Data Protection Policy

Download the Data Protection Policy [PDF]

1. Purpose

Summit Broadband and/or its subsidiaries, divisions, or affiliates (“Summit Broadband” or “Company”) may collect and use certain data and information in its normal business operations, which may include identifiable information such as a customer’s name, address, username, password, digital footprint, photographs, account and financial data (collectively referred to as the “Information”). Protecting its customers’ privacy is an important priority at Summit Broadband, and the Company is committed to maintaining strong and effective data protection policies. Summit Broadband values the trust that its customers place in its business and takes great measures to treat its customers’ information with utmost care and confidentiality. The Summit Broadband Data Protection Policy is designed to inform its customers about the information the Company collects, how it uses the information, and options regarding certain uses of this information. This Data Protection Policy also describes privacy rights customers have under certain federal laws, and it applies to customers in the United States, and the products and services the company provides. This is an overall statement of principles which is supported by detailed policy and procedure documents covering specific aspects of Summit Broadband’s data protection, cyber security and privacy rights obligations.  Additional information on Summit Broadband’s privacy policy is included in the Privacy Policy available on its website at and in its Information Security Program Protocol.

2. Responsibilities and Commitments

Summit Broadband is committed to protecting its customers’ data by employing strong security measures, including fine-tuned security configurations and industry security tools. Summit Broadband undertakes the following steps in order to safeguard its customers’ Information:

a. Take reasonable steps to ensure the Information is accurate and to keep it up-to-date;

b. Inform customers regarding which data is collected and for what purposes;

c. Collect and use the Information for lawful purposes only;

d. Maintain the Information safely and securely;

e. Protect the Information against unauthorized or illegal access by internal or external factors;

f. Restrict and monitor access to any Information that may contain sensitive data;

g. Provide employees with support, advice and training on privacy and security measures;

h. Safeguard the Information against corruption, compromise and/or loss; and

i. Take reasonable security measures to protect customer data as well as establish clear procedures for reporting privacy breaches or data misuse as appropriate.

3. Practices

Summit Broadband’s data protection practices are regularly reviewed to ensure the Company’s actions are compatible with the commitments stated in this Data Protection Policy and currently include the following:

a.  Summit Broadband Information Security Program (SBISP). The purpose of this program is to consistently reduce information security risk and maintain that risk at levels that are acceptable to Summit Broadband and its stakeholders. Summit Broadband uses the NIST Cybersecurity Framework and NIST SP 800-53 as its primary guiding framework for the Summit Broadband Information Security Program (SBISP). It also draws upon other frameworks or general good business practices as needed.

i.  Structure of SBISP: The Summit Broadband Information Security Program (SBISP) is primarily comprised of the following four elements.

        • Summit Broadband Information Security Standard (SBISS): The primary governing standard that establishes and defines the SBISP and the requirements of the program. The requirements are enforced through the implementation of controlled policies and procedures.
        • Summit Broadband Information Security Policies: Information security policies are controlled documents that define how the requirements of the SBISS are met.
        • Summit Broadband Information Security Procedure: Information security procedures are controlled documents that define required or prohibited steps or actions.
        • Summit Broadband Information Security Control Measures: Information security control measures are defined within information security procedure documents as applicable.

The SBISS and the information security policies will always be a living (changing) set of documents over time. They will change and adapt to Summit Broadband’s information security needs, in a controlled fashion, as needed and as approved and deemed appropriate by management.

b.  Prevention and Security. Summit Broadband is committed to securing its customers’ Information and keeping it safe. It has an Information and Security Engineering department dedicated to this task. By implementing SBISS, this department ensures that all Information is secure and any data breaches are prevented and/or mitigated. Summit Broadband leverages firewalls for all internet access points and all its internet access points are secured and monitored. Summit Broadband’s IT Department is notified in the event of any new or potential threats and appropriate security measures are taken.

c.  Employee Training and Testing. Summit Broadband carries out Information Security training for all of its new hires during onboarding. In addition, the Company uses the KnowBe4 Security Awareness and Training Solutions platform for its employees to undergo cyber security training and testing. It also uses this platform for security awareness and for simulated internal phishing campaigns it conducts throughout the year to measure employee awareness. Cyber security emails are sent to all employees periodically to keep cyber security top of mind both from KnowBe4 platform and by internal staff.

d.  Security Audits. Summit Broadband utilizes GuidePoint Security as its security experts to conduct security audits, which include external penetration tests. Any findings and recommendations are then tracked and addressed by Summit Broadband’s IT team.

4. Conclusion

This Data Protection Policy outlines Summit Broadband’s commitment to comply with all applicable data protection, cyber security and privacy requirements and to ensure its customers’ Information is gathered, stored and handled fairly, transparently and with respect for the privacy rights of individuals.