Effective Date: January 01, 2024

In accordance with Section 222 of the Communications Act and the Federal Communications Commission’s (“FCC”) CPNI Rules (47 C.F.R. § 64.2001, et seq.), 360 Broadband, LLC (“360 Broadband, LLC”) files this Statement of Policy outlining the Company’s procedures for accessing, using and storing Customer Proprietary Network Information (“CPNI”).

360 Broadband, LLC provides telecommunications services to retail customers. Because 360 Broadband, LLC may access, use, or store CPNI when providing these types of services, the Company undertakes the steps outlined in this Statement of Policy to protect CPNI from unauthorized access or misuse.

Definition of CPNI

Under federal law, CPNI is certain customer information obtained by a telecommunications provider during the course of providing telecommunications services (including interconnected VoIP) to a customer. This includes information relating to the quantity, technical configuration, type, destination, location, and amount of use of a telecommunications service subscribed to by any customer of a telecommunications carrier.

Examples of CPNI include information typically available from telephone-related details on a monthly bill, such as the types of services purchased by a customer, numbers called, duration of calls, directory assistance charges, and calling patterns. CPNI does not include names, addresses, and telephone numbers because that information is considered subscriber list information under applicable law.

Use of CPNI

It is the policy of 360 Broadband, LLC, not to use CPNI for any activity other than as permitted by applicable law. Any disclosure of CPNI to other parties (such as affiliates, vendors, and agents) occurs only if it is necessary to conduct a legitimate business activity related to the services already provided by 360 Broadband, LLC to the customer. Except in instances where 360 Broadband, LLC is required by law to disclose CPNI, such as through subpoenas or other requests by law enforcement officials, or if the intended use is permitted by FCC Rules, 360 Broadband, LLC will first obtain the customer’s consent prior to using or sharing CPNI.

Disclosure of CPNI

360 Broadband, LLC prohibits the release of CPNI based upon a customer-initiated telephone call except under the following three (3) circumstances.

• When the customer has pre-established a password;
• When the information requested by the customer is to be sent to the customer’s address of record;

or

• When 360 Broadband, LLC calls the customer’s telephone number of record and discusses the information with the party initially identified by the customer when service was initiated.

Online Access to CPNI

If 360 Broadband, LLC grants online access to CPNI, the Company authenticates a customer without the use of readily available biographical or account information prior to allowing the customer online access to CPNI stored online. Once authenticated, the  customer may only obtain online access to CPNI through a password that is not prompted by the carrier asking for readily available biographical or account information.

Password Authentication Procedures

To establish a password, 360 Broadband, LLC authenticates the identity of the customer without the use of readily available biographical or account information. The Company may create a back-up customer identification method in the event a customer misplaces or forgets a password, but such alternative customer authentication will not depend onreadily available biographical or account information. If a customer cannot provide the

correct password or the correct response for the back-up customer authentication method, the customer must establish a new password.

Account Change Notification

360 Broadband, LLC notifies customers immediately of any account changes, including address of record, authentication, online account and password related changes.

Disclosure to Business Customers

360 Broadband, LLC may negotiate alternative authentication procedures for services that the Company provides to business customers that have a dedicated account representative and a contract that specifically addresses the protection of CPNI.

Employee Training Policies and Disciplinary Procedures

All employees of 360 Broadband, LLC are trained as to when they are, and are not, authorized to use CPNI. Through this training, 360 Broadband, LLC has informed its employees and agents that it considers compliance with the Communications Act and FCC Rules regarding the use, disclosure, and access to CPNI to be very important. Violation by company employees or agents of such CPNI requirements will lead to disciplinary action (including remedial training, reprimands, unfavorable performance reviews, probation, and termination), depending upon the circumstances of the violation

(including the severity of the violation, whether the violation was a first time or repeat violation, whether appropriate guidance was sought or received from a supervisor, and the extent to which the violation was or was not deliberate or malicious).

