September 1997
THE "NEW" BELL ATLANTIC PRIVACY PRINCIPLES
Message from the Chairman and Vice Chairman
Technology is changing the way companies do business -- and changing the way they collect and use information about customers. Used responsibly, that information can help companies serve customers better. But, with advances in communications technology come growing concerns -- by customers and policymakers -- about maintaining the privacy of individual customer information.
We take privacy concerns very seriously. NYNEX and Bell Atlantic were built on more than a century of customer service and trust, and work hard to uphold that tradition. Both companies have been guided by strong codes governing the privacy of customer communications and information. With our merger, we have combined the best of both codes to establish Privacy Principles for the new Bell Atlantic.
These Privacy Principles state our commitment and define our policy on safeguarding customer privacy. We think these guidelines are among the most progressive in the industry. They balance customer concerns about privacy with their interest in receiving quality service and useful new products. This is especially important at a time when emerging telecommunications services present us with new business opportunities and new challenges to protecting customer privacy.
We recognize that some of our customers may be more concerned than others about the information we obtain about them. Our Principles give customers choices and flexibility regarding how we use that information. And the Principles guide our employees in handling customer information so that private information remains private.
At Bell Atlantic, we're committed to safeguarding customer privacy. We require our employees, partners and suppliers to protect the privacy of information about our customers. We're putting customers first -- and that's the key to success in this new kind of marketplace.
Ray Smith
Chairman and Chief Executive Officer
Ivan Seidenberg
Vice Chairman, President and Chief Operating Officer
The Bell Atlantic Privacy Principles
Explaining the Guidelines
These ten Principles express Bell Atlantic's commitment to assuring strong and meaningful customer privacy protection in an era of rapidly changing communications technology and applications. The Principles are guidelines to help us work with our customers to properly use individual information acquired through a variety of lines of businesses. The goal is simple: balance our customers' concerns about privacy with their interest in receiving quality service and useful new products.
The Principles are based on the concepts of notice, choice and control. Bell Atlantic is committed to informing customers, and giving customers choices, about how we use information about them. Above all, the Principles are designed to ensure that Bell Atlantic will respect a customer's desire for privacy.
These Principles apply to our use of "individual customer information" -- that is, information about specific customers. Information that does not reveal a customer's identity is not individual customer information. For example, "aggregated information," such as the number of customers who have purchased Call Waiting in a particular state, or the number of users to access a Web site in a particular day, does not raise privacy concerns and is not covered by these Principles.
Under each Principle, we provide an explanation and list examples to give our employees and customers a sense of how these Principles are applied. The examples are intended to be illustrative, not all inclusive. Additional information about our privacy policy is available at our Bell Atlantic Web sites.
Information Collection and Use
Principle 1: Bell Atlantic obtains and uses individual customer information for business purposes only.
We obtain information about our customers that helps to provide them with Bell Atlantic services. This information may also be used to protect customers, employees and property against fraud, theft or abuse; to conduct industry or consumer surveys; and to maintain good customer relations.
We may ask customers questions to better serve their special needs and interests. For example, our telephone company may ask whether customers work at home, whether any members of the household have special needs, or whether teenagers reside in the household, in order to determine whether customers may be interested in additional lines, ISDN or other services.
Access to databases containing customer information is limited to employees who need it to perform their jobs -- and they follow strict rules when handling that information.
Principle 2: Bell Atlantic informs customers how information Bell Atlantic obtains about them is used, as well as their options regarding its use.
Bell Atlantic discloses to customers the types of information a Bell Atlantic business unit obtains about customers, how and when it is used, when it might be disclosed, the stringent measures we employ to protect it, and ways the customer can restrict the use or disclosure of that information.
For customers of our on-line services, we will disclose how individual customer information is obtained (whether through customer registration or through automatic means), what kind of information is obtained, and how long electronically obtained information is generally retained. We will also state the purpose for which we use the information obtained on line, and use it only for the stated purpose.
