CPNI CertificatioE A,Rnual47C.F.R. Q64.

2009(e) EB Docket 06-36

Exhibit A

IBC TelecomCorp.

ComplianceRequirements

IBC Telecom Corp. 26Flremens MemorialDrive,Ste.107 York 10970 PomonarNew Requirements Compliance

procedures ensure to the IBC TelecomCorp.("Company")maintains following operating et seq.of the set compliance with the requiremorts forth in Section64,2001 Commission's rules.

$ 64.2005 Use of customer proprietary network information without customer approvaL to (a) Any telecommunications canier may use,disclose, permit access CPNI for the purpose or of of providingor marketingserviceofferingsamongthe categories service( i.e. , local, alreadysubscribes from the samecarrier, and interoxchange, CMRS) to which the customer without customer approval. (1) If a telecommunications carrierprovidesdifferentcategories service, of and a customer of subscribes morethan onecategory serviceofferedby the carrier,the carrieris permittedtc, to shareCPNI amongthe carrier's affiliatedentitiesthat providea seryiceoffering to the customer. (2) If a telecommunications does carrierprovidesdifferentcategories service, a customer of but not subsoribe morethanoneoffering by the carrier,the carrieris not permittedto shareCPNII to with its affiliates,exceptasprovidedin $6a.2007(b). (b) A telecommunications or oaniermay not use,disclose, permit access CPNI to marketto a to doesnotl customerserviceofferingsthat arewithin a categoryof serviceto which the subscriber from that carrier,unless that carrierhascustomer approvalto do so, exceptas alreadysubscribe (c) in described paragraph ofthis section. (1) A wirelessprovidermay use,disclose, permit access CPNI derivedfrom its provisionof to or for CMRS, without customer approval, the provisionof CPE and informationservice(s). A or to wireline carriermay use,disclose permitaccess CPNI derivedfrom its provisionof local service, without customer for exchange serviceor interexchange approval, the provisionof CPII voioe storage andrehievalservices, storeand fax andcall answering, voice mail or messaging, forward,and protocolconversion. (2) A telecommunications carriormay not use,disclose permit access CPNI to identifo or or to tlat serviceproviders. example, local exchange For a track customers call competing ca:rier mary that not uselocal serviceCPNI to track all customers call local servicecompetitors. (c) A telecommunications carriermay use,disclose, permit access CPNI, without customer or to (c). approval, described this paragraph as in

to (l) A telecommunications or carriermay use,disclose, permitaccess CPNI, without customer and maintenance, repair services. approval,in its provisionof insidewiring installation, of to (2) CMRS providersmay use,disclose, permit access CPNI for the purpose conducting or research the healtheffectsof CMRS. on VoIP serviceasthat term is (3) LECs, CMRS providerq and entitiesthat provide interconnected to approval, marketservices may useCPNI, without customer definedin $9.3of this chapter, dialing,computrrsuchas,but not limited to, speed services, formerly known as adjunct-to-basic provideddirectoryassistance, monitoring,call traoing,call blocking,call return,repeat oall dialing,call tracking,call waiting caller LD., call forwarding and certaincentrexfeatures. to (d) A telecommunications or carriermay use,disclose, permit access CPNI to protectthe riglnts and properlyof the carrier,or to protectusersof thoseservices othercarriersfrom fraudulentl, or to, abusive, unlawful useof, or subscription suchservices. or Sept'20', 64 Oct. 1, 1999:,67 59211, FR [63 FR 20338,Apr.24,1998,as amendedat FR 53264, 2002;72FR 31962, June8,20071 The Companyhas adoptedspeciJicCPNI policies to ensure thal, in the absenceof customer approval, CPNI is only usedby the Companyto provide or market service offerings among the categoriesof semice (ie., Iocal, inlerexchange, and CMRS) to which the customer already subssibes, The Company's CPNI policies prohibit the sharing of CPNI with afJiliated companies,ercept aspermitted under Rule 6a.2005(a)(l) or with custotner approval pursuant to Rule 64.2007(b). The only exceptionsto thosepolicies are aspermilted ander 47.U.5.C. S 222(d) and RuIe 64.2005. $ 64.2007 Approval required for use of customer proprietary nefwork information. (a) A telecommunications carriermay obtainapprovalthroughwritten, oral or electronic methods. ( I ) A telecommunications carrierrelying on oral approvalshall bearthe burdenof demonstrating rules in this part. with the Commission's that suchapprovalhasbeengiven in compliance (2) Approval or disapproval use,disclose, permit access a customer's or CPNI obtainedby'a to to or telecommunications carriermustremainin effect until the customerrevokes limits such approvalor disapproval. (3) A telecommunications whetheroral, written or of carriermust maintainrecords approval, electronic,for at leastoneyear. In all circumstanceswhere customer approval is required to use, d.isclose permit accessto or CPNI, the Company's CPNI policies require that the Companyobnin customerdpptoval through written, oral or electronic methodsin compliance with Rule 64.2007. A cuslomer's approval or dhapproval rcmains in effect until the customerrcvokesor limils the approval or disapproval The Companymaintains reeordsof customer apprcval (whether writlen, oral or electronic)for a minimum of oneyean

