Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
Application No.: A.16-09- Exhibit No.: SCE-08, Vol. 1 Witnesses: J. Pespisa
J P Shotwell
(U 338-E)
2018 General Rate Case
Administrative & General (A&G) Volume 1 – Ethics and Compliance
Before the
Public Utilities Commission of the State of California
Rosemead, California
September 1, 2016
A2
ERRATA
SCE-08: Administrative & General (A&G)Volume 1 – Ethics & Compliance
Table Of Contents (Continued)Section Page Witness
v
(1) Labor ................................................................44
(2) Non-Labor........................................................45
b) Forecast ........................................................................45
(1) Labor ................................................................45
(2) Non-Labor........................................................45
Appendix A Southern California Edison 2015 Smart Grid Annual Data Privacy Report...............................................................................................................46
Appendix B Southern California Edison 2010-2011 Affiliate Transaction Rules Audit Report.......................................................................................................2
Appendix C Southern California Edison Response to 2010-2011 Affiliate Transaction Rules Audit Report........................................................................2
CPUC Smart Grid Data Privacy and Security Practices AssessmentReport
13
relies upon a combined effort between CP&I and individual compliance areas to manage compliance 1
activities within a reasonable cost to customers, and provide independent compliance oversight. 2
Below, we address the three Compliance programs that CP&I directly manages: the 3
Privacy Compliance Program; the Disability Rights Compliance Program and the Information4
Governance Compliance Program.5
a) Privacy Compliance Program6
The Privacy Compliance Program is responsible for Company-wide privacy 7
governance and oversight, while the respective operating units have responsibility for implementing 8
reasonable controls to meet privacy obligations. These efforts are necessary to comply with legal and 9
regulatory privacy requirements, including state and federal privacy laws and the CPUC Smart Grid 10
Data Privacy Decision (D.11-07-056).15 That decision requires that SCE conduct an independent third-11
party assessment of its data privacy and security practices. As a result, KPMG performed an 12
independent assessment of our data privacy and security practices, as required by Rule 9(d) of the Rules 13
Regarding Privacy and Security Protection for Energy Usage Data.16 KPMG found that “SCE has 14
designed and implemented Data Privacy and Security policies and supporting procedures to address the 15
Privacy Decisions’ requirements, as measured against KPMG’s Assessment Framework developed to 16
test controls around Covered Information identified in the rules.”1717
b) Disability Rights Compliance Program18
The Disability Rights Compliance Program is responsible for implementing 19
controls and monitoring accessibility activities to comply with federal regulations (e.g., the Americans 20
with Disabilities Act, Sections 504 and 508 of The Rehabilitation Act) and state regulations (e.g., the 21
Unruh Civil Rights Act, Sections 54 through 55.2 of the California Civil Code, and Title 24 of 22
California’s Building Standards Code). In addition, this program works with other operating units within 23
SCE to provide reasonable assurance that all requirements set forth in the joint testimony adopted by the 24
Commission in the 2015 GRC are met, as referenced in exhibit SCE-11 (Joint Testimony with Center 25
for Accessible Technology).26
15 Refer to D.11-07-056, Attachment D.16 Refer to D.11-07-056, Attachment D.17 Refer to Southern California Edison 2015 Smart Grid Annual Data Privacy Report in Appendix A.
CPUC Smart Grid Data Privacy and SecurityPractices Assessment Report
Appendix A
Southern California Edison 2015 Smart Grid Annual Data Privacy Report
CPUC Smart Grid Data Privacy and SecurityPractices Assessment Report
James P. Scott ShotwellDirector, Compliance, Policies &
Information Governance [email protected]
April 29, 2016
Tim SullivanExecutive DirectorCalifornia Public Utilities Commission505 Van Ness Avenue San Francisco, CA 94102
Re: D.11-07-056 Rules Regarding Privacy and Security Protections for Energy Data Usage
Dear Mr. Sullivan:
Southern California Edison Company submits the attached Annual Privacy Report to you as required by Ordering Paragraph No. 3 of D.11-07-056. In accordance with D.11-07-056, this report notifies the Commission of:
The number of demands received for disclosure of customer data pursuant to legal process or pursuant to situations of imminent threat to life or property (Rule 4(c)(6))
The number of customers whose records were disclosed (related to demands received for disclosure of customer data pursuant to situations of imminent threat to life or property) (Rule 4(c)(6))
Summary of reported privacy breaches affecting 1,000 or more customers (Rule 8(b))
Annual report of all breaches within the calendar year affecting Covered Information, whether by the covered electrical corporation or by a third party (Rule 8(c))
The number of authorized third parties accessing Covered Information (Rule 9(e)(1))
The number of non-compliances with the Privacy Rules or with contractual provisions required by the Privacy Rules which become known to SCE through its daily operations (Rule 9(e)(2))
The number of customers affected by each non-compliance (Rule 9(e)(2))
Detailed description of each non-compliance (Rule 9(e)(2))
Should you have any questions regarding this report, please contact James P. Scott Shotwell at 626-302-2038.