Customers may obtain information regarding Bell Atlantic's privacy policy by accessing our World Wide Web site at http://www.BellAtlantic.com, or by requesting information from a Bell Atlantic service representative.
Principle 3: Bell Atlantic gives customers opportunities to control how and if Bell Atlantic uses individual information about them to sell them products and services.
Customers have many opportunities to control how we use their individual information to introduce them to new products and services. For example, Bell Atlantic will not call customers who have expressed to us a preference not to be called for marketing purposes. Customers can also have their names removed from direct mail and customer survey lists that we use. The same will be true for e-mail, if any Bell Atlantic business unit decides to use e-mail to send new product information to its customers.
However, we do use individual customer information internally for our own general marketing and planning purposes -- so that we can, for example, develop, test and market new products and services that meet the needs of our customers. Ordinarily, such information is combined into aggregations that do not include individual customer identities. Under certain circumstances, we are required by law to disclose the aggregated information to other companies, but in such cases customer identities are not included.
Disclosure of Individual Customer Information
Principle 4: Bell Atlantic enables customers to control how and if Bell Atlantic discloses individual information about them to other persons or entities -- except as required by law or to protect the safety of customers, employees or property.
Subject to legal and safety exceptions, Bell Atlantic will only share individual customer information with persons or entities outside the company when the customer has consented, or when we have advised the customer of the opportunity to "opt-out" (to choose not to have the information disclosed).
An example of when Bell Atlantic would disclose individual customer information to an outside entity is when Bell Atlantic is served with valid legal process for customer information. In such cases, we are required to release the information. We are also required by law to provide billing name and address information to a customer's long distance carrier and other telephone companies, to allow them to bill for telecommunications services (unless a customer asks us not to, in which case the customer may be blocked from obtaining some of the services of these companies). Similarly, we are required to provide directory publishers with listings information -- name, address and phone number -- for purposes of publishing and delivering directories. In addition, under certain circumstances, our telephone company shares customer information with other carriers and with law enforcement, to prevent and investigate fraud and other unlawful use of communications services.
We are committed to ensuring that all Bell Atlantic business units and their employees, agents and contractors comply with these Privacy Principles. Thus, individual customer information generally may be disclosed to other Bell Atlantic business units or affiliated companies and Bell Atlantic's agents that have agreed to comply with the Principles, unless customer consent or the opportunity to opt out is required by law.
Accuracy of Individual Customer Information
Principle 5: Bell Atlantic strives to ensure that the information Bell Atlantic obtains and uses about customers is accurate.
Bell Atlantic is committed to ensuring that the information we obtain and use about customers is accurate. To that end, we strive to verify that our customer records are correct. Customers who find an error in their Bell Atlantic bills are encouraged to notify Bell Atlantic. Bell Atlantic's service representatives are trained to answer customer questions about, and to give customers reasonable access to, the information we have about them. Our service representatives will also provide explanations of how such information is used and how to correct any inaccuracies if they occur.
Privacy and Bell Atlantic Services
Principle 6: Bell Atlantic considers privacy implications as new services are planned and introduced and informs customers of the privacy implications of these services.
Bell Atlantic offers several privacy-enhancing services, including Non-Published numbers, Caller ID, Caller ID With Name, Per Call Blocking and Anonymous Call Rejection. We also work to develop other services that help customers to control access to information about them. We seek customer input in developing new products and conduct comprehensive customer outreach and education before and after introducing privacy-sensitive products. We take these steps in accordance with these Privacy Principles as well as our Universal Design Principles, which govern the accessibility of our services to the broadest possible range of diverse users.
At Bell Atlantic, we are committed to expanding the world of communications and multimedia for customers -- a world of wireline and wirefree solutions ... voice, video and data services ... information and entertainment. We will investigate the privacy implications these new services may have and build safeguards into services before they are introduced. We will inform and educate customers about the effect on privacy the new services may have.
