Customer Privacy

Your Privacy is Protected at PES Energize

General

PES records will be secured using reasonable physical security methods such as locked doors and cabinets. Any confidential information shall remain on PES property at all times, except for official business or when the Chief Executive Officer authorizes removal. PES has systems in place that log and record access to, and activities within, sensitive areas and concerning confidential information. Only employees with legitimate business needs will be granted access to company information and/or electronic data. Every employee permitted access to electronic data will be given an individual user account and will maintain a unique password. Furthermore, PES protects its electronic data and internal computer network through the use of firewalls, anti-virus software and other industry-accepted security mechanisms.

PES Sensitive Data Restrictions

Utility information related to strategic and operational activities, contingency or emergency response plans, security procedures or descriptions of utility property and/or infrastructure is confidential and shall not be disclosed except for legitimate business reasons.

Customer Sensitive Data Restrictions

All private customer information is confidential.  Private customer information includes, but is not limited to, social security and tax identification numbers, credit card and bank account information, passwords and access codes, credit scores and any information obtained through a credit reporting agency. Furthermore, PES will access customer credit information only for legitimate business reasons, and its internal procedures will comply with the guidelines of the Federal Fair Credit Reporting Act.

Customer utility consumption data and any information obtained through metering or other end-use equipment will only be used for legitimate PES business and operational purposes. No customer-specific information will be shared with or sold to a third-party for non-utility operational purposes except as required by law or unless directed to do so by the Customer.

Legal Considerations

In general, PES will provide customer-specific information only to the customer of record listed on the account unless ordered to do otherwise by a court of competent jurisdiction, an authorized law enforcement official or when acting in compliance with Tennessee public records law (see Policy 2-27). Any customer-specific information that is protected through a court-ordered protection document is also confidential.

Customer Data Management Standards and Requirements

Changes to any PES customer account shall be processed according to standard operating procedures with suitable documentation retained for later verification. Adjustments or modifications to customer usage or payment data shall be reviewed and authorized by the Customer Service Manager or his/her designee.

All PES employees are prohibited from adjusting, modifying or in any way tampering with their own, their families’ or their friends’ utility usage of payment information.

Any customer data housed within the PES Network Operations Center is considered private and is not the property of PES. Only authorized PES employees are permitted within the Network Operations Center, and all access to customer equipment or data must be logged and authorized by the customer.

Customer telephone records and call-related features are protected according to the requirements of the FCC’s Customer Proprietary Network Information rules. Therefore, no customer call detail information may be released during a customer-initiated telephone call except when the customer provides a verifiable password.  If the customer is unaware of his/her password, a PES employee may offer to call the customer back using the phone number listed on the account. Customers asking for call detail information in person must present a valid form of identification. Furthermore, PES will notify the customer of any changes to his/her telephone service. PES will not use customer proprietary network information for any marketing purposes, nor release the data to any third party or business affiliates for marketing purposes.

Any employee who is made aware of a security violation shall immediately notify his/her supervisor. Failure to comply with any of the above guidelines will be considered a breach of sensitive information security standards and will subject the employee to disciplinary action.

PES Energize is committed to providing protections to your information. As such, PES Energize will never ask for your passwords to your accounts with us in the SmartHub billing and usage app or for login and secure information of your email or internet passwords. We also urge all of our customers to use caution when downloading files from unknown sources or sharing any information on the internet with those you do not know.

When you call the PES Energize Customer Service team members, you may be asked to supply certain information contained in your account so that we can insure we are speaking with the legitimate account holder. Please be patient when asked for this information. It is being asked when you call to protect your privacy. It is also one of the reasons that it is important to inform of us of any changes in the ownership of your electric account due to moving, selling a property or deaths.

Below you can review the PES Energize guidelines concerning our reviews for protecting our customer’s account information. Things that will alert us that there may be an attempt to intrude on someone’s account or to help our team to identify possible problems.

