This Policy contains guidelines for compliance with the Federal Trade Commission’s (“FTC”) “Red Flag Rules,” and establishes an Identity Theft Detection, Prevention, and Mitigation Program (“Program”)
[Part I, below] and a policy for addressing discrepancies in consumer reports [Part II, below] for Complete Interactive Technologies (CIT), Inc. (the “Company”). The Company is a telecommunications service provider regulated by various state public utility commissions (“PUCs”) and the Federal Communications Commission (“FCC”).
The FTC’s Red Flag Rules were published in the Federal Register on November 9, 2007, and some of the rules became effective on November 1, 2008. Other aspects of the rules are effective November 1, 2009. The Red Flag Rules applicable to telecommunications carriers are summarized in 16 C.F.R. Section 681, and Appendix A to Section 681. The Company has reviewed these authorities, and has fashioned a Program that complies with the Red Flag Rules’ requirements. The Program described in this Policy is designed to work in concert with the Company’s policy regarding the protection of Customer Proprietary Network Information (“CPNI”). The Company’ CPNI policy is embodied in a separate, written policy designed to protect and regulate the use of CPNI and other confidential subscriber information. This policy is contained in the Company’s Statement of CPNI Operating Procedures and Policies (“CPNI Policies”).