8/7/2019 CPNI 20112

1/7

Annua l 47 C.F.R. 8 64.2009(e) CPNI CertificationEB Docket 06-36

Annual 64.2009(e) CPNI Certification for 2010Date filed: Feb 24, 2011N a m e of company covered b y this certification: Novanet, Inc.Form 499 Filer ID: 827358Name of signatory: Shailesh TyagiTitle of s ignatory: CEOI, Shailesh Tyagi, certify that 1 am an officer of the company named above, and actingas an agent of the company, that I have personal knowledge that the company hasestablished operating procedures that are adequate to ensure compliance with theCommission's Customer Proprietary Network Information (CPNI) rules. See 47 C.F.R. 64.2001 etseq.Attached to this certification i s an accompanying statement explaining how thecompany's procedures ensure that the company is in compliance with the requirementss et forth in section 64.2001 et seq, of the Commission's rules.The company has not taken any actions (proceedings in s t i tu t ed or petitions filed by thec o m p a n y with either state commissions, the court s y s t e m , or the Commission) againstda ta brokers in the past year. I acknowledge t ha t companies must report on anyin fo rmat ion that they have with respect to the processes pretexters are using to attemptto access CPNI, and whal steps companies are taking to protect CPNI, and I have nosuch information to report at this time.The company has not received any customer complaints in the past year concerning theunauthorized release of or access to CPNI and I hereby acknowledge t h a t if thecompany does receive any such complaints, i t m u s t provide that information to theC o m m i s s i o n , including the number of customer complaints a company has receivedrelated to u n au t h o r i z e d access to CPNI, or unauthorized disclosure of CPNI, brokendown by category or complaint, e.g., instances of improper access by employees,instances of improper disclosure to individuals not authorized to receive thein fo rmat ion , or instances of improper access to onl ine information b y individuals notau t ho r i zed t o v i e w th e i n f o r m a t i o n .

Shailesh Tyagi, CEO

8/7/2019 CPNI 20112

2/7

Statement Accompanying CPNI CertificateEB Docket No. 06-36

N o v a n e t , Inc . (the "Company") does not use, disclose or permi t access to Customer Propr ietaryN e t w o r k I n f o r m a t i o n ("CPNI") excep t a s permi t t ed o r required by law p u r s u a n t t o 47 U.S.C. 222. The safeguards se t for th in Sec t i ons I an d J below a re f o l l owed by the Co m pan y , a n d , to theex t en t t ha t the Co m pan y f i n ds it necessary to use, disclose o r permi t access to CPNI , theoperat ing procedures in Sect ions A-H below a re observed .A. Definitions. The terms used in this Statement have the same meaning as set forth in 47C.F .R. 64.2003.B. Use of CPNI. It is the Co m pan y ' s po l i cy tha t the Company may use, disclose, or permi taccess to CPNI for the purpose o f providing o r market ing service of fer ings among th e categoriesof service (i.e., local, interexchange, a n d in terconnected VOIP) to which th e cus tomer a l r eadysubscribes from the C o m p a n y , without customer approval .

To the ex t en t t h a t the Co m pan y p r o v i de s dif feren t categor ies o f s e r v i c e , and a cus tomersubsc r ibe s t o m o r e t h an o n e c a t e g o r y o f service of fered by the C o m p a n y , the C o m p a n y m a yshare CPNI a m o n g t h e C o m p a n y ' s aff i l iated en t i t i e s t ha t prov ide a se rv i ce o f f e r i ng t o thec u s t o me r . However , to the ex tent that the Company provides di f ferent categor ies of service, buta customer does not subscribe to more than one offer ing, the Co m pan y does not share CPNI withits affiliates, except by fol lowing the requirements described herein.The C o m p a n y d o e s n o t use , d i sc l o s e , o r permi t access t o C P N I to m a r k e t t o a cus tomer a n yservice o f f e r i n g s t h a t a re w i t h i n a ca t ego r y o f se rv i ce to which the subscr iber does n o t a l r eadysubscribe f rom the Comp an y , un l ess the Com pany has cus tom er approva l t o do so . TheCo m pan y do es n o t use, disclose o r permi t access to CPNI to i den t i fy o r t rack customers that callcompet ing service providers.N o t w i t h s t a n d i n g t he f o rgo ing , i t i s t he Co mpa ny ' s po l icy tha t the Co mpa ny may use , d isc lose , o rpermit access to CPNI t o pro t ec t t he r igh t s o r proper ty o f the Company , o r t o pro t ec t user s o fthose serv ices a n d other carr iers from f r audul en t , a b u s i v e , o r u n l a w f u l use of , o r subscr ip t i on to ,such services.C. Customer Approvals.It i s t he Company ' s po l i cy tha t t he Company may ob t a i n approva l th rough wr i t t en , oral o re lec t ron ic m e t h o d s . The C o m p a n y a c k n o w l e d ge s t h a t i t bears the b u r d e n o f d e m o n s t r a t i n g t h a ta n y o r a l app r o v a l s h av e b een g i v e n in co m pl i an ce wi th the Co m m i ss i o n ' s r u le s . The Co m pan yhono r s a l l approva l s o r d i sapprov a l s t o use , d i sc lose , o r permi t access t o a cus tom er ' s CPN I un t i lt he cus tome r r evokes o r l imi t s such approva l o r d i sapprova l . The Com pany ma in t a i n s r ecords o fapproval , regardless of the form of such approval , for a t l east one year .Opt-Out and Opt - In Approva l Processes. It is the Company's policy t ha t it may, subject to opt-o ut app r o v a l o r o p t - in app r o v a l , use i t s cus tomer ' s i nd iv idua l ly iden t i f i ab l e C P N I for the purposeo f m ar ke t i n g co m m un i ca t i o n s - r e l a t ed s e r v ic e s to t h a t cus t o m er . It is the Co m pan y ' s po l i cy t h a t itm ay , subjec t to opt-out approval or opt- in approval , disclose i t s customer ' s individual lyidentifiable CPNI, for the purpose of market ing communications-related services to that