Use of CPNI in Sales and Marketing Campaigns

If 360 Broadband, LLC uses CPNI in marketing campaigns, the company will maintain a record of all sales and marketing campaigns that use the CPNI. The record will include a description of each campaign, the specific CPNI that was used in the campaign, and what products and services were offered as part of the campaign. 360 Broadband, LLC will also implement a system to obtain prior approval and informedconsent from its customers in accordance with the CPNI Rules. This system will allow for the status of a customer’s CPNI approval to be clearly established prior to the use of CPNI.

Prior to commencement of a sales or marketing campaign that utilizes CPNI, 360 Broadband, LLC will establish the status of a customer’s CPNI approval. The following sets forth the procedure that will be followed by the Company:

• Prior to any solicitation for customer approval, 360 Broadband, LLC will notify customers of their right to restrict the use of, disclosure of, and access to their CPNI.
• 360 Broadband, LLC will use opt-in approval for any instance in which the Company must obtain customer approval prior to using, disclosing, or permitting access to CPNI.
• A customer’s approval or disapproval remains in effect until the customer revokes or limits such approval or disapproval.
• Records of approvals are maintained for at least one year.
• 360 Broadband, LLC provides individual notice to customers when soliciting approval to use, disclose or permit access to CPNI.
• The CPNI notices sent by 360 Broadband, LLC comply with FCC Rule 64.2008(c).

360 Broadband, LLC will also establish a supervisory review process regarding compliance with the CPNI

rules for outbound marketing situations and will maintain compliance records for at least one (1) year.

FCC Notification

The Company is prepared to provide written notice within five (5) business days to the FCC of any instance where the opt-in mechanisms do not work properly or to such a degree that consumers’ inability to opt-in is more than an anomaly.

Third Party Use of CPNI

To safeguard CPNI, prior to allowing joint venturers or independent contractors access to customers’ individually identifiable CPNI, 360 Broadband, LLC will require all such third parties to enter into a confidentiality agreement that ensures compliance with this Statement of Policy. 360 Broadband, LLC shall also obtain opt-in consent from acustomer prior to disclosing the information to such third parties for marketing purposes.

In addition, 360 Broadband, LLC requires all outside agents to acknowledge and certify that they may only use CPNI for the purpose for which that information has been provided. 360 Broadband, LLC requires express written authorization from the customer prior to dispensing CPNI to new carriers, except as otherwise required by law. 360 Broadband, LLC does not market or sell CPNI information to any third party.

Law Enforcement Notification of Unauthorized Disclosure

If an unauthorized disclosure of CPNI occurs, 360 Broadband, LLC shall provide notification of the breach within seven (7) days to the United States Secret Service (“USSS”) and the Federal Bureau of Investigation (“FBI”). 360 Broadband, LLC shall wait an additional seven (7) days from its government notice prior to notifying the affected customers of the breach. Notwithstanding the above, 360 Broadband, LLC shall not wait the additional seven (7) days to notify its customers if the Company determines there is an immediate risk of irreparable harm to the customers. 360 Broadband, LLC shall maintain records of discovered breaches for a period of at least two (2) years.

Customer Complaints

360 Broadband, LLC has not received any customer complaints in the past year concerning the unauthorized release of or access to CPNI.

Contact Information

Individuals or entities that have questions about this CPNI Certification or the use of CPNI by 360 Broadband, LLC may contact the company’s legal counsel, The CommLaw Group at (703) 714-1300.

Actions taken against Pretexters

360 Broadband, LLC has not taken any actions against data brokers before state commissions, state or federal courts, or the FCC in the past year. 360 Broadband, LLC has no information, other than information that has been publicly reported, regarding the processes that pretexters are using to attempt to access CPNI.

Annual CPNI Certification

Pursuant to FCC regulations, 47 C.F.R. § 64.20089(e), 360 Broadband, LLC will annually submit to the FCC, prior to March 1st, a CPNI Certification of Compliance and accompanying Statement regarding the company’s CPNI policies and operating procedures. These documents certify that 360 Broadband, LLC complied with federal laws and FCC regulations regarding the protection of CPNI throughout the prior calendar year.