Hayes e-Government Resources, Inc.

Customer Proprietary Network Information (CPNI) Compliance Policy

Customer information obtained by Hayes by virtue of its provision of telecommunications services may be considered CPNI, and be subject to legal protections under federal law. Hayes supports these laws, and requires that its employees, contractors, agents, affiliates and partners abide by the policies set forth in this CPNI Policy (Policy).

Confidential & Proprietary

CPNI Compliance Policy

Hayes e-Government Resources, Inc. TABLE OF CONTENTS

Page

1.0 2.0 3.0 4.0 5.0 5.1 5.2 6.0 6.1 6.2 6.3 7.0 7.1 7.2 7.3 7.4 8.0 8.1 8.2 8.3 9.0 9.1 9.2 9.3 10.0 11.0 12.0

Purpose ............................................................................................................................................ 1 Scope ............................................................................................................................................... 1 Policy Owner .................................................................................................................................... 1 CPNI Defined & Described .............................................................................................................. 1 CPNI Protection ............................................................................................................................... 1 No CDR CPNI .............................................................................................................................. 1 Access to Non-CDR CPNI Restricted .......................................................................................... 1 Law Enforcement and Required Disclosures ................................................................................... 2 Notification of Account Changes ................................................................................................. 2 CPNI Disclosure to Designated Persons ..................................................................................... 2 CPNI Breach Notification ............................................................................................................. 2 CPNI Permitted Uses ....................................................................................................................... 3 Service Provision and Billing ....................................................................................................... 3 Protection of Rights, Property or Users ....................................................................................... 3 Telemarketing, Referral or Administrative Services .................................................................... 3 Provision of CPE and Other Non-Telecom Services ................................................................... 3 CPNI Marketing Uses....................................................................................................................... 3 Total Service Approach ............................................................................................................... 3 Affiliates and Third Parties ........................................................................................................... 3 Third Party Contracts ................................................................................................................... 3 Record Keeping & Training .............................................................................................................. 4 Training ........................................................................................................................................ 4 Marketing Campaigns Record ..................................................................................................... 4 Outbound Marketing Supervisory Review ................................................................................... 4 Certification ...................................................................................................................................... 4 Enforcement ..................................................................................................................................... 5 Definitions ........................................................................................................................................ 5

Confidential & Proprietary

CPNI Compliance Policy

Hayes e-Government Resources, Inc.

1.0 Purpose
This Policy describes and governs the permissible uses and disclosures of Customer Proprietary Network Information (CPNI). Hayes is committed to protecting the privacy of confidential and proprietary information about its Subscribers received by virtue of the provision of telecommunications services.

2.0 Scope
This Policy applies whenever CPNI data is used internally, shared among affiliates or disclosed to any third party.

3.0 Policy Owner

Hayes management owns this policy. Questions on the policy should be dir ected to Bradford Hood, at 850-297-0644 or bhood@hcs.net. Changes or amendments to this Policy will be reviewed, managed and approved by management.

4.0 CPNI Defined & Described

CPNI is information that relates to the quantity, technical configuration, type, destination, location, and amount of use of a telecommunications service subscribed to by any subscriber of a telecommunications carrier, and that is made available to the carrier by the subscriber solely by virtue of the carrier-subscriber relationship; and, information contained in the bills pertaining to telephone exchange service or telephone toll service received by a subscriber of a carrier. CPNI includes Call Detail Records (CDRs), which contain information that pertains to the transmission of specific telephone calls, including, for outbound calls, the number called, and the time, location, or duration of any call and, for inbound calls, the number from which the call was placed, and the time, location, or duration of any call. CPNI does not include information that does not fall within the above definition. For example, CPNI does not include a subscribers name, telephone number or address.

5.0 CPNI Protection

5.1 No CDR CPNI
5.1.1 No CDR Information Currently Hayes does not provide any voice telecommunications services; thus, Hayes telecommunications services do not generate any Customer call detail information. Should this change, Hayes management will update this Policy accordingly.

5.2

Access to Non-CDR CPNI Restricted

5.2.1 Customer Access. 1

Confidential & Proprietary

CPNI Compliance Policy

Hayes e-Government Resources, Inc.