Best regards,
/s/ J.P. Shotwell____________ James P. Scott Shotwell
Director, Compliance, Policies & Information Governance
JPSS: kcpEnclosure
Privacy Report of SCE – 2015
SOUTHERN CALIFORNIA EDISONANNUAL PRIVACY REPORT
2015
APRIL 29, 2016
SMART GRID TECHNOLOGIES
ORDER INSTITUTING RULEMAKING 08-12-009
CALIFORNIA PUBLIC UTILITIES COMMISSION
SCE ANNUAL PRIVACY REPORT – 2015
iiPrivacy Report of SCE – 2015
SCE Annual Privacy Report Table of Contents
ContentsI. Introduction ............................................................................................................................. 1
II. Privacy Report Requirements of D.11-07-056 ........................................................................ 3
III. 2015 Annual Privacy Report Results ...................................................................................... 5
SCE ANNUAL PRIVACY REPORT – 2015
1Privacy Report of SCE – 2015
I. Introduction
On July 29, 2011, the California Public Utilities Commission (“Commission”) issued Decision
(D.) 11-07-056, Decision Adopting Rules to Protect the Privacy and Security of the Electricity
Usage Data of the Customers of Pacific Gas and Electric Company, Southern California Edison
Company and San Diego Gas & Electric Company, which requires the submission of an annual
privacy report regarding Covered Information for electrical corporations. As clarified in Decision
(D.) 14-12-004, issued on December 12, 2014, Ordering Paragraph (OP) 3 states: “Pacific Gas
and Electric Company, Southern California Edison Company, and San Diego Gas & Electric
Company must each submit annual privacy reports to the Executive Director, commencing with
calendar year 2012, no later than 120 days after the end of the calendar year. These annual
reports must contain the information required to be reported annually by Rule 8(c) of the Rules
Regarding Privacy and Security Protections for Energy Usage Data in Attachment D of this
decision.”
On August 31, 2012, the Commission issued D.12-08-045, Decision Extending Privacy
Protections to Customers of Gas Corporations and Community Choice Aggregators, and to
Residential and Small Commercial Customers of Electric Service Providers, which does not
apply to Southern California Edison.
Definitions:
“Covered Entity” is (1) any electrical corporation, or any third party that provides
services to an electrical corporation under contract, (2) any third party who accesses,
collects, stores, uses or discloses covered information pursuant to an order of the
Commission, unless specifically exempted, who obtains this information from an
electrical corporation, or (3) any third party, when authorized by the customer, that
accesses, collects, stores, uses, or discloses covered information relating to 11 or more
customers who obtains this information from an electrical corporation.
SCE ANNUAL PRIVACY REPORT – 2015
2Privacy Report of SCE – 2015
“Covered Information” is any usage information obtained through the use of the
capabilities of Advanced Metering Infrastructure (interval usage dataa) when associated
with any information that can reasonably be used to identify an individual, family,
household, residence, or non-residential customer. Covered Information does not include
usage information from which identifying information has been removed such that an
individual, family, household or residence, or non-residential customer cannot reasonably
be identified or re-identified and does not include information provided to the
Commission pursuant to its oversight responsibilities.b
The scope of this report includes Covered Information only. “Customer Data” referenced
in Rule 4(c)(6) is defined as “covered information” for the purposes of the Annual
Privacy Report.
“Primary Purposes” The “primary purposes” for the collection, storage, use or disclosure
of covered information are to—
(1) provide or bill for electrical power,
(2) provide for system, grid, or operational needs,
(3) provide services as required by state or federal law or as specifically
authorized by an order of the Commission, or
(4) plan, implement, or evaluate demand response, energy management, or energy
efficiency programs under contract with an electrical corporation, under contract
with the Commission , or as part of a Commission authorized program conducted
by a governmental entity under the supervision of the Commission.
“Secondary Purposes” “Secondary purpose” means any purpose that is not a primary
purpose.
Pursuant to OP 3 of D.11-07-056, Southern California Edison (SCE) hereby submits its annual
privacy report.
a Electrical usage data obtained through the Advanced Metering Infrastructure listed in less than monthly increments (e.g. 15-minute or hourly).
b See D.11-07-056, Conclusions of Law 9, pp. 150-151, and Attachment D, p. 1.
SCE ANNUAL PRIVACY REPORT – 2015
3Privacy Report of SCE – 2015
II. Privacy Report Requirements of D.11-07-056 Attachment D of D.11-07-056, Rules Regarding Privacy and Security Protections for Energy
Usage Data (“Privacy Rules”), sets forth the following rules, which are relevant to SCE’s annual
privacy report:
4(c)(6) On an annual basis, covered entities shall report to the Commission the number of
demands received for disclosure of customer datac pursuant to legal process or pursuant
to situations of imminent threat to life or property and the number of customers whose
records were disclosed. Upon request of the Commission, covered entities shall report
additional information to the Commission on such disclosures. The Commission may
make such reports publicly available without identifying the affected customers, unless
making such reports public is prohibited by state or federal law or by order of the
Commission.
8(b) Notification of Breach. A covered third party shall notify the covered electrical
corporation that is the source of the covered data within one week of the detection of a
breach. Upon a breach affecting 1,000 or more customers, whether by a covered electrical
corporation or by a covered third party, the covered electrical corporation shall notify the
Commission’s Executive Director of security breaches of Covered Information within
two weeks of the detection of a breach or within one week of notification by a covered
third party of such a breach. Upon request by the Commission, electrical corporations
shall notify the Commission’s Executive Director of security breaches of Covered
Information.
8(c) Annual Report of Breaches. In addition, electrical corporations shall file an annual
report with the Commission’s Executive Director, commencing with the calendar year
2012, that is due within 120 days of the end of the calendar year and notifies the
Commission of all security breaches within the calendar year affecting Covered
Information, whether by the covered electrical corporation or by a third party.
c For the purposes of this Annual Privacy Report, the IOUs define “customer data” as “covered information.”
SCE ANNUAL PRIVACY REPORT – 2015
4Privacy Report of SCE – 2015
9(e) Reporting Requirements. On an annual basis, each electrical corporation shall
disclose to the Commission as part of an annual report required by Rule 8.c, the
following information:
(1) the number of authorized third parties accessing Covered Information,d
(2) the number of non-compliances with this rule or with contractual provisions
required by this rule experienced by the utility, and the number of customers
affected by each non-compliance and a detailed description of each non-
compliance.
This report addresses each of these rules, as described below.
d SCE includes requests for covered information authorized under the “Energy Data Center” decision, D.14-05-016, which is also reported previously in quarterly reports required by Paragraph 9 D.14-05-016.
