Crocker Communications Inc. and/or Crocker Telecommunications LLC (“CROCKER”) has adopted this Policy to protect the confidentiality, security and integrity of nonpublic personal and business customer information as required by 201 CMR 17.00 et seq.

1-Compliance

a. CROCKER makes all reasonable efforts to safeguard and avoid disclosure of Proprietary and Sensitive Personaland Business information to include but not limited to: The Health Insurance Portability and Accountability Act of 1996 (HIPAA), the 201 CMR 17.00: Standards For The Protection Of Personal Information Of Residents Of The Commonwealth Of Massachusetts.

2. Data Collection Limitations

a. CROCKER makes all reasonable efforts to limit data that it receives, collects, stores and transmits.

b. CROCKER makes all reasonable efforts to safeguard both physical and electronic access to any data that may be stored in the course of conducting business.

c. CROCKER makes reasonable efforts to return or destroy all proprietary and sensitive personal and business information after termination of relationship between itself and business entities as legally required.

3. Employees

a. CROCKER provides ongoing periodic training to ensure employees understand their obligations with respect to the protection of nonpublic personal information and the security of CROCKER systems. Failure to follow the policy adopted by CROCKER will result in employee discipline and personal file notation.

b. CROCKER makes all reasonable efforts to limit employee access to private and sensitive information within the scope of their job roles to include phone conversations, meetings minutes, documents and electronic access for CROCKER, Vendor and Client-owned systems.

c. CROCKER has designated two employees to maintain and enforce the Policy. One employee maintains the information technology aspects of the Policy and one employee maintains the training and personnel aspect of the Policy. The Board of Directors of CROCKER oversees implementation of the Policy.

4. Security, Safeguards and Access Limitations

a. CROCKER makes all reasonable efforts to implement and enforce encryption and back up systems to meet industry standard safeguards, protocols, security features and access limits both in physical facilities and electronic/network systems to attempt to prevent unauthorized access.

5. Third party, agents and subcontractors

a. CROCKER makes all reasonable efforts to ensure that third party vendors, subcontractors and agents are able to comply and have complied with to privacy regulations as well as security measures at CROCKER.

6. Monitoring and Auditing

a. CROCKER makes all reasonable efforts to regularly monitor and update its physical and electronic/network systems to identify risk assessments and attempted breaches.

b. CROCKER makes all reasonable efforts to regularly conduct audits on systems, procedures, subcontractors and employees to confirm continued adherence to applicable privacy and security regulations and standards.

7. Data Transmission

a. CROCKER makes all reasonable efforts to ensure that outbound privacy, proprietary, sensitive, personal and business information is transmitted on systems that are encrypted, secure or have limited access and availability. All closed files are stored in a locked facility or container.

8. Reporting

a. CROCKER makes all reasonable efforts to have internal systems in place for its employees to report and follow up on discovered instances of noncompliance or breaches of security and privacy.

b. CROCKER makes all reasonable efforts to report unintended disclosures to its clients, vendors, and/or authorities as required by law.

CROCKER has a longstanding commitment to maintaining the privacy of our client’s information and has implemented a privacy and security infrastructure that meets state and federal requirements.

507609.1 Crocker Document # 9106 Last Updated: 24APR2012