Non-CDR CPNI may only be provided over-the-phone to authorized contacts on the Customers account. Non-CDR CPNI is not available to Customers on-line, on-site at Hayess offices or at any retail locations. 5.2.2 Third Party Access No third party shall have access to non-CDR CPNI, except as permitted under FCC regulations or required by law (see Sections 6.0 and 7.0 below).

6.0 Law Enforcement and Required Disclosures

6.1 Notification of Account Changes
Hayes will notify Subscribers immediately whenever an Address of Record is created or changed. This does not include the initial creation of the Account. The notification will be by mail to the Address of Record, as to reasonably ensure that the Customer receives the notification. The notification will not provide the updated information.

6.2

CPNI Disclosure to Designated Persons

Hayes must disclose CPNI upon affirmative written request by the Customer to any person designated by the Subscriber. All such requests for CPNI must be sent to Bradford Hood for verification and approval before disclosing the requested CPNI.

6.3

CPNI Breach Notification

Upon reasonable determination of a CPNI breach (i.e., CPNI disclosed to a third party without Subscriber authorization), immediate notification must be sent to Bradford Hood. 6.3.1 If there is a possibility of immediate and irreparable harm, Hayes may notify the Subscriber immediately after consultation with law enforcement. Within 7 days of the reasonable determination of breach, Hayes must notify the US Secret Service (USSS) and FBI. send electronic notice to central reporting facility www.fcc.gov/eb/cpni. include a desire to notify Subscribers or class of Subscriber immediately concurrent with the notice.

6.3.2

6.3.3

After 7 days of USSS and FBI notice, if Hayes has not received written direction from USSS or FBI, Hayes will notify the Subscriber of the breach. The USSS and FBI may extend the period for such notice by 30 days or more. For 2 years, Hayes will maintain a record of (1) discovered breaches; (2) notifications to USSS and FBI; (3) USSS and FBI responses; (4) dates breaches discovered; (5) dates Hayes notified USSS and FBI; (6) details of CPNI breached; and (7) circumstances of breaches.

6.3.4

-2-

Confidential & Proprietary

CPNI Compliance Policy

Hayes e-Government Resources, Inc.

7.0 CPNI Permitted Uses

7.1 Service Provision and Billing
Hayes may use, disclose or permit access to CPNI, either directly or indirectly through its agent, to initiate, render, bill, and collect for its telecommunications services.

7.2

Protection of Rights, Property or Users

Hayes may use, disclose or permit access to CPNI, either directly or indirectly through its agent, to protect the rights or property of the carrier, or to protect users of those services and other carriers from fraudulent, abusive, or unlawful use of, or subscription to, such services.

7.3

Telemarketing, Referral or Administrative Services

Hayes may use, disclose or permit access to CPNI, either directly or indirectly through its agent, to provide any inbound telemarketing, referral, or administrative services to the Subscriber for the duration of the call, if such call was initiated by the Subscriber and the Subscriber approves of the use of such information to provide such service.

7.4

Provision of CPE and Other Non-Telecom Services

Hayes may use, disclose, and permit access to CPNI for purpose of providing carrier premise equipment (CPE) and call answering, voice mail or messaging, voice storage and retrieval services, fax store and forward, protocol conversion, provision of inside wiring, installation, maintenance, repair services, and to market services formerly known as adjunct services, such as, but not limited to, speed dialing, computer provided directory assistance, call monitoring, call tracing, call blocking, call return, repeat dialing, call tracking, call waiting, caller ID, call forwarding and certain Centrex features.

8.0 CPNI Marketing Uses

8.1 Total Service Approach
The marketing of any additional Hayes services to a Subscriber is conduct ed by Hayes Sale Department. Hayes sales personnel are permitted to use, disclose, and access CPNI for the purpose of marketing service offerings among the category/ies of service to which a Hayes Subscriber already subscribes without obtaining the Subscribers approval. Hayes Sales personnel are not permitted to use, disclose or access CPNI for the purpose of marketing service offerings outside the category/ies of service to which a Hayes Subscriber already subscribes.

8.2

Affiliates and Third Parties

Hayes does not share the CPNI of a Subscriber with any affiliate or third party for purposes of marketing any services. Hayes only shares CPNI with affiliates or third parties for uses permitted under FCC regulations or as required by law ( see Sections 6.0 and 7.0, above).

