CPNI Policy
Click here to go back.
Policy No. 2305
CPNI Policy (Customer Proprietary Network Information)
Policy Statement: RIVR Tech is committed to safeguarding the privacy and security of our customers’ Customer Proprietary Network Information (CPNI) in compliance with applicable laws and regulations regulated by the FCC. This policy outlines the guidelines and procedures that govern the collection, use, disclosure, and protection of CPNI data within RIVR Tech’s operations as an Internet Service Provider (ISP).
1. Purpose: This policy aims to establish the practices, responsibilities, and procedures that RIVR Tech enforces to ensure the secure handling and protection of CPNI data of our customers.
2. Scope: This policy applies to all Lumbee River EMC employees working with RIVR Tech, contractors, and any third-party personnel who have access to CPNI data while performing their job duties or providing services on behalf of RIVR Tech as an ISP.
3. Definitions:
CPNI – Customer Proprietary Network Information refers to the information generated by a customer’s use of RIVR Tech’s internet services, including but not limited to browsing history, IP addresses, data usage, and service-specific information. Personally Identifiable Information (PII) – Refers to any information that can be used to identify an individual customer, including but not limited to name, address, phone number, and email address.
4. Responsibilities:
The management and senior leadership of LREMC/RIVR Tech are responsible for establishing and implementing this CPNI policy. They must ensure that all personnel are aware of their responsibilities and are trained appropriately to comply. All employees must adhere to this CPNI policy and take measures to protect CPNI data in their custody or within the systems they access. They must report any suspected CPNI violations or incidents promptly to the designated department or privacy officer.
5. Collection and Use of CPNI: RIVR Tech may collect CPNI during the provision of internet services to customers. The collection and use of CPNI will be limited to what is necessary for lawful business activities such as providing and improving service, troubleshooting, network management, and regulatory compliance. CPNI may only be accessed, used, or disclosed by authorized personnel for legitimate business purposes and in compliance with applicable laws, regulations, and customer consent. RIVR Tech will obtain prior written or electronic consent from customers before using CPNI for marketing purposes or disclosing CPNI to third parties for any marketing-related activities.
6. Data Security and Confidentiality: RIVR Tech will implement appropriate security measures to protect CPNI data from unauthorized access, use, or disclosure. These measures may include physical, technical, and administrative safeguards. Access to CPNI data will be restricted to authorized personnel who need the information to perform their job duties. Access controls, unique user IDs, and strong authentication mechanisms should be employed to ensure data security. Employees shall not disclose CPNI data to unauthorized individuals or use it for any purpose other than as required for their job responsibilities. Data encryption, secure transmission protocols, firewalls, intrusion detection systems, and regular security audits will be implemented to maintain the integrity and confidentiality of CPNI data.
7. Transparency and Customer Awareness: RIVR Tech will provide customers with a clear and concise privacy notice that explains its CPNI policies, the type of data collected, how it is used, and the rights of customers regarding their CPNI. Customers will be informed about their ability to opt-out of certain uses of their CPNI, as well as their rights to access and correct their CPNI data. RIVR Tech will periodically educate and raise awareness among its customers about their rights and privacy options regarding their CPNI.
8. Compliance Monitoring and Reporting: RIVR Tech will conduct regular internal audits and assessments to ensure compliance with this policy and relevant laws and regulations. Any violations or incidents involving CPNI must be promptly reported to the designated department or privacy officer. Investigations and resolving CPNI breaches or suspected violations will be conducted in a timely manner, with appropriate disciplinary action taken if necessary.
9. Policy Review and Updates:
This CPNI policy will be reviewed periodically to ensure its continued effectiveness and compliance with applicable laws and regulations. Updates shall be made as needed with the approval of the management team.
10. Policy Acknowledgment:
All RIVR Tech employees, contractors, and third-party personnel who have access to CPNI data must review and acknowledge their understanding and compliance with this policy.
Responsibility:
All employees are responsible for abiding by the provisions of this policy.
The President & CEO is responsible for the administration and enforcement of this policy.
The Board of Directors shall be responsible for any change or revision to this policy.
Adopted: Minutes of November 21, 2023
Approved: Elaine O. Chavis, Secretary