Keeping Data Safe

Posted on June 06, 2014
Posted By: Harry Stephens

Almost every company today has access to considerable quantities of sensitive information regarding their customers. As a result, it has become critical to have the proper controls in place that fully protect customer data and company information. Even the slightest data breach can lead to irreparable damage to a company's reputation, as well as leading to lawsuits or regulatory fines.

It starts with taking a global view

While the term "identity theft" has become synonymous with the thought of computer hackers, the truth is that that there may be vulnerabilities within your own operations that frequently lead to accidental privacy violations-which can be equally damaging. The risk of data loss through the Internet is obvious, but the security risks that are involved with people taking work home via laptops, portable USB devices, etc. can be overlooked. In this regard, important considerations include whether you have a system in place (and a policy) that ensures your employees are shredding all sensitive documents or have limited access to sensitive data.
Some questions to consider when determining how well your utility is identifying and tackling the risks of data loss include:

  • - Are the appropriate resources readily available to do an effective assessment of risk and install more effective controls if necessary?
  • - Is redundant customer data disposed of securely?
  • - How is all customer data stored in electronic databases?
  • - Are the proper controls in place to limit access to customer data and prevent it from being misused, lost or stolen?

How the questions are answered may make it immediately clear what the necessary next steps should be.

Finally, certifications count

Many utilities have chosen to outsource their document processing, distribution and billing solutions to a reputable third-party provider certified in operational excellence and security. If that is the path your company chooses, it is important to ascertain if the third-party provider is independently certified in the industry standards mandatory to security compliance.

The top three certifications to ask about are:

  • - SSAE 16, Type II (Statement on Standards for Attestation Engagements No. 16) Certification - SSAE 16 is an accreditation awarded by the American Institute of Certified Public Accountants (AICPA) and ensures that all outsourced documents are handled in a secure, reliable and stable environment with tight process controls in place.
  • - PCI DSS 2.0 (Payment Card Industry Data Security Standard) Compliant - The PCI DSS is a globally instituted security standard for all merchants and service providers who accept credit card information; it is designed to keep customer payment card data secure and prevent payment cardholder data fraud.
  • - Sarbanes-Oxley (SOX) - Any organization fully trained in SOX regulations ensures that its clients are compliant with all corporate accounting controls required by U.S. federal law.

Protecting and ensuring compliance for every business today is more than a full-time job: it requires 24/7 monitoring of all data, networks and internal processes. The security of your data should be priority-one and it is important to implement the proper protections, whether internally or by partnering with a third-party provider. Without these fundamental controls, there is a definite opportunity for data to be unmonitored, leaving a utility open to a multitude of risks that with the proper planning and processes can be averted.

Authored By:
Harry Stephens is President and CEO of DATAMATX, one of the nation’s largest privately-held, full-service providers of printed and electronic billing solutions. For more information about DATAMATX, visit or call 800-943-5240.

Other Posts by: Harry Stephens

Related Posts


Add your comments:

Please log in to leave a comment!
back to top

Receive Energy Central eNews & Updates



Thursday Nov 6, 2014 - 12:00 PM Eastern - Virtual Event

Points for Discussion on November 6th: * How do I merge my grid resiliency and physical security efforts? * What key DoD and intelligence technologies can be used to enhance my physical security? * How can I realize the benefits more...

2014 Knowledge Executive Summit

Monday Nov 10, 2014 - Wednesday Nov 12, 2014 - NewPort Beach, CA

Connect with an exclusive gathering of over 100 elite CIOs, VP's of Customer Service and VP's of Operations to network and share knowledge around the most critical issues and opportunities facing utility executives. Enjoy a breathtaking resort setting along the more...

Utilities Executive Forum and Roundtable: November 18-20, 2014

Tuesday Nov 18, 2014 - Thursday Nov 20, 2014 - Ponte Vedra Beach , Florida - USA

Allow us to be your host for a gathering of senior utility executives featuring industry experts from Ferranti Computer Systems, Microsoft and Avanade discussing current challenges and trends in the Utility and Energy industry. We will be providing attendees an more...

Sponsored Content