8.3

Third Party Contracts

-3-

Confidential & Proprietary

CPNI Compliance Policy

Hayes e-Government Resources, Inc.

Any contract with a third party that includes the disclosure or sharing of CPNI requires a confidentiality agreement with the partner, contractor or agent. The confidentiality agreement must include the following: 1. Require that the partner, contractor or agent use the CPNI only for the purpose of marketing or providing the services for which it was provided; 2. Disallow the partner, contractor or agent from using, allowing access to or disclosing the CPNI to any other party, unless required to make such disclosure under force of law; and 3. Require that the partner, contractor or agent have appropriate protections in place to ensure the ongoing confidentiality of the Subscribers CPNI. All agreements with any partners, contractors and agents must be reviewed and approved by Bradford Hood.

9.0 Record Keeping & Training

9.1 Training
All Hayes personnel must be trained as to the proper uses and treatment of CPNI, including familiarity with this Policy.

9.2

Marketing Campaigns Record

Hayes must maintain a record (electronically or otherwise) of sales and marketing campaigns that use CPNI, including any instances when CPNI is disclosed or provided to third parties or when third parties are allowed access to CPNI. Hayes must maintain a record of all instances when CPNI is disclosed to third parties. The record must include a description of each campaign, the specific CPNI that was used in the campaign, what products and services were offered as part of the campaign. Such records must be retained for at least 1 year.

9.3

Outbound Marketing Supervisory Review

Hayes shall maintain a supervisory review process regarding compliance with the rules for outbound marketing situations and maintain records of compliance for a minimum of 1 year. Sales personnel must obtain supervisory approval of any proposed outbound marketing request for Subscriber approval.

10.0 Certification
Hayes shall have an officer sign a compliance certificate in January or February of each year stating that the officer has personal knowledge that Hayes has established operating procedures that are adequate to ensure compliance with the applicable CPNI rules and regulations. Hayes must provide a statement accompanying the certificate explaining how the operating procedures ensure compliance with the applicable rules. The certificate will also include (1) an explanation of any actions taken against data brokers; and (2) a summary of all Subscriber complaints received in the past year concerning the unauthorized release of CPNI.

-4-

Confidential & Proprietary

CPNI Compliance Policy

Hayes e-Government Resources, Inc.

st

Each annual certificate shall be filed with the FCC on or before March 1 of each year and certain information contained in the certificate or accompanying statement may be filed under confidential seal. Each annual certificate shall be retained for a period of at least two years.

11.0 Enforcement
Hayes will seek to employ appropriate remedies against those persons violating this Policy. Remedies may include, but are not limited to, financial, legal or disciplinary actions, including termination and referrals to law enforcement when appropriate. Any suspected violations of this policy should be reported to Bradford Hood. Exceptions For security and maintenance purposes, Hayes authorized individuals may monitor equipment, systems and network traffic limited by their duties. Hayes reserves the right for authorized individuals to audit networks and systems on a periodic basis to ensure compliance with this Policy.

12.0 Definitions
Term Address of Record Definition An address of record, whether postal or electronic, is an address that the Company has associated with the Subscribers account for at least 30 days. Hayes e-Government Resources, Inc. Call Detail Record is information that pertains to the transmission of specific telephone calls, including, for outbound calls, the number called, and the time, location, or duration of any call and, for inbound calls, the number from which the call was placed, and the time, location, or duration of any call. Customer Proprietary Network Information is information that relates to the quantity, technical configuration, type, destination, location, and amount of use of a telecommunications service subscribed to by a subscriber of a telecommunications carrier, and that is made available to the carrier by the subscriber solely by virtue of the carrier-subscriber relationship; and, information contained in the bills pertaining to telephone exchange service or telephone toll service received by a subscriber of a carrier. CPNI does not include a subscribers name, telephone numbers, addresses, or primary advertising classification. Federal Communications Commission. A Subscriber is the entity that purchases telecommunications services from Hayes.

Hayes Call Detail Record (CDR)

Customer Proprietary Network Information (CPNI)

FCC Subscriber

-5-

Confidential & Proprietary