SCE ANNUAL PRIVACY REPORT – 2015
5Privacy Report of SCE – 2015
III. 2015 Annual Privacy Report Results
Table 1. SCE's Annual Privacy Report for 2015
Rule Description Response
Rule 4(c)(6)
The number of demands received for disclosure of customer data pursuant to legal process The number of customers whose records were disclosed because of such demands received pursuant to legal process
Demands Received: 1e
Number of customers affected: 1
Rule 4(c)(6)
The number of demands received for disclosure of customer data pursuant to situations of imminent threat to life or property The number of customers whose records were disclosed because of such demands received pursuant to situations of imminent threat to life or property
Demands Received: 0Number of customers affected: 0
Rule 8(b) Summary of reported privacy breaches affecting1,000 or more customers
0
Rule 8(c)Annual report of all breaches within the calendar year affecting Covered Information, whether by the covered electrical corporation or by a third party
1 breach affecting 11customer accounts
Rule 9(e)(1)
The number of authorized third parties accessing Covered Information(Includes suppliers/contractors/vendors under contract with IOU, customer-authorized researchers or governmental requests, and customer-authorized third parties. Count does include customer-authorized transactions, such as CISR requests.)
Customer Authorized:147f
Vendors Under Contract: 16Energy Data Center: 1g
Rule 9(e)(2)The number of non-compliances with the Privacy Rules or with contractual provisions required by the Privacy Rules which become known to SCE through its daily operations
0
Rule 9(e)(2) The number of customers affected by each non-compliance
0
Rule 9(e)(2) Detailed description of each non-compliance Not Applicable
e SCE received one warrant for covered information on one customer account.f Represents the total number of unique customer authorized third parties receiving Covered Information from Option 5 on the CISR form.g Requests for covered information authorized under the “Energy Data Center” decision, D.14-05-016, which was also reported previously in quarterly reports required by Paragraph 9 D.14-05-016.
`
June 24, 2016
kpmg.com
Southern California Edison Company
CPUC smart grid data privacy and security practices assessment report
Contents Document structure ............................................................................................................................ 3
Executive summary ............................................................................................................................. 4
Project approach and methodology ..................................................................................................... 8
Southern California Edison Company’s response to assessment report ............................................ 9
Rule assessment results, exceptions and recommendations .......................................................... 12
Detailed compliance testing and conclusions ................................................................................... 21
CPUC RULE 2 - Transparency (notice) ........................................................................................ 21
CPUC RULE 3 - Purpose specification ........................................................................................ 26
CPUC RULE 4 Individual participation (access and control)........................................................ 30
CPUC RULE 5 Data minimization ............................................................................................... 37
CPUC RULE 6 Use and disclosure limitation .............................................................................. 45
CPUC RULE 7 Data quality and integrity .................................................................................... 56
CPUC RULE 8 Data security ....................................................................................................... 60
CPUC RULE 9 Accountability and auditing ................................................................................. 72
Appendix 1 Abbreviations used in this report ................................................................................... 80
Appendix 2 Stakeholders interviewed ............................................................................................... 82
© 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 576245
The KPMG name and logo are registered trademarks or trademarks of KPMG International.
– 3 –
© 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 576245
The KPMG name and logo are registered trademarks or trademarks of KPMG International.
Document structure
This report consists of the following sections:
Executive summary contains an overview of the project including background, scope, and KPMG’s overall results and noted exceptions and recommendations where necessary for each Rule comprising the California Public Utility Commission Privacy Decision.
Project approach and methodology contains an overview of key project phases and activities performed by KPMG throughout the course of the assessment.
Rule assessment results, exceptions and recommendations provides a summary of the nine (9) Rules of the CPUC Privacy Decisions including KPMG’s interviews and document reviews (e.g., test work), overall results, detailed exceptions, and improvement recommendations associated with each Exception.
Southern California Edison Company’s management response to CPUC Covered Information Privacy and Security Assessment Report contains SCE’s Management response to the CPUC Covered Information Privacy and Security Assessment Report dated June 24, 2016.
Appendix 1: Abbreviations used in this report provides a list of abbreviations used throughout the report.
Appendix 2: Stakeholders Interviewed provides an overview of SCE personnel interviewed as part of KPMG’s assessment.
– 4 –
© 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 576245
The KPMG name and logo are registered trademarks or trademarks of KPMG International.
Executive summary
Through Southern California Edison Company’s (hereinafter SCE or Company) SmartMeter operations, managed via Advanced Metering Infrastructure and Real Time Energy Management systems, the Company collects, processes, stores, and where authorized, discloses Covered Information.
Background On July 29, 2011, the California Public Utilities Commission (CPUC) issued Decision D.11-07-056 “Rules Regarding Privacy and Security Protections for Energy Usage Data” and Decision D.14-12-004 “Decision Extending Privacy Protections to Customers of Gas Corporations and Community Choice Aggregators and to Residential and Small Commercial Customers of Electric Service Providers (hereinafter the “Privacy Decision”). The Privacy Decision requires SCE to undergo an independent assessment of its Covered Information privacy and security practices. Covered Information is defined in the Privacy Decisions as Customer Energy Usage Data (CEUD)1 obtained via Advanced Metering Infrastructure (AMI) and Real Time Energy Management systems when combined with other information that could reasonably be used to identify a residential customer, family, household, residence, or nonresidential customer. Covered Information does not include information provided to the California Public Utilities Commission pursuant to its oversight responsibilities.
SCE engaged KPMG to conduct an objective assessment of its Covered Information privacy and security processes, controls, and practices in conjunction with general rate case proceedings.2 This report represents the results of KPMG’s assessment.
Scope The scope of the assessment was limited to systems and organizational units (OUs) processing Covered Information associated with information that could reasonably be used to identify a residential customer, family, household, residence, or nonresidential customer; KPMG did not review separate safeguards for SCE employee, contractor, and other Personally Identifiable Information (PII) other than Covered Information.
