Keeping Data Safe

Posted on June 06, 2014
Posted By: Harry Stephens

Almost every company today has access to considerable quantities of sensitive information regarding their customers. As a result, it has become critical to have the proper controls in place that fully protect customer data and company information. Even the slightest data breach can lead to irreparable damage to a company's reputation, as well as leading to lawsuits or regulatory fines.

It starts with taking a global view

While the term "identity theft" has become synonymous with the thought of computer hackers, the truth is that that there may be vulnerabilities within your own operations that frequently lead to accidental privacy violations-which can be equally damaging. The risk of data loss through the Internet is obvious, but the security risks that are involved with people taking work home via laptops, portable USB devices, etc. can be overlooked. In this regard, important considerations include whether you have a system in place (and a policy) that ensures your employees are shredding all sensitive documents or have limited access to sensitive data.
Some questions to consider when determining how well your utility is identifying and tackling the risks of data loss include:

  • - Are the appropriate resources readily available to do an effective assessment of risk and install more effective controls if necessary?
  • - Is redundant customer data disposed of securely?
  • - How is all customer data stored in electronic databases?
  • - Are the proper controls in place to limit access to customer data and prevent it from being misused, lost or stolen?

How the questions are answered may make it immediately clear what the necessary next steps should be.

Finally, certifications count

Many utilities have chosen to outsource their document processing, distribution and billing solutions to a reputable third-party provider certified in operational excellence and security. If that is the path your company chooses, it is important to ascertain if the third-party provider is independently certified in the industry standards mandatory to security compliance.

The top three certifications to ask about are:

  • - SSAE 16, Type II (Statement on Standards for Attestation Engagements No. 16) Certification - SSAE 16 is an accreditation awarded by the American Institute of Certified Public Accountants (AICPA) and ensures that all outsourced documents are handled in a secure, reliable and stable environment with tight process controls in place.
  • - PCI DSS 2.0 (Payment Card Industry Data Security Standard) Compliant - The PCI DSS is a globally instituted security standard for all merchants and service providers who accept credit card information; it is designed to keep customer payment card data secure and prevent payment cardholder data fraud.
  • - Sarbanes-Oxley (SOX) - Any organization fully trained in SOX regulations ensures that its clients are compliant with all corporate accounting controls required by U.S. federal law.

Protecting and ensuring compliance for every business today is more than a full-time job: it requires 24/7 monitoring of all data, networks and internal processes. The security of your data should be priority-one and it is important to implement the proper protections, whether internally or by partnering with a third-party provider. Without these fundamental controls, there is a definite opportunity for data to be unmonitored, leaving a utility open to a multitude of risks that with the proper planning and processes can be averted.

Authored By:
Harry Stephens is President and CEO of DATAMATX, one of the nation’s largest privately-held, full-service providers of printed and electronic billing solutions. For more information about DATAMATX, visit or call 800-943-5240.

Other Posts by: Harry Stephens

Related Posts

IT Security in Utilities By Arun Krishnamurthi

Add your comments:

Please log in to leave a comment!
back to top

Receive Energy Central eNews & Updates


Navigating the Inimitable Needs of NERC CIP Compliance through Automated Framework

Tuesday Sep 16, 2014 - 12:00 PM Eastern - Virtual Event

There has been a significant emphasis from auditors of NERC Compliance on the adoption of automation processes by registered entities to enable a higher level of risk assurance. With continuous changes in the NERC CIP versions, as well as the more...

Data-to-Value Realized: AMI/OMS Integration

Thursday Sep 18, 2014 - 12:00 PM Eastern - Virtual Event

The explosion of data in utilities has at times seemed to have created more problems that it has solved. One refrain from utility executives is often around the quest for more value creation from their investments in smart grid, smart more...

Utility Analytics, Challenges & Solutions Webcast Series - Session One

Monday Sep 22, 2014 - 12:00 PM Eastern - Virtual Event

The utility analytics marketplace is evolving so fast that it is hard to keep up with new technologies and processes that are transforming how utilities accomplish their mission. This webcast series provides attendees with an opportunity to see and hear more...

Utility Analytics, Challenges & Solutions Webcast Series - Session Three

Wednesday Sep 24, 2014 - 12:00 PM Eastern - Virtual Event

The utility analytics marketplace is evolving so fast that it is hard to keep up with new technologies and processes that are transforming how utilities accomplish their mission. This webcast series provides attendees with an opportunity to see and hear more...

Is Your Utility Part of Your Customer's "Digital Life?"

Thursday Oct 2, 2014 - 12:00 PM Eastern - Virtual Event

Utilities play an important role in a customer's life and yet they have not made the leap to be part of their customer's "digital life" - with an average of only 15% receiving their utility bills electronically. more...

CounterIntel Conference and Training - Park City, Utah

Tuesday Sep 16, 2014 - Thursday Sep 18, 2014 - Park City, UT - USA

Critical Intelligence will host our first CounterIntel Conference and Training in Park City, Utah, September 16-18, 2014. Join industry peers, industrial control system owners/operators and intelligence experts to discuss situational awareness and intelligence. Learn how leading organizations are incorporating intelligence more...

2014 Utility Analytics Week

Wednesday Oct 22, 2014 - Friday Oct 24, 2014 - Newport Beach, CA

Join us for our Third Annual Utility Analytics Week event where you will hear and learn about the hottest topics in analytics today. The analytics revolution is pushing utilities to respond to real time needs arising in the industry as more...

Sponsored Content