carriermay, subjeotto A (b) Useof Opt-Outand Opt-InApproval Processes. telecommunications individually identifiableCPNI for the or opt-in approval,useits customer's opt-outapproval A to services that customer. telecommunications purpose marketingcommunications-related of individually or opt-in approval,discloseits customeCs canier may, subjectto opt-outapproval to services that purpose marketingcommunications-related of identifiableCPNI, for the services. A that to and its afFrliates provide communications-related customer, its agents to or telecommunications carriermay also permit suchpersons entitiesto obtainaccess such of Exceptfor useand disclosure CPNI that is permittedwithout CPNI for suchpurposes. or in or approvalundersection$64.2005, that is described this paragraph, as otherwis,e customer a Act providedin section222 of theCommunications of 1934,as amended, telecommunicationrl individually identifiableCPNI to or carriermay only use,disclose, permit access its customer's subjectto opt-in approval. The Compmy doesnot use CPNIfor any purpose (including marketing communicationsrelated semices)and doesnot discloseor grflnl accessto CPNI to any party (including to services), exceptaspermitted under 47 agentsor affiiates that provide communications-related 222(d) and Rule 64.2005. U.,S.CS

S 64.2008 Notice required for useof customer proprietary network information. approval,a (a) NotiJication,Generally.(l ) Prior to any solicitationfor customer of right to carriermustprovide notificationto the customer the customeds telecommunications CPNI. to of, restriotuseof disclosure and access that customer's (2) A teleoommunications oarriermustmaintainrecordsof notification,whetheroral, written or electronic,for at leastoneyear. mustbe providedwhen soliciting approvalto use,disclose,or (b) Individual noticeto customers CPNI. permit access customers' to (c) ContentolNotice. Customer notificationmust providesufficient informationto enablethe customer makean informeddecisionasto whetherto permit a carrierto use,disclose,or to permit access the customer's CPNL to, (l) The notificationmust statethat the customer a right, andthe carier hasa duty, under has to protecttheconfidentialityof CPNL federallaw, (2) The notificationmust specifuthe typesof informationthat constitute CPNI and the speoific for the entitiesthat will receivethe CPNI, describe purposes which CPNI will be used,and tt> thoseuses, and denyor withdraw access inform the customer his or her right to disapprove of at any time. CPNI (3) The notificationmustadvisethe customerof the precisestepsthe customermust take in ordler to to graflt or denyaccess CPNI,and mustclearly statethat a denialof approvalwill not affecttthe However,caniers may provide a provisionof any services which the customer to subscribes. directly resultingfrom the consequences in describing brief statemeng clearandneutrallanguage, to lack of access CPNI. (4) The notificationmustbe comprehensible mustnot be misleading. and