1 Customer Energy Usage Data is any interval (60-minutes or less) consumption information for a customer service account obtained through its AMI and Real Time Energy Management systems.
2 Objective privacy and security practices assessment is not intended to be an audit, examination, attestation, special report oragreed-upon procedures engagement as those services are defined in American Institute of Certified Public Accountants (AICPA) literature applicable to such engagements. Accordingly, these services will not result in the issuance of a written communication to third parties by KPMG directly reporting on financial data or internal control or expressing a conclusion, an opinion, or any other form of assurance.
– 5 –
© 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 576245
The KPMG name and logo are registered trademarks or trademarks of KPMG International.
To perform the review, KPMG used an Assessment Framework comprised of multiple criteria based on various industry-leading standards. We mapped the Assessment Framework criteria to the nine (9) Rules in the Privacy Decisions and used the framework to perform our assessment of SCE’s privacy and security practices and procedures.
— The Covered Information Privacy and Security Practices Assessment was based on KPMG’s review and understanding of the controls and processes in place from January 1, 2015 through December 31, 2015.3
— The exceptions and recommendations were based on our review of policy/procedure documents, stakeholder interviews, inspection of sample communications to customers and third parties, Covered Information access reports, system security profiles, and site walkthroughs.
— KPMG conducted interviews with personnel from Audit Services, Customer Service, Ethics and Compliance, Information Technology, Human Resources, Government Affairs, Law Department, Regulatory Affairs, Transmission & Distribution, Energy Procurement & Management, and Power Supply & Operational Services.
— KPMG assessed the design and implementation of privacy and security controls followed by an assessment of the operating effectiveness of key implemented controls.
The nine (9) Rules noted in the Privacy Decision are listed below.
Rule 1 Definitions
Rule 2 Transparency (Notice)
Rule 3 Purpose Specification
Rule 4 Individual Participation (Access and Choice)
Rule 5 Data Minimization
Rule 6 Use and Disclosure Limitation
Rule 7 Data Quality and Integrity
Rule 8 Data Security
Rule 9 Accountability and Auditing
3 KPMG used the following key drivers to determine the assessment period: (1) The CPUC Privacy Decision does not define the assessment period and (2) Professional guidance provides flexibility in the period covered as long as the assessment period allows for sufficient time to assess Operating Effectiveness.
– 6 –
© 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 576245
The KPMG name and logo are registered trademarks or trademarks of KPMG International.
Summary of results and exceptions Based on this assessment, KPMG noted that SCE has designed and implemented Data Privacy and Security policies and supporting procedures to address the Privacy Decisions’ requirements, as measured against KPMG’s Assessment Framework developed to test controls around Covered Information identified in the rules. For seven (7) of the nine (9) rules in the Privacy Decisions, KPMG did not identify any exceptions; however, KPMG did identify exceptions with the remaining two (2) rules. Overall, KPMG has noted 2 exceptions (exceptions are areas where SCE’s program is not yet fully prepared to meet compliance with the Privacy Decisions as measured against KPMG’s Assessment Framework). The exceptions are shown below along with the recommendations associated with each exception. There was 1 Medium-Risk Exception and 1 Low-Risk Exception. KPMG noted No High-Risk Exceptions. The risk rating methodology is based on the following definitions:
Risk level Description
High Issue poses a significant risk of data breach of Covered Information and/or a significant deviation from the CPUC Privacy Decisions.
Medium Inconsistent implementation of policies and procedures that may impact the ability of SCE to protect Covered Information and/or achieve adequate alignment with the CPUC Privacy Decisions.
Low Undefined or undocumented policies and procedures supporting the protection of Covered Information and alignment with the CPUC Privacy Decisions.
For more details associated with each Rule, see the Rule assessment results, exceptions, and recommendations and detailed compliance and testing conclusions sections below.
– 7 –
© 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 576245
The KPMG name and logo are registered trademarks or trademarks of KPMG International.
CPUC rule number
Risk level
Exceptions noted KPMG recommendations
CPUC Rule 1
Definitions
- - N/A
CPUC Rule 2
Transparency (Notice)
- - N/A
CPUC Rule 3
Purpose Specification
- - N/A
CPUC Rule 4
Individual Participation (Access and Choice)
- - N/A
CPUC Rule 5
Data Minimization
- - N/A
CPUC Rule 6
Use and Disclosure Limitation
Medium A formal process does not exist to enforce or track compliance of Third Party / Vendor contracts around the safeguarding of Covered Information.
SCE should consider implementing a tracking mechanism to enforce Third Party / Vendor compliance and have reoccurring assessments of whether Third Parties / Vendors have sufficient safeguards in place no less protective than those of SCE to protect Covered Information.
CPUC Rule 7
Data Quality and Integrity
- - N/A
CPUC Rule 8
Data Security
- - N/A
CPUC Rule 9
Accountability and Auditing
Low SCE does not provide CEUD-related training nor receive affirmations from contractors and third parties regarding the performance of required Privacy Training.
High-level guidance is provided for vendors and contractors through the Supplier Code of Conduct.
SCE should consider implementing procedures that require contractors and third parties to confirm their understanding of requirements addressing the safeguarding of Covered Information.
– 8 –
© 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 576245
The KPMG name and logo are registered trademarks or trademarks of KPMG International.
Project approach and methodology
KPMG approached the Assessment in four (4) phases: Initiate, Assess, Validate, and Report.
— Initiate – KPMG developed an Assessment Framework to review SCE’s privacy and security practices based on the nine (9) Rules comprising the Privacy Decisions. KPMG identified controls for each Rule’s requirements and performed procedures to assess the Design and Implementation and Operating Effectiveness of program policies and procedures, and to identify any noted exceptions to those controls. Given the similarity of the Generally Accepted Privacy Principles (GAPP) framework promulgated by the American Institute of Certified Public Accountants (AICPA) and CPA Canada, KPMG leveraged GAPP as a baseline to develop our assessment procedures. KPMG worked with the SCE Ethics and Compliance, Audit Services, and Law organizational units (Project Team) to identify relevant stakeholders, reviewed the organizational structure to identify business groups where Covered Information may reside, and reviewed the current IT landscape to identify systems and applications that collect, store, or process Covered Information, such as Advanced Meter Systems, Customer Information Systems applications and databases, Back-end systems, Middleware, Development/Test environments, and Customer Portals.
