Energy Choice
                            

Matters

Walmart ESCO Seeks Exception To NY Data Security Requirements, Noting Only Data Is Its Own Customer Information

August 28, 2018

Email This Story
Copyright 2010-17 EnergyChoiceMatters.com
Reporting by Paul Ring • ring@energychoicematters.com

The following story is brought free of charge to readers by EC Infosystems, the exclusive EDI provider of EnergyChoiceMatters.com

Texas Retail Energy (TRE), a subsidiary of Walmart Inc. and a registered ESCO which self-supplies Walmart, requested that the New York PSC grant it an exception to the new Data Security Agreement (DSA) being required by the utilities, noting that, with service limited to self-supply, the data ostensibly being protected is Walmart's own customer information

TRE said in its request that, "TRE’s business operations are limited to providing electric service to Walmart facilities and TRE currently serves 103 facilities across 5 utility service territories (Orange & Rockland Utilities, Inc.; Central Hudson Gas & Electric Corporation; New York State Electric & Gas Corporation; Rochester Gas and Electric Corporation; and Niagara Mohawk Power Corporation d/b/a National Grid [the 'Joint Utilities'])."

TRE said in its request that, "Over the past several months, the Joint Utilities, Department of Public Service Staff and energy service entities have conducted 'business-to-business' discussions which, according to the Public Service Commission, are being conducted in conformance with the Uniform Business Practices. As part of these business-to-business discussions, the Joint Utilities requested that all energy services entities, including TRE, complete a Self-Attestation of Information Security Controls ('Self-Attestation') and sign a Data Security Agreement ('DSA')."

TRE said in its request that, "TRE recognizes the importance of data security and supports the development of industrywide cybersecurity practices and processes pertaining to the safe and secure transmission, processing, storage, and disposal of confidential customer data that avoid the occurrence of data breaches. TRE has submitted comments in this proceeding on two occasions since it commenced in June 2018 and has participated in business-to-business discussions with the Joint Utilities. During these discussions, TRE requested that the Joint Utilities recognize an exception to any adopted data security requirements for ESCOs, such as TRE, that only provide services to their own parents and affiliates. These ESCOs are uniquely situated because all of the information provided to the utility is their own customer information. It would make little sense then to require such companies to sign burdensome data security agreements and obtain cyber liability insurance to protect against the disclosure of their own information. As a result, TRE requested that it be excluded from the proposed data security requirements, including the request to complete a Self-Attestation. TRE, through its parent Walmart, already self-insures against data security breaches. Requiring TRE to obtain cyber liability insurance would simply expose the company to unnecessary and duplicative costs."

TRE said in its request that, "Walmart is continually seeking new ways to manage its energy consumption and associated costs. Purchasing energy for its stores through TRE is one such example. By taking wasteful energy and costs out of its operations, Walmart can do more to save its customers money. Subjecting TRE to unnecessary costs as a result of this proceeding significantly hampers Walmart’s energy management and cost containment goals."

TRE said in its request that, "The revised DSA, circulated by the Joint Utilities on August 16, 2018, fails to adequately address TRE’s concerns. Although the parties discussed the need to recognize TRE’s unique position during the in-person meetings on the DSA, the latest version still imposes the same requirements upon TRE as the rest of ESCOs and the Joint Utilities have indicated that this is the final version of the DSA."

TRE said in its request that, "Although the Commission admittedly supports the business-to-business process, to date it has remained a bystander to the business-to-business discussions. These discussions have now broken down and the parties appear to be at an impasse as to the applicability of the DSA to TRE. The Commission should now intercede and not allow the Joint Utilities to impose onerous and completely unnecessary requirements on providers such as TRE when all of the accounts it serves, and information it possesses, belong to itself and its parent Walmart."

TRE said in its request that, "Before TRE completes the Self-Attestation or signs the DSA, it respectfully requests that the Commission intervene and adopt TRE’s request for an exception to the DSA."

TRE further requested that the Commission clarify, or direct the Joint Utilities to clarify the following:

• Whether cybersecurity insurance requirement of $5 million applies equally across the utilities or whether a separate policy must be obtained for each utility;

• Whether self-insurance, parental guarantees, or letters of credits are acceptable alternatives to the cybersecurity insurance requirement;

• Whether offsite backups at a non-company owned data center are an acceptable form of Replication of Confidential Utility Information; and

• What are the industry best practices in the Self-Attestation for encryption methods.

TRE said in its request that, "As stated above, TRE recognizes the importance of data security and supports the development of industrywide cybersecurity practices and processes. TRE is willing to continue to work with Staff and the Joint Utilities to develop and ultimately adopt such practices provided, however, that any such practices take into consideration unique circumstances of industry participants, such as TRE."

ADVERTISEMENT
NEW Jobs on RetailEnergyJobs.com:
• NEW! -- Sr Analyst, Supply and Pricing -- Retail Supplier -- Houston
• NEW! -- Customer Retention Analyst -- Retail Supplier -- Houston
• NEW! -- Energy Market Analyst - Pricing & Trading
• NEW! -- Manager, Power Supply -- Retail Supplier
• NEW! -- Renewable Energy Sales Representative -- Retail Supplier