AccessLine Protection of Customers Personal Information (CPI) Summary

AccessLine places the highest priority on protecting Customer Personal Information. AccessLine has developed and maintains a set of processes and procedures to secure and control customers personal information (CPI) which includes: o Subscriber name o All credit card information (number, expiration date and billing address) o Address o Phone number o Email address o IP address o Call history o Fax and voicemail NOTE: It is AccessLines policy to NOT collect or have access to customers social security number, driver license number or other information not listed above.

Our controls have been designed to comply with Federal, State and Industry regulations. These regulations include (but are not limited to):
o o o o Sarbanes-Oxley IT, Payment Card Industry (PCI) Data Security Standard, FCC Customers Proprietary network Information (CPNI), Massachusetts Regulation 201 CMR 17.00 (Personal Information Data Security)

Regarding HIPAA (Health Insurance Portability and Accountability Act) requirements, AccessLine is not a "Covered Entity" or "Business Associate" as defined by the HIPAA regulations; therefore HIPAA requirements do not apply to AccessLine's network. AccessLine simply provides a connection for you to transfer voice and data communications. It is your responsibility, however, to ensure that the applications used and the methods in which you transfer information over our connection are done in compliance with the HIPAA requirements. If you use our fax or voicemail service, you could incorporate our service into your privacy and security plan for HIPAA and be compliant. We simply provide a service or tool that can be used (securely) to meet Personal Information Security Regulations like Massachusetts Regulation 201 CMR 17.00 or HIPAA. For more information, please refer to the HIPAA guidelines. Our processes to secure and control our customers personal information include the following: o o o o o o o o o o Documented employee policy that clearly identifies illegal use of CPI is a crime and cause for termination. Limiting access of CPI to small set of authorized employees. All access to CPI information requires login and password authorization. Review of all employees who have CPI access on a monthly basis. No storing of CPI in unsecure system, including but not limited to e-mail, web server logs, paper or notepads and unsecure computers or laptops. CPI information is never allowed to leave the facilities, except via secure courier to offsite storage. All CPI information is located on secure network server that is isolated from public network. Standard network architecture and security is employed to prevent access to internal network, including but not limited to firewalls, DMZ and security patch maintenance. Quarterly audit of network security by third party (PCI authorized) vendor. Transmitting of CPI to third party vendors is via secure private network.

AccessLines commitment to Customer Personal Information security will continue as one of our highest priorities. AccessLine Communications

CMS-1008-001

Accessline Communications Copyright 2010