The goal of CenterPoint’s Energy Data Privacy Program is to minimize the risk to customer, employee, financial and critical infrastructure information by creating a culture that encourages and demonstrates Data Privacy practices, safeguards personal information, and enables the trust of our customers, vendors, contractors, regulators, shareholders, the public and employees.
All employees, contractors and third-party business partners have a responsibility to handle sensitive, private and confidential information carefully and to protect the private and personal nature of the information we maintain. We take proactive steps for data to remain private and protected against unauthorized access or modification.
Governance and Oversight
The Audit Committee of the Board of Directors oversees Data privacy management for CenterPoint Energy. The Data Privacy strategy is the responsibility of the Board of Directors, Chief Executive Officer, and Executive Vice President and General Counsel. The full Board of Directors receives periodic updates regarding Data Privacy matters.
Our Data Privacy Office addresses existing and emerging laws, regulations, trends, expectations and best practices. Led by the company’s Senior Vice President, Deputy General Counsel, and Chief Ethics and Compliance Officer, our Data Privacy team addresses the collection, storage, usage, disclosure and destruction of data for specific business purposes.
Transparency and Choice
CenterPoint Energy’s Online Privacy Policy explains how we collect, maintain, share and protect our customers’ personal information. This policy also informs customers about the privacy choices available to them and how they can manage those choices. We provide customers with channels to submit questions and requests about the company’s privacy practices and maintain processes to review and respond to questions and requests.
Privacy Reviews and Information Lifecycle Controls
We have safeguards in place to help manage and protect personal information throughout its lifecycle, from the point of collection to destruction. We conduct privacy impact assessments to help identify privacy considerations associated with the company’s processing of personal information at the outset of planning technology projects and initiatives. We also maintain records retention policies and schedules to help us keep personal information based on our business and compliance needs and dispose of the information in a timely manner, in accordance with CenterPoint Energy’s record retention requirements.
Our Data Privacy Principles govern the processing and protection of customers’ and employees’ personal information and other information. In addition to protections required by law, the company maintains its own set of internal policies:
- Data Classification and Control Policy
- Corporate Privacy and Security Incident Response Plan
- Third Party Agreements Providing Access to Personal Information
Training and Awareness
All employees are required to complete privacy and information security training annually about their responsibilities related to the handling and protection of personal information and other sensitive company information. We have implemented various employee awareness initiatives, such as the company’s Data Privacy Principles, security policies and a privacy program guide about best practices at work.
Vendor Risk Management
We maintain a Vendor Risk Management Program to help protect information entrusted to our suppliers and other third-party business partners. As part of this program, we have processes in place designed to evaluate the privacy and security practices of our suppliers and obtain contractual assurances from them with respect to their protection of personal information.