— Assess – As part of its assessment KPMG performed a variety of interviews with stakeholders representing various lines of business. KPMG interviewed over 30 personnel, reviewed more than 420 documents and 15 system assessments, and performed four (4) site walkthroughs of critical SCE facilities (including Customer Contact Centers, a Production Datacenter, Credit & Collections and Billing Operations) to observe the safeguards in place to protect Covered Information.
— Validate – KPMG validated all observed exceptions throughout the Assessment phases with the SCE Project Team, relevant business and IT stakeholders, and leadership.
— Report – KPMG developed a final report providing exceptions and recommendations, presented the report to SCE Leadership, and incorporated SCE’s Management Response to the noted exceptions.
– 9 –
© 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 576245
The KPMG name and logo are registered trademarks or trademarks of KPMG International.
Southern California Edison
Company’s response to
assessment report
– 10 –
© 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 576245
The KPMG name and logo are registered trademarks or trademarks of KPMG International.
– 11 –
© 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 576245
The KPMG name and logo are registered trademarks or trademarks of KPMG International.
– 12 –
© 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 576245
The KPMG name and logo are registered trademarks or trademarks of KPMG International.
Rule assessment results,
exceptions and recommendations
For each risk identified, KPMG reviewed the risk and assigned a risk rating of High, Medium, or Low to each Exception based on the potential impact the Exception could have as it relates to the protection of Covered Information. The risk rating methodology used the following definitions:
Risk level Description
High Issue poses a significant risk of data breach of Covered Information and/or a significant deviation from the CPUC Privacy Decisions.
Medium Inconsistent implementation of policies and procedures that may impact the ability of SCE to protect Covered Information and/or achieve adequate alignment with the CPUC Privacy Decisions.
Low Undefined or undocumented policies and procedures supporting the protection of Covered Information and alignment with the CPUC Privacy Decisions.
For seven (7) of the nine (9) rules in the Privacy Decisions, KPMG did not identify any exceptions; however, KPMG did identify exceptions for the remaining two (2) rules. Overall, KPMG has noted 2 exceptions, comprised of 1 Medium Risk Exception and 1 Low-Risk Exception. KPMG noted No High-Risk Exceptions. These exceptions identify areas where KPMG believes SCE’s program is not fully prepared to meet requirements under the Privacy Decisions as measured against KPMG’s Assessment Framework.
The following tables provide a summary of the criteria that KPMG applied in the assessment of each of the nine (9) Rules of the Privacy Decisions, the overall assessment results of the set of criteria evaluated, and relevant exceptions (if any) along with level of risk, risk implication and recommendation.
– 13 –
© 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 576245
The KPMG name and logo are registered trademarks or trademarks of KPMG International.
Rule 2: Transparency notice
KPMG assessment procedures
KPMG assessed SCE’s overall customer notice program focusing on:
— Internal and customer-facing Privacy Policies and Notice that address SCE’s practices and procedures related to the collection, processing, storage, and disclosure of their Covered Information;
— Review of methods and frequency for providing customers with notice and an examination of the actual notices;
— Interviews with SCE personnel;
— Performance of site walkthroughs of Customer Service facilities to observe CSRs interacting with customers and discussing their Covered Information.
Results summary SCE provides its external-facing Notice of Accessing, Collecting, Storing, Using and Disclosing Energy Usage Information on its website detailing the manner in which the Company collects, stores, shares, and protects Covered Information and the methods by which customers can access their data. The Privacy Notice includes information on how customers can contact SCE with complaints, inquiries, and disputes regarding their Covered Information and SCE’s privacy policy. SCE also provides its Privacy Notice to newly registered customers as part of a welcome package, and annually thereafter in a bill insert. Customers can also find relevant notices archived on the website Document Library.
Exception No exceptions noted.
Risk level -
Risk implication -
Recommendation -
– 14 –
© 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 576245
The KPMG name and logo are registered trademarks or trademarks of KPMG International.
Rule 3: Purpose specification
KPMG assessment procedures
KPMG assessed SCE’s specification of the purposes focusing on:
— How SCE specifies the reasons for which it collects, discloses, retains, and provides access to Covered Information;
— Review of the SCE Privacy Notice and other policies and procedures and interviews with stakeholders to understand the determination and specification of information and Third Party categories;
— Examination of whether the Privacy Notice included a description of how customers could access and control their Covered Information collected, processed, stored, and disclosed by SCE.
Results summary SCE has documented policies and procedures outlining the acceptable purposes for which Covered Information may be collected, stored, used, and shared. These include detailed policies regarding both primary and secondary purposes. Covered Information is not disclosed for secondary purposes, per Company policy, without customer authorization. SCE’s Privacy Notice includes the categories of third parties with which SCE may share Covered Information, and circumstances under which that information may be shared.
SCE has implemented internal policies in addition to a dedicated Third Party service desk with a trained team of employees who are instructed to determine the veracity and propriety of Third Party requests, and the relevant customer consent forms, prior to disclosing Covered Information internally.
Exception No exceptions noted.
Risk level -
Risk implication -
Recommendation -
– 15 –
© 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 576245
The KPMG name and logo are registered trademarks or trademarks of KPMG International.
