§ 32-7. Data protection requirements.  


Latest version.
  • A. 
    The municipality may request aggregated data and customer-specific data from the distribution utility; provided, however, that the request for customer-specific data is limited to only those eligible consumers who did not opt out once the initial opt-out period has closed.
    B. 
    Customer-specific data shall be protected in a manner compliant with, collectively, (i) all national, state and local laws, regulations or other government standards relating to the protection of information that identifies or can be used to identify an individual that apply with respect to the municipality or its representative's processing of confidential utility information; (ii) the utility's internal requirements and procedures relating to the protection of information that identifies or can be used to identify an individual that apply with respect to the municipality or its representative's processing of confidential utility information; and (iii) the PSC CCA Order and PSC rules, regulations and guidelines relating to confidential data.
    C. 
    The municipality must enter into a data security agreement with the distribution utility for the purpose of protecting customer data.