Privacy Policy | My Verizon Business Solutions

Q: What is CPNI and how does My Verizon Business protect it?

Customer Proprietary Network Information (CPNI) is data about telecommunications services — call records, usage patterns, service configurations — that the Federal Communications Commission regulates under 47 CFR Part 64. My Verizon Business Solutions treats CPNI with encryption in transit and at rest, access logging, annual employee training on CPNI handling, and published procedures for customer CPNI access requests. CPNI is never shared with third parties for marketing without explicit opt-in consent.

Q: How does HIPAA data handling work through the portal?

Healthcare customers sign a HIPAA Business Associate Agreement (BAA) at contract. The BAA governs Protected Health Information (PHI) that flows through network services — network segmentation isolates PHI traffic, audit logs capture access events, encryption protects PHI in transit and at rest at edge locations. My Verizon Business does not inspect PHI payloads; the platform transports PHI under the Associated Business terms with breach notification commitments specified in the BAA.

Q: Does data stay in the United States for FedRAMP customers?

Yes. Federal agency customers on FedRAMP High-authorized services receive data residency in the United States. FedRAMP-authorized edge locations operate exclusively within the continental United States, and the authorized government cloud connects to segregated regions meeting the FedRAMP High authorization boundary. Multi-national enterprises with both federal and international operations can segment workloads between FedRAMP and commercial environments to keep federal data in-country while other data flows under GDPR or other regional frameworks.

This Privacy Policy governs how My Verizon Business Solutions collects, uses, transmits, and safeguards information in connection with the services described on this website. Because My Verizon Business serves enterprise customers in regulated verticals — healthcare, finance, retail, logistics, and public sector — the policy addresses multiple overlapping regimes: the Federal Communications Commission rules on Customer Proprietary Network Information (CPNI), the Health Insurance Portability and Accountability Act (HIPAA) governing Protected Health Information (PHI), the Federal Risk and Authorization Management Program (FedRAMP) for federal agency customers, the General Data Protection Regulation (GDPR) for multi-national deployments touching the European Economic Area, and the California Consumer Privacy Act (CCPA) together with the California Privacy Rights Act (CPRA).

The policy is written for enterprise administrators and compliance officers who need clear statements about how data is handled at each layer of the service. Specific terms in executed Business Associate Agreements, Data Processing Addenda, and Master Service Agreements control where those documents and this policy overlap. Questions about a specific enterprise deployment should route through the assigned customer success manager or contact us at +1-800-465-4054.

Contact Privacy Team Security Program

Privacy policy document summary showing CPNI, HIPAA BAA, FedRAMP residency, GDPR, and CCPA sections

AI Summary — My Verizon Business Privacy Policy

FCC CPNI protection under 47 CFR Part 64 with encryption, logging, and no-marketing-without-opt-in
HIPAA Business Associate Agreements govern PHI for healthcare customers
FedRAMP High authorization keeps federal agency data inside the United States
GDPR terms apply to multi-national deployments involving the European Economic Area
CCPA and CPRA rights supported for California residents
Network segmentation isolates regulated data classes from administrative telemetry
Data subject and data protection officer contacts published

CPNI Definition and Scope

CPNI includes information about the type, destination, technical configuration, quantity, and location of telecommunications services the customer receives — for example, outbound call records, inbound call records, data usage, and service configuration. CPNI does not include subscriber list information. My Verizon Business collects CPNI only in the course of providing telecommunications services and treats it as confidential under FCC CPNI rules.

CPNI Protection Measures

CPNI is encrypted in transit and at rest. Access is restricted to personnel with documented business need, logged per incident, and subject to annual CPNI-specific training. My Verizon Business does not share CPNI with third parties for marketing purposes absent the required customer opt-in approval. Customer requests for CPNI access follow the authentication procedures published in the customer agreement.

Enterprise Data Beyond CPNI

Enterprise data that is not CPNI — IoT telemetry, application traffic, video streams, compliance reports — is governed by the Master Service Agreement and any applicable Data Processing Addendum. Default posture is that enterprise customer data remains owned by the customer; My Verizon Business processes it under instruction to deliver the contracted services.

Account and Website Data

Account management data collected from the enterprise administrator portal — login events, support tickets, configuration changes — is retained under the account data retention schedule published in the Master Service Agreement. Website data, including cookies and analytics, is described in the website Cookie Notice accessible from the portal footer. Cookies are categorized and controllable per the help centre Cookie Preferences page.

