Keeping Data Safe

Posted on June 06, 2014
Posted By: Harry Stephens

Almost every company today has access to considerable quantities of sensitive information regarding their customers. As a result, it has become critical to have the proper controls in place that fully protect customer data and company information. Even the slightest data breach can lead to irreparable damage to a company's reputation, as well as leading to lawsuits or regulatory fines.

It starts with taking a global view

While the term "identity theft" has become synonymous with the thought of computer hackers, the truth is that that there may be vulnerabilities within your own operations that frequently lead to accidental privacy violations-which can be equally damaging. The risk of data loss through the Internet is obvious, but the security risks that are involved with people taking work home via laptops, portable USB devices, etc. can be overlooked. In this regard, important considerations include whether you have a system in place (and a policy) that ensures your employees are shredding all sensitive documents or have limited access to sensitive data.
Some questions to consider when determining how well your utility is identifying and tackling the risks of data loss include:

  • - Are the appropriate resources readily available to do an effective assessment of risk and install more effective controls if necessary?
  • - Is redundant customer data disposed of securely?
  • - How is all customer data stored in electronic databases?
  • - Are the proper controls in place to limit access to customer data and prevent it from being misused, lost or stolen?

How the questions are answered may make it immediately clear what the necessary next steps should be.

Finally, certifications count

Many utilities have chosen to outsource their document processing, distribution and billing solutions to a reputable third-party provider certified in operational excellence and security. If that is the path your company chooses, it is important to ascertain if the third-party provider is independently certified in the industry standards mandatory to security compliance.

The top three certifications to ask about are:

  • - SSAE 16, Type II (Statement on Standards for Attestation Engagements No. 16) Certification - SSAE 16 is an accreditation awarded by the American Institute of Certified Public Accountants (AICPA) and ensures that all outsourced documents are handled in a secure, reliable and stable environment with tight process controls in place.
  • - PCI DSS 2.0 (Payment Card Industry Data Security Standard) Compliant - The PCI DSS is a globally instituted security standard for all merchants and service providers who accept credit card information; it is designed to keep customer payment card data secure and prevent payment cardholder data fraud.
  • - Sarbanes-Oxley (SOX) - Any organization fully trained in SOX regulations ensures that its clients are compliant with all corporate accounting controls required by U.S. federal law.

Protecting and ensuring compliance for every business today is more than a full-time job: it requires 24/7 monitoring of all data, networks and internal processes. The security of your data should be priority-one and it is important to implement the proper protections, whether internally or by partnering with a third-party provider. Without these fundamental controls, there is a definite opportunity for data to be unmonitored, leaving a utility open to a multitude of risks that with the proper planning and processes can be averted.

Authored By:
Harry Stephens is President and CEO of DATAMATX, one of the nation’s largest privately-held, full-service providers of printed and electronic billing solutions. For more information about DATAMATX, visit or call 800-943-5240.

Other Posts by: Harry Stephens

Related Posts


Add your comments:

Please log in to leave a comment!
back to top

Receive Energy Central eNews & Updates


Getting Physical with Cybersecurity

Wednesday Sep 7, 2016 - 1:00 PM Eastern - Your office

IT-OT-Physical Security Convergence for Critical Infrastructure Protection In spite of huge investments in security, attacks in critical sectors are on the rise. Most owners and operators of critical infrastructure assets deal with security in departmental silos which is not only more...

Sponsored Content