Rule 4: Individual participation (access and choice)
KPMG assessment procedures
KPMG assessed SCE’s customer-facing program focusing on:
— Internal and external policies and procedures to provide customers with access and consent mechanisms related to their Covered Information;
— Customer Portals review, stakeholder interviews, and walkthroughs of Customer Contact Center and other locations where SCE Customer Service Representatives (CSR’s) interact with customers with respect to their Covered Information;
— Customer Authorization forms to understand how customers can grant and revoke authorization for secondary uses of their Covered Information;
— The process in place to disclose Covered Information pursuant to legal processes and in situations of imminent threat to life or property. Test procedures included review of policies and procedures for tracking these requests and the subsequent notice provided to customers and interviews with SCE stakeholders in relevant business functions.
Results summary SCE provides customers with multiple methods of accessing their Covered Information, including electronically via the SCE My Account feature online, and through monthly bills that allow them to review and interpret their usage information. Customers may contact SCE through phone, web or mail with questions or concerns regarding their monthly bills. With implementation of the Green Button initiative, customers are able to download up to 36 months of their Covered Information and connect such data with Third Parties for analysis. Further, internal guidelines for SCE employees who interact with customers are in place addressing how to provide customers with access to their Covered Information.
SCE has processes and procedures in place for customers to grant and revoke authorization to third parties using an Authorization Form. Customer-facing policies and notices indicate SCE may disclose Covered Information if it is necessary to provide energy services, to comply with relevant laws, to respond to subpoenas or warrants, or to provide emergency responders with pertinent information in the case of imminent threat to life or property.
Exception No exceptions noted.
Risk level -
Risk implication -
Recommendation -
– 16 –
© 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 576245
The KPMG name and logo are registered trademarks or trademarks of KPMG International.
Rule 5: Data minimization
KPMG assessment procedures
KPMG assessed SCE’s adoption of Data Minimization principles in the collection, use, and disclosure of Covered Information focusing on:
— Corporate and department-specific policies and procedures to understand how Covered Information is segregated from other systems;
— How user access is restricted based on business need;
— How records and assets are retained for only as long as reasonably necessary;
— Proper disposal of records upon their eligibility for destruction;
— How Data Minimization principles were adopted as part of Third Party disclosure practices. Assessment procedures included review of policies and procedures and interviews with relevant stakeholders to understand appropriate safeguards in place to limit the disclosure of Covered Information.
Results summary SCE has implemented the Data Minimization principle as a foundational component to its overall privacy framework, and has documented policies and procedures limiting the amount of information collected, stored, and retained; the number and level of employees who have access to Covered Information; and the categories of third parties with whom it is shared. The Privacy Compliance team reinforces data minimization through various training and awareness campaigns, and employee compliance with relevant policies and procedures is routinely reviewed.
Exception No exceptions noted.
Risk level -
Risk implication -
Recommendation -
– 17 –
© 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 576245
The KPMG name and logo are registered trademarks or trademarks of KPMG International.
Rule 6: Use and disclosure limitation
KPMG assessment procedures
KPMG assessed SCE’s Third-Party Management Program focusing on:
— Review of processes in place for disclosure of Covered Information to third parties. Third parties is defined to include suppliers and contractors;
— Review of procedures and forms for customers to authorize and revoke a Third Party to receive Covered Information on behalf of the customer;
— Examination of Third Party management policies and procedures and interview of stakeholders to understand how SCE implements practices and procedures based on the categories of third parties (i.e., primary purpose and secondary purpose);
— Review of the Third Party contract management process including onboarding, contract compliance reviews, and contract termination;
— Review third parties (suppliers, vendors, contractors and consultants) risk management documentation;
— Review of data transmission protocols and ongoing monitoring of third parties for compliance with SCE policies and contractual provisions.
Results summary SCE has processes in place to allow customers to share their Covered Information with third parties. SCE has formal internal procedures to manage customer requests for disclosure to third parties, which include forms for explicit customer authorization and forms to revoke such authorization (CISR Form). Customers may also authorize third parties to access of Covered Information through the Green Button Connect program. SCE has internal Third Party management policies and informs third parties about data privacy requirements. Third Party vendors are contractually obligated per their contract clauses to maintain the privacy of the information shared.
Exception A formal process does not exist to enforce or track compliance of Third Party / Vendor contracts around the safeguarding of Covered Information.
Risk level Medium
Risk implication Third Party / Vendor data security practices may not be sufficient to safeguard Covered Information, heightening SCE’s legal and regulatory exposure and increasing the risk of potential breaches of Covered Information.
Recommendation SCE should consider implementing a tracking mechanism to enforce Third Party / Vendor compliance and have reoccurring assessments of whether Third Parties / Vendors have sufficient safeguards in place no less protective than those of SCE to protect Covered Information.
– 18 –
© 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 576245
The KPMG name and logo are registered trademarks or trademarks of KPMG International.
Rule 7: Data quality and integrity
KPMG assessment procedures
KPMG assessed SCE’s Data Validation methods and procedures focusing on:
— Review of how SCE validates the quality and integrity of Covered Information;
— Examination of the Advanced Meter systems and infrastructure to understand how usage data is managed and reconciled;
— Review of policies and procedures and interviews with stakeholders to understand how SCE provides customers with the opportunity to modify or remove other data elements collected by the Company.
Results summary SCE has policies in place that address the confirmation, validation, and relevance of customer information. The Privacy Notice states that customers may contact SCE through phone, email or mail should they need to update or alter their information. In addition, SCE Call Center personnel authenticate customers and validate their account information when answering calls. SCE’s My Account Online Services Terms and Conditions indicates it is the customers’ responsibility to ensure their Personal Information is updated and accurate.
System checks and manual processes are in place to validate energy usage reads and perform edits to help ensure completeness and accuracy of usage data prior to billing the customer.
Exception No exceptions noted.
Risk level -
Risk implication -
Recommendation -
– 19 –
© 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 576245
The KPMG name and logo are registered trademarks or trademarks of KPMG International.
