Data Privacy
The goal of CenterPoint’s Energy Data Privacy Program is to minimize the risk to customer, employee, financial and critical infrastructure information by creating a culture that encourages and demonstrates data privacy practices, safeguards personal information, and enables the trust of our customers, vendors and contractors, regulators, shareholders, the public and employees.
Just as we care for CenterPoint Energy’s physical property, we are focused on protecting the personal information we use to do our jobs. We maintain safeguards and accountability measures to help manage and protect the personal information entrusted to the company.
Our Data Privacy governance addresses the collection, storage, usage and destruction of data for a specific business purpose, combined with the public expectation and legal requirement that the data will remain private and protected against unauthorized access or modification.
CenterPoint Energy has a dedicated Data Privacy Office to address existing and emerging laws, regulations, trends, expectations and best practices. Led by the company’s Senior Vice President, Deputy General Counsel and Chief Ethics and Compliance Officer, our Data Privacy team addresses the collection, storage, usage, disclosure and destruction of data for specific business purposes. All employees, contractors and third-party business partners have a responsibility to handle sensitive, private and confidential information carefully and to protect the private and personal nature of the information we maintain. In addition to protections required by law, the company also abides by its own set of internal policies, including the commitments in our Privacy Policy and Data Classification and Control Policy.
We take proactive steps for data to remain private and protected against unauthorized access or modification. We respect the privacy of our customers, business partners and suppliers and protect their personal information. We also take proactive steps to protect our employees’ personal information.
Governance And Oversight
The Audit Committee of the Board of Directors oversees the management of data privacy for CenterPoint Energy. The company’s data privacy strategy is the responsibility of the Board of Directors, Chief Executive Officer, and Executive Vice President and General Counsel. The full Board of Directors receives periodic updates regarding data privacy matters.
CenterPoint Energy has a dedicated Data Privacy Office to address existing and emerging laws, regulations, trends, expectations and best practices. Led by the company’s Senior Vice President, Deputy General Counsel, and Chief Ethics and Compliance Officer our Data Privacy team addresses the collection, storage, usage, disclosure and destruction of data for specific business purposes.
Transparency And Choice
CenterPoint Energy maintains an Online Privacy Policy that explains how we collect, maintain, share and protect our customers’ personal information. This Privacy Policy also informs customers about the privacy choices available to them and how they can manage those choices. We provide customers with channels to submit questions and requests about the company’s privacy practices and maintain processes to review and respond to those questions and requests.
Privacy Reviews And Information Lifecycle Controls
We have safeguards in place to help manage and protect personal information throughout its lifecycle, from the point of collection to destruction. We conduct privacy impact assessments to help identify privacy considerations associated with the company’s processing of personal information at the outset of planning technology projects and initiatives. We also maintain records retention policies and schedules to help us keep personal information based on our business and compliance needs and dispose of the information in a timely manner, in accordance with CenterPoint Energy’s record retention requirements.
The company has developed a set of Privacy Principles governing the processing and protection of customers’ personal information and other information. In addition to protections required by law, the company also maintains its own set of internal policies:
- Privacy Incident Response Plan
- Customer Identity Theft Prevention Program
- Data Classification and Control Policy
- Data Privacy Principles
- Third-Party Policy
Vendor Risk Management
We maintain a vendor risk management program to help protect information entrusted to our suppliers and other third-party business partners. As part of this program, we have processes in place designed to evaluate the privacy and security practices of our suppliers and obtain contractual assurances from them with respect to their protection of personal information.
Training And Awareness
CenterPoint Energy provides annual privacy and information security training to our employees to help keep them informed about their responsibilities related to the handling and protection of personal information. We have implemented various employee awareness initiatives, such as the company’s Data Privacy principles, a privacy program guide about implementing best practices at work and security policies. Members of leadership communicate to employees to be vigilant about phishing attempts, scams and opening unknown links.
Business Records and Internal Controls
Our core value of Accountability means we are transparent and truthful in conducting our business, maintaining financial records and reporting accurate information to our shareholders. We have a responsibility to be thoughtful in our company expenses and to keep accurate and complete records.
Our compliance efforts include identifying and preserving important historical records of vital historical, fiscal, and legal value – and to disposing non-essential records in a timely manner, in accordance with CenterPoint Energy’s record retention requirements.
Data Privacy Awareness
Major companies have been the victims of cyberattacks and data breaches. To help mitigate these challenges, we equip employees with the latest information and guidelines to appropriately protect personal information. CenterPoint Energy has implemented various employee awareness initiatives, such as the company’s seven Data Privacy principles, a privacy program guide about implementing best practices at work and security policies. Members of leadership communicate to employees to be vigilant about phishing attempts, scams and opening unknown links. All employees are required to complete privacy and information security training annually.