Sensitive data protection is a big issue for energy and utilities sector. US utilities hold a vast amount of data on their customers, including highly sensitive data such as payment information, social security numbers and driver license numbers. Some of this data is categorized as Personally Identifiable Information (PII) and Sensitive Personal Information (SPI). This data is stored in multiple places, including operational systems, CRM systems, data warehouses, cloud storage systems, big data environments and various documents.

Potential data breaches at US utilities revealing this information will have major impacts on our ability to generate and distribute the power and energy to our citizens.

European Union deals with the Data Protection issues through General Data Protection Regulation (GDPR). NERC had issued security guidelines for the electricity sector to protect sensitive information. In US, regulations like GDPR, are forthcoming to protect consumer data. One such regulation is California Consumer Privacy Act (CCPA) and all California utilities need to comply by May 2020. Majority of US utilities are preparing to comply with similar requirements stated in CCPA. The requirements are as below:

• Discover, develop and maintain an inventory of personal data
• Design the utility systems to protect the personal data through technologies like encryption, tokenization and segmentation
• Respond to requests such as the right to deletion or requests for information
• Train and educate the staff in safe data handling standards
• Check that third parties can meet the privacy clauses
• Enable the right of opt-out

This Data Protection Topic will assess the capabilities of vendors that will help US utilities in complying to the above requirements and avoid data breaches.