(5) lf written notificationis provided,the noticemust be clearly legible,usesufficiently large to type, and be placedin an areaso asto be readilyapparent a customer. then all portionsof the into anotherlanguage, (6) If any portion of a notificationis translated into notification mustbe translated that language. approvalto useCPNI may enhance (7) A canier may statein the notificationthat the customer's needs'A carrieralso' tailoredto the customey's and services the carrier'sability to offer produots CPNI to any personupon may statein the notificationthat it may be compelledto disclose by affirmativewritten request the customer. to a attempting encourage (8) A carriermay not includein the notificationany statement to to customer freezethird-partyaccess CPNI. that any approval,or denialof approvalfor the useof CPNI (9) The notificationmust state from that carrier is valid until ttre alreadysubscribes of the serviceto which the customer outside customeraffirmativelyrevokesor limits suchapprovalor denial. carrier'ssolicitationfor approvalmustbe proximateto the (10) A telecommunications of a custome/sCPNI rights' notification The Company CPNI policies require that customcrsbe notifted of theit rights, and the Company's obligations, with respectto CPNI prior to any solicitationfot castomer approval AII required customer notices (whether written, oral or electronic) comply with the requirements of Rule 64.2008. The Companymaintains records of all required cuslomer notices (whether writlen, oral or eleclronic)for a minimum of oneyearcarriermust provide (d) Notice Requirements Specificto Opt-Out.A telecommunications but approvalthroughelectronicor written methods, not by oral notificationto obtain opt-out of (f1of this section). The contents any such (exceptasprovidedin paragraph communication (c) of mustcomply with the requirements paragraph of this section. notification noticeand an ( I ) Carriersmustwait a3}-day minimum periodof time after giving customers to or permit access customer approvalto use,disclose, opportunityto opt-outbeforeassuming providefor a longerperiod.Carriersmust notiff customers CPNI. A carriermay, in its discretion, beforeapprovalis assumed. waiting periodfor a response asto the applicable form of notification,the waiting periodshall beginto run from the (i) In the caseof an electronio dateon which the notificalionwas sent;and (ii) ln the caseof notificationby mail, the waiting periodshall beginto run on the third day following the datethat the notificationwas mailed. everytwo rnustprovidenoticesto their customers (2) Carriersusingthe opt-outmechanism years, (3) Telecommunications carriersthat usee-mailto provideopt-outnoticesmust comply with the generallyapplioable notification: to in following requirements additionto the requirements to verifiable,prior approvalfrom consumers sendnoticesvia * (i) Caniersmust obtain express, or their servicein general, CPNI in particular; mail regarding

to (ii) Caniersmust allow customers reply directlyto e-mailscontainingCPNI noticesin order1lo opt-out; must be sentfo the to (iii) Opt-oute-mail noticesthat arereturned the canier as undeliverable the customerin anotherform beforecarriersmay consider customerto havereceivednotice; that the subjectline of the messal4e (iv) Caniersthat usee-mailto sendCPNI noticesmustensure identifiesthe subjectmatterof the e-mail; and clearlyandaccurately a to caniersmust makeavailable every customer methodto opt-outthat (v) Telecommunications is available24 hoursa day, sevendaysa week. andthat is of no additionalcostto the customer so througha combinationof methods, long as all customers Carriersmay satisfuthis requirement they choose' that choicewhenever opt-outat no costand areableto effectuate havethe ability to The Companydoesnot currently solicit "opt oal" cuslomer approvalfor the useor disclosuret of CPNI. The Company doesnot use CPNIfor any purPose (including marketing communinations-relatedservices)and doesnot discloseor grant accessto CPNI lo any parry (including agentsor affiiates that provide communicalions-relatedservices),exceptas permitted under 47 A.S.C.S 222(d)and Rule 64.2005. carriermay provide (e) NoticeRequirements Specificto Opt-In,A teleoommunications of The contents oral, written, or electronicmethods. notificationto obtainopt-in approvalthrough (c) of complywith the requirements paragraph of this section. any suchnotificationmust The Companydoesnot carently solicit $opt in" caslomer approvalfor the ase or disclosure of to CPNI. The Company doesnot ase, discloseot grant access CPNIfor any purpose, to any party or in any mnnner lhat would require a castomer's "opt inD approval under the Commission's CPNI Rules. (f) NoticeRequirements Specificto One-TimeUseof CPNI.(1) Caniers may useoral noticeto contacts telephone for obtainlimited, one-timeuseof CPNI for inboundand outboundcustomer on carriersuseopt-out or opt-in approvalbased the ofwhether the durationofthe call, regardless natuteofthe contact. (o) of (2) The content$ any suchnotificationmustcomplywith tho requirements paragraph of of the following notice carriersmay omit any of this section,exceptthat telecommunications provisionsif not relevantto the limited usefor which the carrierseeksCPNI: (i) Caniersneednot adviseoustomers if they haveopted-outpreviously,no actionis needed that to maintainthe opt-outelection; (ii) Caniersneednot advisecustomers they may shareCPNI with their affrliatesor third that will not resultin usebyoor partiesandneednot namethoseentities,if the limited CPNI usage to, disclosure an affiliate or third parly; can the by (iii) Carriersneednot disclose means which a customer deny or withdraw future that access CPNI, so long ascaniersexplainto customers the scopeof the approvalthe carrier to is seeks limited to one-timeuse;and a (iv) Carriersmay omit disclosure the precisesteps customermusttake in orderto grantor of can that to denyaccess CPNI, as long asthe carrierclearlycommunicates the customer deny to access his CPNI for the call.

