Industry Assurance Consulting, Inc.

IACAdviceCompliance,Consulting,Certifications
Telephone:(786)5051862
6303BlueLagoonDrive,Suite400,Miami,FL33126
www.iacadvice.com,Email:compliance@iacadvice.com

January20,2016

BYELECTRONICSUBMISSION

MarleneH.Dortch,Secretary
FederalCommunicationsCommission
OfficeoftheSecretary
44512thStreet,S.W.,SuiteTWA325
Washington,DC20554

Subject:EBDocketNo.0636,CPNICertificationdueMarch1,2016(CY2015Operations)

DearMs.Dortch:

EcommerceNational,LLCdbaTollFreeDeals.com(herebyreferredtoasthe
"Company"),submitsthefollowingCPNICertification,regardingitsCalendarYear2015
operations,incompliancewithSection64.2001etseq.oftheCommission'srules.

TheCompanyrespectfullyaskstheCommissiontoacceptthefollowingCertificationas
timelyfiled,intermsoftheMarch1,2016filingdeadlinelistedin47C.F.R.64.2009(e).

________________________
AlonzoBeyene
IndustryAssuranceConsulting,Inc.
RegulatoryAnalyst

Enclosures

cc: FCCEnforcementBureau,TelecommunicationsConsumersDivision,
44512thStreet,SW,Washington,DC20554
BestCopyandPrinting,Inc.(viaemail fcc@bcpiweb.com)

EB Docket 06-36

Annual 64'2009(e) cPNl certification for

Activities of calenda ryear 2otS
Date filed:January 20, 2016
Company(s) covered by this certification:
Form 499
Name of signatory,
Title of signatory: CEO & LLC Member

l'
a
v

ify that I am an officer of the company named

above, and acting as an
at I have personal knowledge that the company
has established
t are adequate to ensure compliance with the commission,s
cpNl

rules, See 47 C.F.R. S 64.2001ef seo.

g statement explaining how

the Company.s

liance with the requirements (including those

in ing, recordkeeping, a nd su pervisory
review)
ission's rules,
The

company

(i.e', proceedings instituted or petitions filed

by
against data
brokers)against data brokers in the pastyear. lf
affirmative, the company is aware that it must
explain any actions that it has had to take against
data brokers, The company is aware that it
must report on any data that it has with respect
to the processes that any pretexters have used
(if any), to attempt to access cPNl, and what
steps the company is taking to protect cpNl.

-+^+^

a company at either. state commissions, the

co rt system, or at the commission

The company has not received any customer

complaints in the past year concerning the

unauthorized release of cPNl. The company is aware,

that had it had any such complaints, it
would have to report the number of customer complaints
that the company has received
related to unauthorized access to cPNl, or unauthorized
disclosure of cpNl, broken down by

The company represents and warrants that the

above certification is consistent with
.rr 47
c,F.R, s
9tt.l
-/

truthfur and accurate statements to the commission. The

company
rysrry qtJv
arso
i:ii:yll1l:Tlt:':
tl?jtu,,:"_ statements and misrepresentations

::iTYf1t"":

to the commission are punishabte

y subject it to enforcement action.

[Signature of an officer, as agent of the carrier]

Attachments: Accompanying statement expraining CpNr proceoures

AccompanyingStatementonCompanysCompliancewith47C.F.R.64.2009,Safeguards
requiredforuseofCustomerProprietaryNetworkInformation(CPNI)andCompliancewith
Section64.2001etseq.oftheCommission'sRules.

A. Definitions
CPNI(CustomerProprietaryNetworkData)referstodatasuchascustomername,address,
contactdataaswellasquantity,technicalconfiguration,type,destination,andamountofuse
ofservicesubscribedtobytheCompanyscustomers,andmadeavailablebytheCompanys
customerstothecompany,solelybyvirtueofthecustomerrelationshiptothecompany.Italso
includesdatacontainedincustomerbills,ifapplicable.
B. Use of CPNI
(1)TheCompanymay,ifapplicable,use,disclose,orpermitaccesstoCPNIforthepurposeof
providingormarketingserviceofferingsamongthecategoriesofservice(i.e.,local,
interexchange,andCMRS)towhichthecustomeralreadysubscribesfromtheCompany,
withoutcustomerapproval.
(2)TheCompanydoesnotuse,disclose,orpermitaccesstoCPNItomarketserviceofferingsto
acustomerthatrequireoptinoroptoutconsentofacustomerunder47C.F.R.64.2001et
seq.