8/7/2019 CPNI 20112

3/7

customer , to i ts agen ts and its af f i l i a tes t h a t p r o v id e c o m m u n ic a t i o n s - re l a t e d se r v ic e s ; and itsjo in t v e n t u r e p a r t n e r s and independen t contractors who do the s a m e . It is the Company ' s po l icythat i t may a lso perm it su ch persons or ent i t ies to obta in access to such CPNI for such purposes .Except as provided herein , or as otherwise provided in Section 222 of the C o m m u n ic a t i o n s Actof 1934, as amended , the Company only uses, discloses, or permits access to its customers'ind iv idua l ly ident i f iab le CPNI subject to opt- in approval .D . Notice Required For Use Of Customer Proprietary Network Information. It is theC o m p a n y ' s po l i cy tha t p r io r to any sol ic i ta t ion fo r c u s t o m e r a p p ro v a l , not i f ica t ion i s prov ided tothe cus tomer of the cus tomer ' s r ight to res t r ict use of , d isclosure of, and access to that customer 'sCPNI. The Company mainta ins such records of not if ica t ion , whether ora l , wr i t ten or electronic,fo r at least one year . It is the Company 's pol icy tha t indiv idual not ice to cus tomers is providedwhen sol ici t ing approval to use, disclose, or permit access to cus tomers ' CPNI.E . Notice Content Requirements. C o m p a n y n o t i c e s m u s t c o m p l y w i t h th e f o l l o w i n gr e q u i r e m e n t s :1 . Notices must provide suff icient in format ion to enable the cus tomer to make an informeddecis ion as to whether to permit the Company to use, disclose, or permit access to, the cus tomer ' sCPNI.2 . N o t i c e s m u s t s ta te tha t th e c u s t o m e r has a r ight , and the C o m p a n y has a d u t y , under f edera llaw, to protect th e confident ia l i ty of CPNI.3. Not ices must specify th e types of in format ion that cons t i tute CPNI and the specific entit iesthat wil l receive th e CPNI, describe th e purposes fo r which CPNI wil l be used, and in form th ecus tom er of h is or her r ight to disa ppro ve those uses , and deny or wi thd raw access to CPNI a tan y l ime.4. Not ices must advise the cus tomer of the precise s teps the cus tomer must take in order to grantor deny access to CPNI, and must c lear ly s ta te tha t a denia l of approval wil l not affect th eprovis ion of any services to which th e cus tomer subscr ibes .5 . Not ices m us t be comprehens ib l e and mus t no t be m is l ead ing .6. To the ex ten t tha t wr i t t en Not ices ar e p r o v id e d , th e Not ices ar e clear ly leg ib le, use suf f ic ien t lylarge type, and are p lace d in an area so as to be readi ly apparent to a c us tom er .7. If any portion of a Notice is translated into another language, then al l portions of the Noticem u s t be translated into that language.8. The Notice may state that the customer's approval to use CPNI may enhance the Company'sabi l i ty to offer p r o d u c t s and serv ices t a i lored to the cus tomer ' s needs . The Not ice may also statethat the Company may be compe l l ed to disclose C P N I to any person upon af f i rmat ive wri t t enr eques t by the cus tom er .9. Notices may no t include in the not if ica t ion any statement attempting to encourage a cus tomerto f reeze th i rd-p ar ty access to CPNI.

