunications carrier may disclose CPNI to a customer

who, at a carrier's re1ail location, first presents to the telecommunicanons carrier or its agent a valid photo

ID matching the customer's account information.

(e) &1abhshmen1 of a Password and Back-up AHthemication Methods for Lost or Forgotten

Passwords. To establish a password, a telecommunications earner must authenticare the customer without

the use of readily available biographical information, or account information. Telecommunications carriers

may create a back-up customer authentication method in lhe even1 of a lost or forgotten passm>rd, but such

back-up customer authentication method may not prompt the customer for readily available biographical

infonnation, or account information. If a customer cannot provide the correct passv,.-ord or the correct

response for the back-up customer authentication method, the customer muSl establish a new password as

described m this paragraph

Tht Company's CP/•{f policies allow for a Jtw ways to l!Sf.ablish a password, all of which ensun

compliance will, the abol'I! paragraph. Each method also allows the customer to establish a back-up or

.,ecurlty qutsllon In tht event that the)' forget thdr password. In no evo,t dots the Company use rtadlly

available blograhlcal information or account lnformaJion as a bar.k..up question or as a means to

establish a pa.'iSWord or 11uthmficate the customer.

(f) Not,fica11on of occoum changes. Telecommumcauons carriers must notify customers

immediately whenever a password, customer response to a baclc-up means of authentication for lost or

forgotten passwords. on line account, or address of record is created or changed. This notification is not

required when the customer initiates service. including the selection ofa password at service initianon.

This notification may be through a carrier-originated voicemail or text message to the telephone number of

record or by mail to the address of record, and must not reveal the changed infonnauon or be seal to the

new account information.

The company wlll notify a customer Immediately wtren accoont changes occur, including a password, a response ID a

back-up -s of authentkation, or address of l"flC«d. 7be notJJk:ation will be through • canter-originated IIOlc«ntlB or

tex1 tMSsage a, the flllephoM number of record, or by man ID the address of record, and will not contain the changed

Jnfonrnttioll or be sent to the new account Information.

7

(g) Business Customer Exemption. Telecommunications carriers may bind themselves

contractually to authentication regimes other than those described in this section for seivices they provide

to thc.ir business customer that have both a dedicated ac.count representative and a contract that specif1C81Jy

addresses the carriers' protection of CPNI.

The Company does not utlllZ:e the business � uceptlon llf this time.

Section 64.20 J 1 Notification or customer propriew"y n.etwork laformation security

breaches..

(a) A relecommunications carrier shall notify law enforcement of a breach of its customers' CPNI

as provided in this section. The carrier shall not notify ns customers or disclose the breach publicly,

whether voluntarily or under state or local law or these rules, until it has completed the process of notifying

law enforcement pursuant to paragraph (b).

(b) As soon as practicable, and in no event later than seven (7) business days, after reasonable

derernunation of the breach. the telecommunications carrier shall electronically notify the United States

Secret Service (USSS) and the Federal Bureau of lnvestigalion (FBI) through a central reporting facility.

The Commission will amintain a link to the reporting facilil)' at http://www.fcc.gov/eb/cpni.

(I) Notwithstanding any statc law to the contraJy, the carrier shall not notify customers or

disclose the breach to the public until 7 full business days have passed after notification to the USSS and

the FBI except as provided in paragraphs (2) and (3 ).

(2) If the carrier believes that there is an eXDaordinanly urgent need to notify any class of affected customers sooner than otherwise allowed under paragraph ( l), in order to aviod immediate and irreparable

harm, 1t shall so indicate in its notificallon and may proceed to immediatley notify its affected customers

only after consultation with the relevant investigating agency. The carrier shall cooperate with the relevant

investigatmg agency's request to mirunuze any advCJSe effects of such customer notificatJOn.

(3) If the relevant investigating agency detennines that the public disclosure or notice 10

customers \\Ollld impede or compromise an ongoing or potential cnminal investigation or national security,

such agency may dinx:t the carrier not to so disclose or notify for an initial period of up to 30 days. Such

period may be extended by the agency as reasonable necessary in the judgement of the agency. lf such direction is given, the agency shall notify the carrier wben it appears that public diselosure or notice to

affected customers will no longer impede or compromise a criminal investigation or national security. The

agency shall provide in writing its initial direction to the carrier, any subsequent extension and any

notification that notice will no longer impede or compromise a criminal investigation or national security

and such writings shall be conb:mporaneously logged on the same reporting facility that contains records of

notifications filed by carriers.

(c) Recordkeeping. All carriers shall maintain a record. electronically or in some other manner, of

any breaches discovered, notification made 10 the USSS and the FBl pursuant 10 paragraph (b). and

notification to customers. The record must include, if available, dates of discovery and notification, a

detailed description oflhe CPNl that was the subject of the breach, and the circumstances of the breach.

Carriers shall retain the record for a minimum of2 yems.

The Company 1,as policia IUld procethlra in platt to DISIUe C1Jmpll1Uta w/Ji, RJlle 64.201 J. When ii ts

reasonably determined thlll a breach has oa:u"ed, the CPNI Compliance Officer will notifj, law

enforeconmt and Its CllSWmus In the required timeff'llllles.. A record of the breach will be maintained/or

a mlnlm11m of two years and will include all lnformalilHf required by Rule 64.201 /.

8