(3)TheCompanydoesnotuse,discloseorpermitaccesstoCPNItoidentifyortrackcustomers
thatcallcompetingserviceproviders.

(4)Notwithstandingtheforgoing:ItistheCompanyspolicythattheCompanymayuse,
disclose,orpermitaccesstoCPNItoprotecttherightsorpropertyoftheCompany,orto
protectusersofthoseservicesandothercarriersfromfraudulent,abusive,orunlawfuluseof,
orsubscriptionto,suchservices.

C. Safeguards Required for the Use of CPNI

(1)ItisthepolicyoftheCompanytotrainitsapplicablepersonnel,onthecircumstancesunder
whichCPNImay,andmaynot,beusedordisclosed.ItisaviolationoftheCompanyspoliciesto
discloseCPNIoutsideoftheCompany.Anyemployeethatisfoundtohaveviolatedthispolicy
willbesubjecttodisciplinaryactionuptoandincludingtermination.

(2)ItistheCompanyspolicytorequirethatarecordbemaintainedofitsownanditsaffiliates
salesandmarketingcampaignsthatusetheircustomersCPNI.TheCompanymaintainsa
recordofallinstanceswhereCPNIwasdisclosedorprovidedtootherthirdparties,orwhere
thirdpartieswereallowedtoaccesssuchCPNI.Therecordincludesadescriptionofeach
campaign,thespecificCPNIthatwasusedinthecampaign,andwhatproductsandservices
wereofferedasapartofthecampaign.Suchrecordsareretainedforaminimumofoneyear.

(3)TheCompanyhasestablishedamandatorysupervisoryreviewprocessregarding
compliancewithCPNIrulesforoutboundmarketing.Ifapplicable,salespersonnelmustobtain
supervisoryapprovalofanyproposedoutboundmarketingrequestforcustomerapproval.The
Companyspoliciesrequirethatrecordspertainingtosuchcarriercomplianceberetainedfora
minimumperiodofoneyear.

(4)IncompliancewithSection64.2009(e),theCompanywillprepareacompliancecertificate
signedbyanofficeronanannualbasisstatingthattheofficerhaspersonalknowledgethatthe
Companyhasestablishedoperatingproceduresthatareadequatetoensurecompliancewith
47C.F.R.64.2001etseq.Thecertificateistobeaccompaniedbythisstatementandwillbe
filedinEBDocketNo.0636annuallyonMarch1,fordatapertainingtothepreviouscalendar
year.Thisfilingwillincludeanexplanationofanyactionstakenagainstdatabrokersanda
summaryofallcustomercomplaintsreceivedinthepastyearconcerningtheunauthorized
releaseofCPNI.
D. Safeguards on the Disclosure of CPNI
ItistheCompanyspolicytotakereasonablemeasurestodiscoverandprotectagainst
attemptstogainunauthorizedaccesstoCPNI.TheCompanywillproperlyauthenticatea
customerpriortodisclosingCPNIbasedoncustomerinitiatedtelephonecontactoronline
access,asdescribedherein.

(1)MethodsofAccessingCPNI.
(a)TelephoneAccesstoCPNI.ItistheCompanyspolicytoonlydisclosecalldetaildata
overthetelephone,basedoncustomerinitiatedtelephonecontact,ifthecustomerfirst
providestheCompanywithapassword,asdescribedinSection(2),thatisnot
promptedbythecarrieraskingforreadilyavailablebiographicaldata,oraccountdata.If
thecustomerisabletoprovidecalldetaildatatotheCompanyduringacustomer
initiatedcallwithouttheCompanysassistance,thentheCompanymaydiscussthecall
detaildataprovidedbythecustomer.

(b)OnlineAccesstoCPNI.ItistheCompanyspolicytoauthenticateacustomerwithout
theuseofreadilyavailablebiographicaldata,oraccountdata,priortoallowingthe
customeronlineaccesstoCPNIrelatedtoatelecommunicationsserviceaccount.Once
authenticated,thecustomermayonlyobtainonlineaccesstoCPNIrelatedtoa
telecommunicationsserviceaccountthroughapassword,asdescribedinSection(2),
thatisnotpromptedbytheCompanyaskingforreadilyavailablebiographicaldata,or
accountdata.