In instances where the Company seeksone-time customer approvalfor lhe use or disclosure of CNPI, the Comparytohtains such approval in aceordancewith the disclosures,methodsand requirements conlained on Rule 2008fl.

$ 64.2009 Safeguardsrequired for useof customer proprietary nefivork information. (a) Telecommunications carriersmust implementa systemby which the statusof a customer's prior to the useof CPNL CPNI approvalcanbe clearly established The Companfs billing systemallows authorized compan! personnel I0 eastly determine the status of a customer's CPNI approval on the customer account scteenprior to the use or disclosure of CPNI. (b) Telecommunications carriersmusttrain their personnel to whenthey are andare not as to useCPNI, and carriersmusthavean express disciplinaryprocess place. in authorized The Company hasesnblishedCPN| compliancepolices that include employeetraining on ristrictions on the use and disclosute of CPNI and required safeguardsto protect against unauthorircd use or disclosure of CPNL Employecshwe signed thal they understand the CPNI policies and a violation otthose policies will result in disciplinary f,ction. (c) All carriersshall maintaina r@ord,electronically in someothermanner,of their own and or that All their affiliates'salesand marketingcampaigns usetheir customers'CPNI. carriersshall whereCPNI was disclosed providedto third parties,or where or maintaina recordof all instances to third partieswere allowedaccess CPNI. The recordmust includea description each of and campaign, specificCPNI that was usedin the campaign, what productsandservices the were Caniersshall retainthe recordfor a minimum of one year. offeredasa part of the campaign. The Company's CPNI policies require that all sales and marketing campoigns including those utilizing CPNI be recorded and kepi onfilefor at least one year. Recordsare also maintained for disclosure or access10 CPNI by third parties. The records include the required inlormattbn Iisted in Rale 64,2009(c). (d) Telecommunications carriersmustestablish supervisory a review process regardingcarrier with the rules in this subpart outboundmarketingsituationsand rnaintainrecords compliance for for of carriercompliance a minimumperiodof one year.Specifically,salespersonnel must obtilin approvalofany proposed outbound marketingrequest customer supervisory for approval. The Company's CPNI policies require employees obtain approvalfrom the Company's l0 CPNI Compliance Officer far all marketing campaigns including those utilidng CPNI, prior to initiating that campaign Record of the marketing campaigns,along with the appropriate supervisory approval is maintainedfor ut least oneyear. (e) A telecommunications carriermust havean officer, as an agentof the carrier,sign and file with the Commission compliance certificateon an annualbasis.The officer must statein the a knowledge that the companyhasestablished certificationthat he or shehaspersonal operating procedures are adequate ensure that to compliance with the rules in this subpart. The carriermuLst providea statement accompanying certificateexplaininghow its operating the procedures ensu;re with the rules in this subpan.In addition,the canier must include that it is or is not in compliance of an explanation any actionstakenagainst databrokersand a summaryof all customer

the release CPNI. This filing of complaintsreceivedin the pastyear ooncerning unauthorized Bureauon or beforeMarch I in EB DocketNo. 0,6mustbe madeannuallywith the Enforcement year. 36, for dafapertainingto th previouscalendar The reqaired officer certifi.cation,actions taken against data brokers and sammary of customer complaint documentsare includedwirh this accompanying statemenr The Company witlftle thesedocumentson an annual basison or before March I for datapertaining to the previous calendar year. (fl Carriersmust providewritten noticewithin five business daysto the Commissionof any that consumers' the opt-outmechanisms not work properly,to sucha degree do instance where inability to opt-out is morethan an anomaly. (1) The noticeshall be in the form of a letter,and shall includethe canier'sname,a descriptionof and the the opt-out mechanism(s) used,the problem(s)experienced, remedyproposed when it whetherthe relevantstatecommission(s) beennotified and whether has will be/wasimplemented, it hastakenany action,a copy of the notice providedto customers, contactinformation. and (2) Suchnotice mustbe Submifted evenif the carrieroffersothermethods which consuniers by may opt-out. The Company doesnol currently solicit aopt out" customerapprovalfor the use or discloswe of CPNL