PHI Handling Under the BAA

The BAA authorizes My Verizon Business to process PHI solely to deliver contracted telecommunications and network services. Network segmentation isolates PHI traffic onto a dedicated VLAN. Encryption protects PHI in transit and at rest where My Verizon Business infrastructure stores PHI. Access controls enforce minimum-necessary access principles. Audit logs capture access events with chain-of-custody metadata supporting customer-side audit workflows.

Breach Notification and Subcontractors

The BAA specifies breach notification timelines consistent with HIPAA and state-law breach notification requirements. Subcontractors that encounter PHI sign pass-through BAAs binding them to equivalent protections. Healthcare customers receive annual BAA attestations and may request scope reviews through their customer success manager. Review related content on Healthcare Solutions and the security posture documentation.

United States Data Residency

FedRAMP-authorized services keep federal data inside the United States. Edge locations supporting FedRAMP services operate exclusively within the continental United States. The authorized government cloud uses segregated regions meeting the FedRAMP High authorization boundary. Personnel accessing federal systems meet FedRAMP personnel security requirements including background investigations. Continuous Monitoring packages are produced per the schedule approved by the Authorizing Official.

Multi-Jurisdictional Deployments

Multi-national enterprises that mix federal and commercial workloads can segment deployments between FedRAMP authorization boundaries and commercial environments. Commercial workloads fall under the commercial Master Service Agreement and applicable regional data protection regulations. Authorization boundary design during onboarding defines the segmentation and data-flow controls. Federal guidance published by CISA informs the continuous monitoring approach.

Data Processor Role and Standard Contractual Clauses

My Verizon Business operates as a data processor for enterprise customer data under GDPR Article 28. Data Processing Addenda incorporate the Standard Contractual Clauses approved by the European Commission to authorize cross-border data transfers out of the European Economic Area. Subprocessors that receive personal data sign equivalent terms. A list of subprocessors is published for customer review and updated as the subprocessor list changes.

Data Subject Rights

Data subjects can exercise rights under GDPR — access, rectification, erasure, restriction of processing, data portability, and objection — through the enterprise customer acting as data controller. My Verizon Business supports the controller's response by providing relevant data extracts, configuration evidence, and audit logs within required timeframes. The data protection officer is reachable through the published privacy contact address for inquiries involving processing by My Verizon Business.

Consumer Rights Supported

California residents whose personal information is processed through My Verizon Business services may exercise rights including the right to know what personal information is collected, the right to delete personal information, the right to correct inaccurate personal information, the right to opt out of sale or sharing, and the right to limit use of sensitive personal information. Requests route through the enterprise customer when the customer acts as the business; My Verizon Business supports the customer response by providing applicable records and evidence.

Sensitive Personal Information and Sale/Share

My Verizon Business does not sell personal information of California residents. Cross-context behavioral advertising is not a feature of the enterprise service. Sensitive personal information is processed only for the limited purposes permitted under CPRA and the Master Service Agreement. For more context on the overall security program, see Security. California Attorney General guidance as referenced by FTC privacy guidance informs consumer-rights workflows.

Privacy Contact

General privacy inquiries and data subject rights support: call +1-800-465-4054 or submit through the contact form. Enterprise accounts with assigned customer success managers should route through the CSM for faster response. Data protection officer inquiries follow the path published in the executed Data Processing Addendum.

Policy Updates

This Privacy Policy is reviewed at least annually and updated when legal, regulatory, or service changes require revision. Material changes are communicated to enterprise customers through the standard contract notification channel. The effective date and revision history are published at the top of this page. Prior versions are available on request through the customer success manager.

Questions About My Verizon Business Privacy Practices

Privacy questions from enterprise customers route through the customer success manager. Data subject rights inquiries under GDPR or CCPA route through the enterprise customer acting as controller. For general privacy questions, call the privacy team or visit Help Centre. For the broader security program, see Security.

Contact Privacy Team Security Program

What is CPNI and how does My Verizon Business protect it?

CPNI is telecom-specific customer information regulated under 47 CFR Part 64. Encrypted in transit and at rest, access-logged, with annual employee training. No third-party marketing sharing without opt-in consent.

How does HIPAA data handling work through the portal?

Healthcare customers sign a Business Associate Agreement at contract. PHI is segmented onto a dedicated VLAN, encrypted, audit-logged, and handled under minimum-necessary access controls. See Healthcare Solutions.

Does data stay in the United States for FedRAMP customers?

Yes. FedRAMP-authorized edge locations operate in the continental United States. The authorized government cloud uses segregated regions meeting the FedRAMP High authorization boundary. Multi-national deployments can segment federal and commercial workloads. Call +1-800-465-4054 to discuss a specific architecture.