Rule 8: Data security
KPMG assessment procedures
KPMG assessed SCE’s physical and Cybersecurity measures to protect Covered Information focusing on:
— Review of Cybersecurity policies, procedures, and measures related to: Endpoint Security (Antivirus protection, E-mail/Database security), the Network environment (Network Segmentation, Intrusion Detection/Prevention Systems, Remote Access, Wireless), Firewalls, Network Access Control. (Logging/Monitoring, Data Loss Prevention, Web-content Filtering), Mobile Security, Patch Management, Vulnerability Management, Business Continuity, System Change Control, Privileged Access, Third Party Access and Data Classification;
— Performance of site walkthroughs of critical SCE locations focusing on the physical and technical security of Covered Information at these key areas: Customer Contact Centers, a Production Data Center, Credit Operations and Billing Operations;
— Inspection of key configurations and system settings related to: System Access (User Authentication and Password Configuration), Access Management (Restriction of Access based on least privilege and need-to-know, Segregation of Duties, Periodic access review), Logging and Monitoring of changes to customer data, Masking of sensitive data in production and development environments;
— Review of SCE’s Incident Response/Breach Management Program and interviews of stakeholders who are responsible and/or accountable in the response to a potential incident involving Covered Information including communications to regulators and impacted customers;
— Examination of evidence of tools deployed in the environment to detect and analyze potential threats to Covered Information.
Results summary SCE has established an Information Security Program and organization that is responsible for the design and implementation of both physical and logical information security controls to protect Covered Information. Formal policies and procedures have been established and implemented that address specific administrative, physical and technical controls to protect Covered Information. Monitoring procedures are in place to detect and address non-compliance with policies and procedures. Various technical controls have been implemented to prevent and detect network security breaches and unauthorized access to systems containing Covered Information. A process is also in place to report and track potential security incidents to help ensure they are resolved and measures are implemented to prevent similar events from occurring into the future.
Exception No exceptions noted.
Risk level -
Risk implication -
Recommendation -
– 20 –
© 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 576245
The KPMG name and logo are registered trademarks or trademarks of KPMG International.
Rule 9: Accountability and auditing
KPMG assessment procedures
KPMG assessed SCE’s overall Customer Data Privacy and Cybersecurity program, focusing on:
— Review of documentation supporting each program as well as SCE’s communication of these policies to both employees and contractors;
— Review of executive support and sponsorship of Customer Data Privacy and Cybersecurity including the individuals and roles responsible and accountable for Customer Data Privacy and Cybersecurity throughout the enterprise;
— Interviews with members of SCE Executive Management to understand leadership’s views on customer data protection;
— Review of the process to receive, track and resolve customer complaints, disputes, and inquires related to the protection of Covered Information. Test procedures included a review of internal procedures, interviews with stakeholders involved in the Complaints process, and a walkthrough of the Customer Contact Center;
— Examination of employee training and awareness associated with the protection of Covered Information. This assessment included a review of enterprise-wide and targeted training materials provided to organizational units and contractors collecting, handling, storing, or transmitting Covered Information. Additionally, KPMG observed training compliance logs, meeting agendas, and attendance sheets maintained during PII training sessions.
Results summary SCE has developed company and department policies addressing the proper safeguarding of Covered Information. The Company has achieved a high level of maturity for its customer privacy program, including identifying a dedicated Privacy Compliance Program Leader and providing executive and management support, oversight, and visibility to key program metrics and performance indicators. In addition, the Privacy Compliance Program Leader collaborates with appropriate organizational units when working to finalize policies and procedures to protect Covered Information.
We also noted that a process exists to respond to complaints and inquiries levied by customers related to customer privacy. Company-wide privacy training has been implemented, and company representatives continue to identify opportunities to expand the training. Additionally, road shows as well as data privacy and security trainings have been rolled out to employees accessing Covered Information and are tracked for SCE employees.
Exception SCE does not provide CEUD-related training nor receive affirmations from contractors and third parties regarding the performance of required Privacy Training.
Risk level Low
Risk implication SCE contractors and third parties who collect, use, process or store Covered Information may not understand or be aware of Company policies and procedures for safeguarding sensitive information, thus increasing the risk of misuse of data or a potential data incident.
Recommendation SCE should consider implementing procedures, which require contractors and third parties to confirm their understanding of requirements addressing the safeguarding of Covered Information.
– 21
–
© 2
016
KP
MG
LLP
, a D
elaw
are
limite
d lia
bilit
y pa
rtne
rshi
p an
d th
e U
.S. m
embe
r fir
m o
f th
e K
PM
G n
etw
ork
of in
depe
nden
t m
embe
r fir
ms
affil
iate
d w
ith K
PM
G In
tern
atio
nal C
oope
rativ
e (“
KP
MG
Inte
rnat
iona
l”),
a S
wis
s en
tity.
All
right
s re
serv
ed. N
DP
PS
576
245
The
KP
MG
nam
e an
d lo
go a
re r
egis
tere
d tr
adem
arks
or
trad
emar
ks o
f K
PM
G In
tern
atio
nal.
Deta
iled
com
plian
ce te
sting
and
con
clusio
ns
CP
UC
RU
LE 2
- T
ran
spar
ency
(n
oti
ce)
Ove
rall
Co
ncl
usi
on
N
o e
xcep
tio
ns
no
ted
.
