New York Regulator Issues New Cybersecurity and Privacy Protocols to Protect Customer Data

The New York State Public Service Commission adopted new cybersecurity and data privacy requirements for third-party energy suppliers and companies that electronically receive and exchange utility housed customer data, according to an Oct. 17 press release.

The commission’s decision is directed at the state’s utilities and third-party energy suppliers with standards that ensure customer data remains protected and secured. The changes are designed to provide protection against a potential cyber incident targetting retail and energy markets while maintaining the confidentiality of customer data and instilling trust in the system.

Importantly, the Commission’s order recognizes that the data is the customer’s data and that customers have a right to direct or consent to the use of that data. However, the regulator also admits that a balance must be struck between protecting utility IT systems and the privacy of customer data.