$ 64.20f0 Safeguardson the disclosureof customer proprietary network information. (a) Safeguarding CPi//. Telecommunications carriersmusttake reasonable measures discovr:r to to andprotectagainstattempts gain unauthorized to access CPNI. Telecommunications carriersi prior to disclosingCPNI based customer-initiated mustproperlyauthenticate customer a on telephone contact,online accountaccess, an in-storevisit. or The Companyts CPNI policies and employeelraining include reasonablemeasuresto discov,er and protect agoinst activity thet is indicative of pretexting and employees instructed to are notily lhe CPNI Compliance Ofricer if any such activity is suspected (b) Telephone access CPNL Telecommunications to caniersmay only disclosecall detail informationover the telephone, based customer-initiated on telephone contact,if the customer (e) first providesthe carrierwith a password, described paragraph of this section,that is nrct in as promptedby the canier askingfor readily availablebiographical information,or account information.If the customer doesnot providea password, telecommunications the carriermay only disclosecall detail informationby sendingit to the customer's of address record,or by calling the customer the telephone at numberof record.If the customer ableto provide oall is detail informationto the telecommunications carrierduring a customer-initiated without the call carrier's thEn telecommunications assistance, the telecommunications carrieris permittedto discuss call detail informationprovidedby the oustomer. the The Company's CPNI policies ensare that a customer is only ahle to accesscall detatl information over the telephonein one of the wayslisted in RuIe 64,2010(b). If the customer cannot remember their password,they are prompted lo answer a secarity question, Neither tlbe password nor the security guestionsare basedon readily available biographical information or

are accoant information. Cuslomer service representatives instructed to aulhenlicate over the telephonein all instuncesexcept in the casewhere the customerprovides customerc the call daail information withou the assistanceof the Companyacustomerwithout carriermustauthenticate (c) Online access CPNL A telecommunications to information,or acgountinformation,prior to allowing the useof readily availablebiographical serviceaccount.Once online access CPNI relatedto a telecommunications to the customer to may only obtain online access CPNI relatedto a the authenticated, customer (e) in as serviceaccountthrougha password, described paragraph of this telecommunications that is not promptedby the carrieraskingfor readily availablebiographicalinformation,, section or accountinformation. The company authenticatescustomerswithout the use of readily available biographlcal or accoanl information prior to allowing on accessto CPNI related to an accounL Once aathenticated, the customermay only obtain accessto CPNI through a password, that is not prompted by readily availuble biographical or account informnlion. wlro, canier may discloseCPNI to a oustorner (d) In-store access CPNL A telecommunications to or its agenta valid carrier to at a carrier'sretail tocation,first presents the telecommunications accountinformation. photo ID matchingthe customer's The Companydoesnot have retail locations. (e) Establishmentof a Passwordand Back-upAuthenticationMethods Lost or Forgotten for canier must authenticate customer the a a To Passwords. establish password, telecommunications without the useof readily availablebiographicalinfonnation,or accountinformation. methodin the event authentication carriersmay createa back-upcustomer Teleoommunications authentication methodmay not but of a lost or forgottenpassword, suchback-upcustomer promptthe customer readily availablebiographicalinformation,or accountinformation.If a for for or customercannotprovidethe correctpassword tle conectresponse the back-upcustomer in as a must establish new password described this method,the customer authentioation paragraph. The CompanytsCPNI policies allow for afew waysto establlsha password, all of which ensure compliance wtth the aboveparagraph. Each method also allows the customer to establish a back-up or security question in thc eventthat theyforget thelr password,In no event doesthe Company rce readily available biographical information or account informffiion as a back-u:p question or as a meansto establish a possword or authenticate the customen cariers mustnotify customers Telecommunications (f) NotiJication accountchanges. of for to customer meansof authentication response a baok-up a immediatelywhenever password, or This ofrecord is created changed. or online account, address lost or forgottenpasswords, notificationis not requiredwhen the customerinitiatesservice,includingthe selectionof a voicemailor password serviceinitiation.This notificationmay be througha carrier-originated at of numberof record,or by mail to the address record,and must not to text message the telephone information. informationor be sentto the new acoount revealthe ohanged The company will notify d castomer immediately when account changesoccur, including a password, & responseto a back-up means of authentication, or addressof record. The to notilication will be through a carrier-originated voicemoil or text message the telephone number of rccord, or by mdl to the addressof record, and wiII nol contain the changed information or be sent to the new flccount informilion

