Keeping Data Safe

Posted on June 06, 2014
Posted By: Harry Stephens
 

Almost every company today has access to considerable quantities of sensitive information regarding their customers. As a result, it has become critical to have the proper controls in place that fully protect customer data and company information. Even the slightest data breach can lead to irreparable damage to a company's reputation, as well as leading to lawsuits or regulatory fines.

It starts with taking a global view

While the term "identity theft" has become synonymous with the thought of computer hackers, the truth is that that there may be vulnerabilities within your own operations that frequently lead to accidental privacy violations-which can be equally damaging. The risk of data loss through the Internet is obvious, but the security risks that are involved with people taking work home via laptops, portable USB devices, etc. can be overlooked. In this regard, important considerations include whether you have a system in place (and a policy) that ensures your employees are shredding all sensitive documents or have limited access to sensitive data.
Some questions to consider when determining how well your utility is identifying and tackling the risks of data loss include:

  • - Are the appropriate resources readily available to do an effective assessment of risk and install more effective controls if necessary?
  • - Is redundant customer data disposed of securely?
  • - How is all customer data stored in electronic databases?
  • - Are the proper controls in place to limit access to customer data and prevent it from being misused, lost or stolen?

How the questions are answered may make it immediately clear what the necessary next steps should be.

Finally, certifications count

Many utilities have chosen to outsource their document processing, distribution and billing solutions to a reputable third-party provider certified in operational excellence and security. If that is the path your company chooses, it is important to ascertain if the third-party provider is independently certified in the industry standards mandatory to security compliance.

The top three certifications to ask about are:

  • - SSAE 16, Type II (Statement on Standards for Attestation Engagements No. 16) Certification - SSAE 16 is an accreditation awarded by the American Institute of Certified Public Accountants (AICPA) and ensures that all outsourced documents are handled in a secure, reliable and stable environment with tight process controls in place.
  • - PCI DSS 2.0 (Payment Card Industry Data Security Standard) Compliant - The PCI DSS is a globally instituted security standard for all merchants and service providers who accept credit card information; it is designed to keep customer payment card data secure and prevent payment cardholder data fraud.
  • - Sarbanes-Oxley (SOX) - Any organization fully trained in SOX regulations ensures that its clients are compliant with all corporate accounting controls required by U.S. federal law.

Protecting and ensuring compliance for every business today is more than a full-time job: it requires 24/7 monitoring of all data, networks and internal processes. The security of your data should be priority-one and it is important to implement the proper protections, whether internally or by partnering with a third-party provider. Without these fundamental controls, there is a definite opportunity for data to be unmonitored, leaving a utility open to a multitude of risks that with the proper planning and processes can be averted.

 
 
Authored By:
Harry Stephens is President and CEO of DATAMATX, one of the nation’s largest privately-held, full-service providers of printed and electronic billing solutions. For more information about DATAMATX, visit www.datamatx.com or call 800-943-5240.
 

Other Posts by: Harry Stephens

Related Posts

 
 

Add your comments:

Please log in to leave a comment!
back to top

Receive Energy Central eNews & Updates






 

Multi-Application Networks for Smart Cities: How Utilities are Leveraging Smart Grid Networks to Improve Their Cities

Thursday May 21, 2015 - 12:00 PM Eastern - Virtual Event

A Close Look at How ComEd is Unlocking New City Services and Benefits: A true multi-application platform creates a foundation for today's smart city applications while providing the flexibility to add new services in the future. more...

Managing Customer Alerts and Preferences for Success

Wednesday May 27, 2015 - 12:00 AM Eastern - Virtual Event

It's widely accepted that proactive customer communications are key to increasing customer satisfaction and improving engagement, but ensuring alerts are accurate, timely, and in your customer's channel of choice requires a robust management system and cross-team coordination. more...



Sponsored Content