Book Preview: Privacy Compliance in the Energy Sector

Electric Utility Boards: A Compliance Strategy

We are witnessing an unprecedented increase in cyber attacks, with energy utilities in particular under threat; in fact, the energy sector leads all industries in reported data breach incidents. Privacy, information security, and cybersecurity have never been more important; yet it is clear that many organizations are struggling to keep up with new technological issues and legal requirements. KI Design can help your company prepare for these new challenges.

Compliance is a major aspect of governance. However, utility boards and management tend to focus exclusively on regulatory compliance – making sure that their facility is compliant with the NERC Critical Infrastructure Protection Reliability Standards, for example. Corporate compliance, such as meeting data protection regulation requirements is often overlooked, but remains essential to effective governance. The potential consequences of non-compliance include data breaches, reputational damage, lawsuits, monetary fines, penalties, and even criminal charges against the company or staff.

Privacy is one of the key issues on which directors must focus in order to execute their compliance and managerial oversight, as well as mitigate risk.

Electric utilities collect and store personally identifiable information (PII) from their employees and customers, and thus the protection of that data is a vital part of their operation.

Organizations can help to protect the PII in their custody by implementing an overall culture of privacy, and this is where KI Design can contribute. Systematic training, ongoing monitoring, auditing, and regular evaluation are key components of a culture of privacy.

Data privacy in the US is regulated by a constantly evolving patchwork of federal and state law. There is no overarching federal privacy law; instead, privacy protection is determined on a sectoral basis, within industries. As hefty rulings in recent years have indicated, the Federal Trade Commission’s (FTC) increased authority raises the stakes when it comes to data protection. Any personally identifiable information that is collected— even the data gathered through a member survey— will bring a utility under the aegis of the FTC.

Evaluating compliance with the plethora of applicable laws and regulations is a challenging but necessary process for electric utilities and other corporations. However, implementing privacy best practices very often mitigates the majority of legal compliance issues, and can often help companies stay ahead of regulatory changes.

We have proven experience supporting energy utilities in developing corporate policies and procedures in line with industry best practices. Through this process, we help companies foster a culture of privacy that functions beyond basic legal compliance. Companies become comfortable identifying and preventing errors, as well as wielding the necessary authority to promptly detect and correct errors should they occur.

Good privacy governance requires an actively engaged executive team, an actionable data protection plan, and regular reports and updates. KI Design will work with your company to enhance compliance, mitigate risk, and implement best practices.