customer Telecommunications exemption. carriersmay bind themselves {g} Business contractually authentication to regimesotherthanthosedescribed this sectionfor servioes in they provideto their business customers havebotha dedicated that accountrepresentative a and contractthat specificallyaddresses caniers'protectionof CPNI. the The Companydoesnot utilize the businesscastomer exception ot this time,

$ 64,2011 Notification of customer proprietara network information security breaches. (a) A telecommunications carriershall notify law enforcement a breachof its customers' of CPNI asprovidedin this section.The carriershall not notify its customers disclosethe breach or publicly, whethervoluntarily or understateor local law or theserules,until it hascompleted the process notifoing law enforcement pursuant paragraph of this section. of (b) to (b) As soonaspraoticable, in no eventlaterthanseven(7) business aud days,after reasonable of detennination the breach, telecommunications the carriershall electronicallynotifo the United States SecretService(USSS)and the FederalBureauof Investigation(FBI) througha cenrral reportingfacility. The Commission will maintaina link to the reportingfacility at http://www.fcc.got'/eb/c i. pn (l ) Notwithstanding any statelaw to the contrary,the carriershall not notiff customers or disclose breachto the public until 7 full business the dayshavepassed after notificationto the USSSand the FBI exceptasprovidedin paragraphs (b)(2) and (b)(3) of this section. (2) If the cauier believes that thereis an extaordinarily urgentneedto notiff any classof affectedcustomers soonerthanotherwiseallowedunderparagraph (b)(l) of this section,in order to avoid immediate and irreparable harm, it shall so indicatein its notificationand may proceed to immediately noti$ its affectedcustomers only afterconsultation with the relevantinvestigating agency. The carriershall cooperate with the relevantinvestigating request minimiz: agency's to effectsof suchcustomernotification. any adverse (3) If the relevantinvestigating agencydetermines public disclosure noticeto customers, that or would impedeor compromise ongoingor potentialoriminal investigation nationalsecurity, an or suchagency may direct the carier not to so disclose notif, for an initial periodof up to 30 or days.Suchperiodmay be extended the agency reasonably by as necessary thejudgmentof tlhe in agency.Ifsuch directionis given,the agencyshall notifu the carrierwhen it appears public that disclosure noticeto affectedcustomers no longerimpedeor compromise criminal or will a investigation nationalsecurity.The agencyshall providein writing ie initial directionto the or carrier,any subsequent extension, any notificationthat noticewill no longer impedeor and compromise criminal investigation nationalsecurityand suchwritings shall be a or loggedon the samereportingfacility tlrat containsrecordsof notifications contemporaneously filed by carriers. (c) Customer notification.After a telecommunications carrierhascompleted process the of notifuing law enforcement pursuant paragraph of this section,it shall notif, its customersi (b) to of a breachof thosecustomers'CPNL (d) Recordkeeping. carriersshall maintaina record,electronicallyor in someothermanner, All of any breaches discovered, notificationsmadeto the USSSand the FBI pursuantto paragraph (b) of this section,and notifioationsmadeto customers. recordmust include,if avaiiable,dites The

of of discoveryand notification"a detaileddesoription the CPNI that wasthe subjectof the of and the oircumstances the breach. Caniers shallretainthe recordfor a minimum of 2, breach, years. (a) Definitions.As usedin this section,a *breach"hasoccurredwhen a person, without or authorization, intentionallygainedaccess used,or disclosed has to, authorization exoeeding CPNI. (0 This sectiondoesnot supersede statute,regulation, order, or interpretationin any State, any exceptto the extent that such statute,regulation, order, or interpretationis inconsistentwith the provisionsof this section,andthen only to the extentof the inconsistency, The Company haspolicies and procedures in place to ensare compliance with Rule 64.2011. lVhen it is reasonably determinedthat a breach has occarred, the CPNI Compliance Offrcer will noffi law enforcement and its customer in the required timeframes. A record of the breach will be malntainedfor a minimum of two years and will include all informatinn required.by RuIe 64.2011.