8/7/2019 CPNI 20112

4/7

10. Notices must state that an y approval, or denial of approval for the use of CPNI outside of theservice to which th e customer already subscribes from th e Company is valid until th e customeraffirmatively revoke s or l imits such approv al or denial.11. The Company ' s so l i c i t a t ion fo r approval must be prox imate to the Notice of a customer'sCPNI rights.F. Opt-Out Notice Requirements. It is the Company's policy that Notices to obtain opt-outapproval be given only through electronic or written methods, and not by oral communication(except as provided w ith respect to one-tim e use of CPNI below ).The contents of any such not i f icat ion m u s t comply wi th the Notice Content Requirementsdescribed above .It is the Company's pol icy to wait a 30-day minimum per iod of t ime after giving customersnotice and an opportunity to opt-out before assuming customer approval to use, disclose, orpermit access to CPNI. This 30-day m inim um period is calcula ted as follows: (1) In the case ofan electronic form of noti fica tion , the wait ing period shall begin to run from the date on whichth e Notice was sent ; and (2) In the case of Not ice by mail , th e w ai t ing per iod shal l begin to runon th e third day f o l l o wi ng th e date that th e notification w as mailed . It is the Company's pol icyto notify customers as to the applicable waiting period for a response before approval is assumed.For those instances in which the Company uses the opt-out mechanism, the Company providesnotices to applicable customers every two years.For those ins tances in w hich the Co mp any uses e-mai l to provide opt-ou t not ices , the C ompanyfo l lows the add i t iona l r equ i rements in addit ion to the requirements general ly appl icable tonotification:(1 ) The Company must obtain express, verifiable, prior approval from consumers to send noticesvia e-rnail regard ing their service in general, or CP NI in par t icular ;(2) The Company must a l low customers to reply direct ly to e-mails containing CPNI notices inorder to opt-out;(3) Opt-out e-m ail notices that are returned to the Company as undeliverable must be sent to thecustomer in another form before th e Company considers th e customer to have received notice;(4 ) The subject l ine of the message must clearly and accurately identify the subject matter of thee-mail; and(5) The Company makes avai lable to every customer a method to opt-out that is of no additionalcost to the customer and that is available 24 hours a day, seven days a week.G . Opt-In Notice Requirements. I t i s the Company's policy that Notices to obtain opt-inapproval be given though o ra l , wri t ten , or e lec t ronic methods . The contents of any suchnotification mu st comply with the Not ice C ontent Requ i rem ents desc ribed above .

8/7/2019 CPNI 20112

5/7

H. One-Time Use of CPNI Notice Requirements. The Company may use oral notice to obtainl imited, one-t ime use of CPNI for inbound and outbound customer telephone contacts for thedurat ion of the call. The Co mp any require s that the contents of any such notification mustcomply with th e Notice Content Requirements described above, except that th e Company m ayomit any of the fol lowing notice provisions if not relevant to the limited use for which theCompany seeks CPNI:(1) The requi rement tha t th e Co mp any advise customers tha t if they have opled-out previously ,no action is neede d to maintain the opt-out election;(2) The requirement that the Company advise customers that they may share CPNI with theiraffiliates or third-parties and need not name those entities, if the limited CPNI usage will notresult in use by, or disclosure to, an affiliate or third-party;(3 ) The r equ i r emen t that th e Company d isc lose the m e a n s by w hich a cus tomer can deny orwithdraw future access to CPNI, so long as explanation is g iven to customers that th e scope ofthe approval the Company seeks is l imited to one-tim e use; and(4 ) The Company may omit disclosure of the precise steps a customer must take in order to grantor deny access to CPNI, as long as the Company clearly communicates that the customer candeny access to his CPN I for the call.I. Safeguards Required for th e Use of Cl'Nl. It is the policy of the Company to train itspersonnel as to the circumstances un de r which CPNI m ay, and may not, be used or disclosed. Inaddition, th e Company has established a written disciplinary process in instances where it spersonnel do not comply with established policies. It is the Company's pol icy to require that arecord be maintained of its own and its affiliates' sales and marketing campaigns that use theircustomers ' CPN I. The C om pany ma intain s a record of all instanc es whe re CPNI was d isclosedor provided to other third-part ies , or where th ird-par t ies were allowed to access such CPNI. Therecord includes a descr ip t ion of each campaign , th e specific C P N I that was used in the campaign ,an d what products and services were offered as a part of the campaign. Such records are retainedfo r a min imum of one year .The Company has established a mandatory supervisory review process regarding compliancewith CPNI rules for outbound marketing. Sales personnel must obtain supervisory approval ofany proposed outbound market ing reques t for cus tomer approva l . The Company's pol iciesrequire that records per tain ing to such carr ier compliance be retained for a min imu m period ofone year .In compliance with Section 64.2009(e), the Company will prepare a "compliance certificate"signed by an officer on an annual basis stating that the officer has personal knowledge that theCompany has establ ished operat ing proced ures that are adequate to ens ure compliance with 47C.F.R. 64.2001 el seq. The certif icate is to be accompan ied by this s ta tement an d will be filedin EB Docket No. 06-36 annua l ly on or before March 1, for da ta per ta in ing to the previouscalendar year. Thi s f i l ing wil l include an explanat ion of any actions taken against data brokersan d a summary of all customer complaints received in the past year concerning the unauthorizedrelease of CPNI.

