Shoppers made from binary code

On October 17, The New York State Public Service Commission (PSC) adopted new cybersecurity and data privacy requirements for third-party energy suppliers and companies that electronically receive and exchange utility housed customer data with the utilities’ IT systems.

In a press release, Commission Chair John B. Rhodes observed, “The Commission today directed the state’s utilities and third-party energy suppliers to provide appropriate cybersecurity protections without erecting significant barriers to development of new energy markets as envisioned by REV [Reforming the Energy Vision]. Our new approach will provide a universal foundation of cybersecurity and data privacy requirements that will encourage a vibrant energy marketplace.”

The Commission’s decision creates critically needed standards to ensure customer data remains protected and secured. The changes are designed to provide protections against a potential cyber incident, while maintaining the confidentiality of customer data, and instilling customer confidence in retail and energy markets.

The Commission’s order recognizes that the data is the customer’s data and that customers have a right to direct or consent to the use of that data. As the PSC underscored, a market where all parties observe cybersecurity and privacy protections will reduce the risks associated with electronic communications of customer data between distribution utilities and companies, instilling customer confidence and promoting market development.

Per the order, a fully risk-based approach will not be adopted at this time. However, the Commission clarifies that only entities that electronically receive or exchange customer information from a direct connection with the utilities’ IT systems, except by email, will need to adopt the cybersecurity requirements established in this Order. Energy Service Entities that have access to customer information but do not have a direct connection into the utility IT systems will need to implement the appropriate privacy protections to ensure customer data is protected from improper disclosure or misuse.

Within 60 days from the date of this order, NY public utilities are required to file a revised Data Security Agreement and Self Attestation consistent with the discussion and conclusions in the October 17 order. Energy Service Entities seeking access to customer data through utility IT systems shall be required to execute a Data Security Agreement and Self Attestation.

To access this order, enter Case Number 18-M-0376NY in the PSC Documents portal.

Energy Pages is an online trade publication and business directory for the retail energy industry. We publish editorials, resources, case studies, practical information and industry news. Our content is about and for industry leaders, innovators, investors and influencers.

Your Opinion Matters

Have Something To Say About This Story?

Sign Up for the Energy Pages Digest

Our weekly must-see brief

You May Also Like

Understanding NAESB and the FERC Version 3.1 Notice of Proposed Rule Making (NOPR)

As you may already be aware, FERC has proposed to adopt Version 3.1 of the NAESB Standards. Today we will provide an overview of the upcoming North American Energy Standards Board (NAESB) Version 3.1 Standards which have been proposed for adoption by the Federal Energy Regulatory Commission (FERC). Our organization has been involved with NAESB since its inception in 2002, and with the Gas Industry Standards Board (GISB), the precursor to NAESB, before that.

Energy Brokers Support Broker Regulation in Texas

Industry insiders say proposed broker rules will create “more sound marketplace”, benefit consumers through accountability.

Texas House Passes Energy Broker Bill, Has TEPA Support

TEPA director says group is “pleased with the final version” of SB 1497.

NEM: Choice Works in Connecticut and Nationally

Connecticut Consumer Counsel fails to consider important facts