Identity Theft Prevention And Detection Program

After careful examination of our accounts, including the methods by which we open, access and manage customer accounts, along with our past experience with identity theft, the following events/occurrences reasonably indicate the potential for identity theft and should be considered “Red Flags” for purposes of this policy:

A.    Alerts, notifications, or other warnings received from consumer reporting agencies or service providers, such as fraud detections services.  For the purposes of this policy, Pulaski Electric System will be utilizing the ONLINE Utility Exchange as its service provider to identify the “Red Flags” listed below:

1.    A fraud or active duty alert is included with a consumer report.

2.    A consumer reporting agency provides a notice of credit freeze in response to a request for a consumer report.

3.    A consumer report indicates a pattern of activity that is inconsistent with the history and usual pattern of activity of an applicant or customer, such as:

a.    A recent and significant increase in the volume of inquiries;
b.    An unusual number of recently established credit relationships;
c.    A material change in the use of credit, especially with respect to recently established credit relationships; or
d.    An account that was closed for cause or identified for abuse of account privileges by a financial institution or creditor.

B.    The presentation of suspicious documents, such as:

4.    Documents provided for identification appear to have been altered or forged.

5.    The photograph or physical description on the identification is not consistent with the appearance of the applicant or customer presenting the identification.

6.    Other information on the identification is not consistent with information provided by the person opening a new account or customer presenting the identification.

C.    The presentation of suspicious personal identifying information, such as suspicious address changes:

7.    The person opening the account or the customer fails to provide all required personal identifying information on an application or in response to notification that the application is incomplete.

8.    Personal identifying information provided is inconsistent when compared against external information sources used by Pulaski Electric System.

9.    Personal identifying information provided is not consistent with personal identifying information that is on file with Pulaski Electric System.

D.    The unusual use of, or other suspicious activity related to, an account:

10.    Mail sent to the customer is returned repeatedly as undeliverable although transactions continue to be conducted in connection with the customer’s account.

11.    Pulaski Electric System is notified that the customer is not receiving paper account statements.

E.    Notice from customers, victims of identity theft, law enforcement authorities, or other persons regarding possible identity theft in connection with accounts held by Pulaski Electric System:

12.    Pulaski Electric System is notified by a customer, a victim of identity theft, a law enforcement authority, or any other person that it has opened a fraudulent account for a person engaged in identity theft.

DETECTION, PREVENTION AND MITIGATION
A.    Detection

In an effort to ensure proper detection of any Red Flags, all customers (consumers) must provide at least the following information/documentation before any new account will be opened:

1.    Full Name;

2.    Date of birth (individual);

3.    Address, (a residential or business street address for an individual; or for a person other than an individual (such as a corporation, partnership, or trust), a principal place of business, local office, or other physical location;

4.    Photo ID provided by a government agency;

5.    Identification number, which shall be: (i) For a U.S. person, a taxpayer identification number; or (ii) For a non-U.S. person, one or more of the following: a taxpayer identification number; passport number and country of issuance; alien identification card number; or number and country of issuance of any other government-issued document evidencing nationality or residence and bearing a photograph or similar safeguard; and;

6.    Customer must be willing to allow Pulaski Electric System to review his/her credit report.

For any account holder of an account for which the above information is not already on file at Pulaski Electric System, the customer will be contacted within a reasonable period of time after discovering the missing information to obtain the necessary information.

B.    Preventing and Mitigating Identity Theft

In the event a Red Flag is detected, Pulaski Electric System is committed to preventing the occurrence of identity theft and taking the appropriate steps to mitigate any harm caused thereby. In order to respond appropriately to the detection of a Red Flag, Pulaski Electric System shall consider any aggravating circumstance(s) that may heighten the risk of identity theft. After assessing the degree of risk posed, Pulaski Electric System will respond to the Red Flag in an appropriate manner, which may include:

1.    Monitoring an account for evidence of identity theft;

2.    Contacting the customer;

3.    Changing any passwords, or other security mechanisms that permit access to the customer’s account;

4.    Not opening a new account;

5.    Closing an existing account;

6.    Complying with the prohibitions in 15 U.S.C. 1681m on the sale, transfer, and placement for collection of certain debts resulting from identity theft.

7.    Notifying law enforcement; or

8.    Determining that no response is warranted under the particular circumstances.