8/7/2019 CPNI 20112

6/7

It is the Company's policy to provide writ ten notice to the FCC wi th in f ive business days of anyinstance where the opt-out mechanisms do not work properly, such that a consumer's inabili ty toopt-out is more t ha n an anomaly. The written notice shall comply with 47 C.F.R. 64.2009(f).J. Safeguards on the Disclosure of CPNI. I t i s the Company ' s policy to take reasonablemeasures to discover and protect agains t a t t empts to gain unau tho rized access to CPNI. TheCompany wil l properly authent ica te a cus tomer pr ior to disclosing CPNI based on customer-init iated telephone contact, online access, or in-store visit, if applicable.K. Notification of CPNI Security Breaches.(1 ) It is the Company ' s po l i cy to no t i fy la w enforcement of a breach in its cus tomers ' CPNI asprovided in this sec t ion. The C o m p a n y will not notify it s cus tomers or disclose the breachpublic ly unt i l i t has completed the process of noti fying la w enforcemen t pursuan t to paragraph(2).(2) As soon as practicable, and in no event later than seven (7) business days after reasonabledeterminat ion of the breach, the C o m p a n y will elec tronical ly notify the United States SecretServices (USSS) and the Federa l Bureau of Inves t i ga t ion (FB I ) t h r o u gh a centra l repor t ingfacili ty.(a) Notwithstanding state law to the contrary, the Company shall not notify customers or discloseth e breach to the public until 7 full business days have passed after notification to the USSS andth e FBI, except as provided in paragraphs (b) and (c).(b) I f the Company bel ieves tha t there is an ext raordinari ly urgen t need to not i fy any class ofaffected cus tomers sooner than otherwise a l lowed under paragraph (a) , in order to avoidimmedia te and irreparable ha r m , it wi l l so indicate in its noti f ica t ion and may proceed toimmediately notify i ts affected customers only after consultation with the relevant investigationagency. The Company will cooperate with the relevant investigating agency's request tominimize any adverse ef fe c ts of such cus tomer noti f ica t ion,(c) I f the re levan t inves t i g a t ing agency de termines tha t pub l ic disclosure or notice to cus tomerwould impede or compromise an ongoing or poten t i a l cr imina l inves t i ga t ion or nat iona l security ,such agency may direct the carrier not to so disclose or not i fy for an ini t ia l period of up to 30days. Such period may be extended by the agency as reasonably necessary in the judgmen t ofth e agency. I f such direction is given, the agency shall notify the carrier when it appears that thepubl ic disclosure or notice to affecte d customers w ill no longer impede or comprom ise a criminalinves t iga t ion or na t iona l securi ty . The agen cy shal l provide in wri t ing it s ini tial direction to thecarrier, any subsequen t ex tens ion , and any not i f ica t ion tha t notice will no longer impede orcompromise a cr iminal inves t iga t ion or na t iona l sec ur i ty and s u c h writ ings shall becontemporaneously logged on the same reporting facility that contains records of notificationsfiled by the Company.(3) Customer Noti f ica t ion. Af ter the Company has not if ied law enforcement pursuant toparagraph (2) , it wil l not i fy it s c u s t o m er s of breach of those cus tomers ' CPNI.(4) Record keeping . The C o m p a n y wil l main t a in a record, electronically or in some othermanner , of any breaches discovered, noti f ica t ions made to the USSS and the FBI pursuant to

8/7/2019 CPNI 20112

7/7

pa ra gra ph (2 ) , and not i f ica t ions made to c us t ome rs . T he record will i nc lude , if available, datesof discovery and notification, a detai led descript ion of the CPN1 that was the subject of thebreach, and the c i r c u m s t a n c e s of the b r e a c h . The Compa ny wi l l ma i n t a i n the record for am i n i m u m of 2 years.