Information Management and Security
Principle 7: All Bell Atlantic employees are responsible for safeguarding individual customer communications and information.
Bell Atlantic's Employee Code of Business Conduct, which is distributed to all employees, requires Bell Atlantic personnel to be aware of and protect the privacy of all forms of customer communications -- whether they are voice, data or image transmissions -- as well as individual customer records. The Code makes clear that employees who fail to follow the Privacy Principles will face disciplinary action, which can include dismissal. All employees are trained regarding their responsibilities to safeguard customer privacy.
We strive to assure that information we have about our customers is accurate, secure and confidential, and to ensure that our employees comply with our privacy policy. We never tamper with, intrude upon or disclose the existence or contents of any communication or transmission, except as required by law or the proper management of our network. Access to databases containing customer information is limited to employees who need it to perform their jobs -- and they follow strict guidelines when handling that information. We use safeguards to increase data accuracy and to identify and authenticate the sources of customer information. We use locks and physical security measures, sign-ons and password control procedures and internal auditing techniques to protect against unauthorized use of terminals and entry into our data systems.
We encourage our employees to be proactive in implementing and enforcing the Company's privacy policies. If employees become aware of practices that raise privacy concerns, they are encouraged to report it to their supervisors or to contact Bell Atlantic's Ethics or Security office.
Compliance With Laws and Public Policy Participation
Principle 8: Bell Atlantic participates in and supports consumer, government and industry efforts to identify and resolve privacy issues.
We participate in legislative and regulatory proceedings, industry association efforts, consumer group efforts, and general business group activities relating to telecommunications privacy issues. Our External Affairs department is responsible for coordination of Bell Atlantic's public policy participation.
We believe that developing international privacy protection and information-use standards is necessary to protect the needs of our customers. Bell Atlantic supports the development of international standards to protect individual customer information and its proper use on a worldwide basis.
Principle 9: Bell Atlantic complies with all applicable privacy laws and regulations wherever Bell Atlantic does business.
Customer and policymaker perceptions of privacy have changed over time and will continue to do so. Changes in technology can also alter what is appropriate in protecting privacy. Laws may change accordingly. We will regularly examine -- and update, if necessary -- the Bell Atlantic Privacy Principles.
Not only will Bell Atlantic comply with all applicable privacy laws, but we'll carefully monitor customer needs and expectations. And Bell Atlantic will work with policymakers and consumers to ensure that we continue to safeguard privacy, giving customers choices, flexibility and control.
Bell Atlantic considers privacy laws and regulations to be the minimum standards we will adhere to in protecting privacy. In addition to complying with the law, Bell Atlantic will also adhere to these Privacy Principles wherever we do business.
Implementation
Principle 10: Each Bell Atlantic company is responsible for implementing these Principles and informing customers about its privacy practices. Bell Atlantic encourages companies related to, but not wholly owned by, Bell Atlantic to adopt these Principles.
Every Bell Atlantic business unit is responsible for:
Evaluating its particular needs and determining how to implement the Principles;
Developing its own privacy policies and procedures based on the Principles, and developing additional privacy policies and procedures if needed;
Informing its employees of the policies and training them in the proper procedures; and
Informing customers how personal customer information is used and how they can control its use and disclosure.
The Bell Atlantic Public Policy Committee -- the leadership team responsible for shaping the public policy direction of Bell Atlantic -- is charged with ensuring that Bell Atlantic business units and employees comply with the Privacy Principles. In addition, Bell Atlantic's Corporate Compliance Officer is responsible for ensuring that all Bell Atlantic business units and their employees comply with privacy laws and regulations.
Bell Atlantic requires any vendors and consultants we hire, as well as suppliers and contractors, to observe these privacy rules with respect to any of our customers' individual customer information. They must abide by the Principles when conducting work for us, and they will be held accountable for their actions.
###