8/12/2019 IDT Telecom CPNI Certification

1/4

IDT Telecom, Inc.550 Broad StreetNewark, New Jersey 07 102

Annual 47 C.F.R. 64.2009 e) CPNI Certification

E Docket 06-36

Annual 64.2009(e) C PNI Certification for 201

Date f i led: ~ebruary e, 20 14

Name of company(s) covered b y this certification: IDT Telecom, Inc.

Form 499 Filer ID: 826339

Name of signatory: Yona Katz

Title of signatory: Chief Operating Officer

I, Yona Katz, certify that I am an officer of the company named above, and acting as anagent of the company, that I have personal knowledge that the com pany has established operatingprocedures that are adequate to ensure compliance with the Comm ission s CPN I rules.See 47C.F.R. t 64.2001 et seq

Attached to this certification is an acco mpanying statement explaining how thecompany s procedures en sure that the company is in compliance with the requirements (including

those mandating the adoption o f CPN I procedures, training, recordkeeping, and supervisoryreview) set forth in section 64.2001et seq of the Comm ission s rules (see attachedaccompanying statement.)

Th e compa ny has not taken any actions (pro ceeding s instituted o r petitions filed by acompany at either state commissions, the court system, or at the Commission against databrokers) aga inst data brokers in the past year.

The com pany has no t received a ny customer complaints in the past year concerning theunauthorized release of CP NI.

If affirmative:

8/12/2019 IDT Telecom CPNI Certification

2/4

STATEMENT REGARDING OPERATING PROCEDURESIMPLEMENTING 7 C.F.R. SUBPART U

GOVERNING USE OFCUSTOMER PROPRIETARY NETWORK INFORMATION CPNI)

IDT Telecom , Inc., its subsidiaries and affiliates' ( Compan y or IDT ) is committed toprotecting the privacy of its customers' confidential and proprietary information and hasestablished operating procedures to protect CPN I. The following statement explains theoperating procedures of ID T to ensure that it is in comp liance with the CPN I rules of the FederalComm unications Com mission's ( Commission or FCC ).

Use of CPNI

1 The Company uses CPNI for the purpose of providing a customer with the requestedservice. The Com pan y also uses CPN I for various purposes permitted by law. Specifically, theCompany may use, disclose or permit access to CPNI to initiate, render, bill, and collect for itstelecom mun ications and Voice-over-Internet Protocol ( VoII ') services. The Comp any may also

use, disclose or permit access to CPNI to protect the rights or property of the Company, or toprotect users of those services and other service providers from fraudulent, abusive, or unlawfuluse of, or subscription to, such services. The Com pany may use, disclose or permit access toCPNI to provide inbound telemarketing, referral, or administrative services to the subscriber forthe duration of the call, if such call is initiated by the subscriber and the subscriber approves ofthe use of such CPN I to provide such service. The Com pany may use, disclose or permit accessto CPN I to provide call location information concerning the user of a commercial mobile service.The Company may use, disclose or permit access to CPNI for the purpose of providing carrierpremise equipment ( CPE) and call answering, voice mail or messaging, voice storage andretrieval services, fax store and forward, protocol conversion, provision of inside wiring,installation, maintenance, repair services, and to market services formerly known as adjunctservices, such as, but not limited to, speed dialing, computer provided directory assistance, callmonitoring, call tracing, ca ll blocking, call return, repeat dialing, call tracking, ca ll waiting, callerID, call forward ing an d certain Centrex features.

2. The Company uses CPNI for the purpose of marketing service offerings among thecategories of service to which the customer already subscribes from D T . The Comp any does notuse, disclose, or permit access to CPNI to market service offerings that are within a category ofservice to which the subscriber does not already subscribe from IDT, unless the Com pany o btainsproper customer approval in accordance w ith Com mission rules and regulations.

IDT Telecom, Inc.; IDT Corporation; IDT Telecom, LLC;Entrix Telecom, Inc.; Net2Phone CableTelephony, LLC; Net2Phone Global Services, LLC; IDT America, Corp.; IDT Domestic Telecom, Inc.;and IDT Spectrum, LLC.

8/12/2019 IDT Telecom CPNI Certification

3/4

Protection of CP NI

3. The Co mpa ny doe s not provide Call Detail Record ( CDR ) information over thetelephone to customers w ho contact the Company, unless the customer provides a valid password.In order to establish a password, the Company authenticates the customer without reliance onreadily available biographical information or accou nt information. If a custom er properly

identifies a call, the Com pany may assist the custom er with regard to that call and will not releaseany other CD R information. The Company provides access to non-CDR information over thetelephone to customers who contact the Company after the customer has provided certaininformation to the Com pany representative to verify the identity o f the customer. The type ofinformation required fo r access to non-CDR information differs depending on the type of servicesubscribed to by th e customer.

4 The Company does not provide access to CPNI online unless the customer provides avalid password. In order to establish a password, the Com pany authenticates the customerwithout reliance on readily available biographical information or account information. If aCustomer forgets the password, the customer may contact IDT Customer Service, which willauthenticate the customer without reliance on readily available biographical information or

account information, or the Com pany ma y supply the password to the postal or electronic addressthat the Com pany has associated with the customer's account for at least 30 da ys.

5. The C omp any does not provide access to CP NI information at retail locations where itsservices are sold.

Law Enforcement and Required Disclosures

6 . The Company notifies a customer of certain account changes, including when apassword, customer response to a security question means of authentication, or Address ofRecord is created or changed. The notification is sent by electronic mail to the Address of Recordor by postal mail to the A ddress of R ecord, as to reasonably ensure that the customer receives the

notification. Th e notification does not provide the updated information.7. The Co mpan y will disclose CPNI upon affirmative written request by a customer to anyperson designated by the customer. The Company verifies all affirmative written customerrequests.

8 Within days of a reason able determination of breach i . e . , CPNI disclosed to a thirdparty without customer authorization), the Company will notify the US Secret Service ( USSS )and Federal Bureau o f Investigation ( FBI ) of the breach v ia the central reporting facilitywww.fcc.gov/eb/cpni.

After 7 days of USSS and FBI notice, if IDT has not received written direction fromUSSS or FBI, ID T will notify the customer of the breach, unless the U SSS and FBI have

extend the period for such notice.

For 2 years follow ing USS and FBI notice, IDT will maintain a record o f(1) discoveredbreaches; (2) notifications to USSS and FBI; (3) USSS and FBI responses; (4) datesbreaches discovered; (5) dates INS notified USSS and FBI; (6) details of CP NI breached;and (7) circumstances o f breaches.

8/12/2019 IDT Telecom CPNI Certification

4/4

Traininp record keep in and Enforcement

9 The Company employees are trained as to the proper protection, uses and treatment ofCPNI, including familiarity with the Comp any s internal CPN I policies and proced ures.

10 The Company maintains a record of sales and marketing campaigns that use CPNI,

including any instances when CPNI is disclosed or provided to third parties or when third partiesare allowed access to CPNI. Th e record is required to include a description of each campaign, thespecific CPNI that was used in the campaign, what products and services were offered as part ofthe campa ign. Such records are required to be retained for at least1 year following the sales andmarketing camp aign.

11. The Company maintains supervisory review process regarding compliance with theCPNI rules for outbound marketing situations and maintains records of compliance for aminimum of 1 year following the supervisory review. Sales personne l are required to obtainsupervisory app rova l of any proposed ou tbound marke ting request for custome r approval.

12. The Company employs appropriate remedies against those persons violating the

Com pany s internal CPN I policies and procedures. Rem edies may include, but are not limited to,financial, legal or disciplinary actions including termination and referrals to law enforcementwhen appropriate.