(2)PasswordProcedures
Toestablishapassword,theCompanywillauthenticatethecustomerwithouttheuseofreadily
availablebiographicaldata,oraccountdata.TheCompanymaycreateabackupcustomer
authenticationmethodintheeventoflostorforgottenpasswords,butsuchbackupcustomer
authenticationmethodwillnotpromptthecustomerforreadilyavailablebiographicaldataor
accountdata.Ifthecustomercannotprovidethecorrectpasswordorcorrectresponseforthe
backupcustomerauthenticationmethod,thecustomermustestablishanewpasswordas
describedinthisparagraph.

(3)NotificationofAccountChanges
TheCompanywillnotifycustomersimmediatelywheneverapassword,customerresponsetoa
backupmeansofauthenticationforlostorforgottenpasswords,onlineaccount,oraddressof
recordiscreatedorchanged.Thisnotificationisnotrequiredwhenthecustomerinitiates
service,includingtheselectionofapasswordatserviceinitiation.Thisnotificationmaybe
throughaCompanyoriginatedvoicemailortextmessagetothetelephonenumberofrecord,
orbymailtotheaddressofrecord,andmustnotrevealthechangeddataorbesenttothenew
accountdata.

(4)BusinessCustomerExemption
TheCompanymaybinditselfcontractuallytoauthenticationregimesotherthanthose
describedinthisSectionDforservicesitprovidestoitsbusinesscustomersthathavebotha
dedicatedaccountrepresentativeandacontractthatspecificallyaddressestheCompany's
protectionofCPNI.
E. Notification of CPNI Security Breaches
(1)ItistheCompanyspolicytonotifylawenforcementofabreachinitscustomers
CPNIasprovidedinthissection.TheCompanywillnotnotifyitscustomersordisclosethe
breachpubliclyuntilithascompletedtheprocessofnotifyinglawenforcementpursuantto
paragraph(2).

(2)Assoonaspracticable,andinnoeventlaterthanseven(7)businessdays,afterreasonable
determinationofthebreach,theCompanywillelectronicallynotifytheapplicableUS
governmentagenciessuchastheFederalBureauofInvestigation.
(a)Notwithstandingstatelawtothecontrary,theCompanywillnotnotifycustomersor
disclosethebreachtothepublicuntil7fullbusinessdayshavepassedafternotification
toapplicableUSgovernmentagencies,exceptasprovidedinparagraphs(b)and(c).

(b)IftheCompanybelievesthatthereisanextraordinarilyurgentneedtonotifyany
classofaffectedcustomerssoonerthanotherwiseallowedunderparagraph(a),inorder
toavoidimmediateandirreparableharm,itwillsoindicateinitsnotificationandmay
proceedtoimmediatelynotifyitsaffectedcustomersonlyafterconsultationwiththe
relevantinvestigationagency.TheCompanywillcooperatewiththerelevant
investigatingagencysrequesttominimizeanyadverseeffectsofsuchcustomer
notification.

(c)Iftherelevantinvestigatingagencydeterminesthatpublicdisclosureornoticeto
customerwouldimpedeorcompromiseanongoingorpotentialcriminalinvestigation
ornationalsecurity,theCompanywillcomplywithsuchagencyswrittendirectives,
includingdirectivesnottosodiscloseornotifyforaninitialperiodofupto30days,and
extendedperiodsasreasonablynecessaryinthejudgmentoftheagency.

(3)AftertheCompanyhascompletedtheprocessofnotifyinglawenforcementpursuant
toparagraph(2),itwillnotifyitscustomersofabreachofthosecustomersCPNI.

(4)Recordkeeping.TheCompanywillmaintainarecord,electronicallyorinsomeother
manner,ofanybreachesdiscovered,notificationsmadetotheUSSSandtheFBIpursuantto
paragraph(2),andnotificationsmadetocustomers.Therecordwillinclude,ifavailable,dates
ofdiscoveryandnotification,adetaileddescriptionoftheCPNIthatwasthesubjectofthe
breach,andthecircumstancesofthebreach.TheCompanywillmaintaintherecordfora
minimumof2years.

(5)Strictcontrolsareinplaceinvolvingresponsestolawenforcementagenciesthatservethe
Companywithvalidlegaldemands,suchasacourtorderedsubpoena,forCPNI.TheCompany
willnotsupplyCPNItoanylawenforcementagencythatdoesnotproduceavalidlegal
demand.