CP
UC
Ru
le 2
R
ule
d
escr
ipti
on
W
hen
pro
vid
ed:
Cov
ered
ent
ities
sha
ll pr
ovid
e w
ritte
n no
tice
whe
n co
nfirm
ing
a ne
w c
usto
mer
acc
ount
and
at
leas
t on
ce a
yea
r sh
all i
nfor
m
cust
omer
s ho
w t
hey
may
obt
ain
a co
py o
f th
e co
vere
d en
tity’
s no
tice
rega
rdin
g th
e ac
cess
ing,
col
lect
ion,
sto
rage
, use
, and
di
sclo
sure
of
cove
red
info
rmat
ion
and
shal
l pro
vide
a c
onsp
icuo
us li
nk t
o th
e no
tice
on t
he h
ome
page
of
thei
r w
ebsi
te, a
nd
shal
l inc
lude
a li
nk t
o th
eir
notic
e in
all
elec
tron
ic c
orre
spon
denc
e to
cus
tom
ers.
b
Ass
essm
ent
Pro
ced
ure
s A
sses
smen
t R
esu
lts
Exc
epti
on
s
1. D
eter
min
e w
heth
er S
CE
has
do
cum
ente
d po
licie
s ad
dres
sing
th
e pr
ovis
ion
of n
otic
e to
cu
stom
ers
of C
ompa
ny’s
dat
a co
llect
ion
and
hand
ling
tech
niqu
es.
1.a.
Rev
iew
ed t
he P
rivac
y C
ompl
ianc
e P
rogr
am M
anua
l and
not
ed t
hat
the
com
pany
’s P
rivac
y C
ompl
ianc
e P
rogr
am is
bas
ed o
n th
e F
air
Info
rmat
ion
Pra
ctic
e P
rinci
ples
(FIP
P) a
nd a
ddre
sses
the
co
ncep
ts o
f N
otic
e/A
war
enes
s: "T
he m
ost
fund
amen
tal p
rinci
ple
is n
otic
e. T
he in
divi
dual
mus
t be
giv
en
notic
e of
an
entit
y’s
info
rmat
ion
prac
tices
bef
ore
any
Per
sona
l Inf
orm
atio
n is
col
lect
ed f
rom
the
m."
1.b.
Rev
iew
ed t
he C
PU
C S
mar
t G
rid P
rivac
y D
ecis
ion
Trac
king
doc
umen
t an
d no
ted
that
Priv
acy
Com
plia
nce
iden
tifie
d th
at it
is r
equi
red
to p
rovi
de c
usto
mer
s w
ith m
eani
ngfu
l, cl
ear,
acc
urat
e, s
peci
fic,
and
com
preh
ensi
ve n
otic
e re
gard
ing
the
acce
ssin
g, c
olle
ctio
n, s
tora
ge, a
nd u
se a
nd d
iscl
osur
e of
C
over
ed In
form
atio
n.
1.c.
Rev
iew
ed t
he S
CE
web
site
and
obs
erve
d th
at a
link
to
the
Priv
acy
Not
ice
is in
clud
ed in
bol
d at
the
bo
ttom
of
the
hom
e pa
ge.
– 22
–
© 2
016
KP
MG
LLP
, a D
elaw
are
limite
d lia
bilit
y pa
rtne
rshi
p an
d th
e U
.S. m
embe
r fir
m o
f th
e K
PM
G n
etw
ork
of in
depe
nden
t m
embe
r fir
ms
affil
iate
d w
ith K
PM
G In
tern
atio
nal C
oope
rativ
e (“
KP
MG
Inte
rnat
iona
l”),
a S
wis
s en
tity.
All
right
s re
serv
ed. N
DP
PS
576
245
The
KP
MG
nam
e an
d lo
go a
re r
egis
tere
d tr
adem
arks
or
trad
emar
ks o
f K
PM
G In
tern
atio
nal.
1.d.
Met
with
Dire
ctor
, Com
plia
nce,
Pol
icie
s &
Info
rmat
ion
Gov
erna
nce,
and
was
info
rmed
tha
t th
e P
rivac
y C
ompl
ianc
e P
rogr
am M
anag
er d
evel
oped
the
Priv
acy
Not
ice
base
d on
the
CP
UC
Priv
acy
Dec
isio
n.
2. D
eter
min
e w
heth
er a
pr
oced
ure
exis
ts t
o en
sure
new
cu
stom
ers
rece
ive
notic
e of
the
C
ompa
ny’s
priv
acy
polic
y up
on
regi
stra
tion
and
annu
ally
th
erea
fter
. In
addi
tion,
a
proc
edur
e ex
ists
to
trac
k pr
ior
itera
tions
of
the
priv
acy
polic
y.
2. R
evie
wed
the
CP
UC
Sm
art
Grid
Priv
acy
Dec
isio
n Tr
acki
ng d
ocum
ent
and
note
d th
at it
pro
vide
s cu
stom
er w
ritte
n no
tice
whe
n co
nfirm
ing
a ne
w c
usto
mer
acc
ount
. At
leas
t on
ce a
yea
r S
CE
sha
ll in
form
cus
tom
er h
ow t
hey
may
obt
ain
a co
py o
f co
vere
d en
tity
notic
e re
gard
ing
the
acce
ssin
g,
colle
ctio
n, s
tora
ge, u
se, a
nd d
iscl
osur
e of
Cov
ered
Info
rmat
ion.
Als
o no
ted
that
the
re is
a p
roce
dure
in
plac
e to
tra
ck p
rior
itera
tions
of
the
priv
acy
polic
y.
3. D
eter
min
e w
heth
er S
CE
pr
ovid
es n
otic
e to
cus
tom
ers
on
an a
nnua
l bas
is a
nd w
hen
sign
ing
up n
ew c
usto
mer
s as
re
quire
d by
the
CP
UC
reg
ulat
ion.
3.a.
Rev
iew
ed t
he C
PU
C S
mar
t G
rid P
rivac
y D
ecis
ion
Trac
king
doc
umen
t an
d no
ted
that
it p
rovi
des
cust
omer
writ
ten
notic
e w
hen
conf
irmin
g a
new
cus
tom
er a
ccou
nt. A
t le
ast
once
a y
ear
SC
E s
hall
info
rm c
usto
mer
s ho
w t
hey
may
obt
ain
a co
py o
f co
vere
d en
tity
notic
e re
gard
ing
the
acce
ssin
g,
colle
ctio
n, s
tora
ge, u
se, a
nd d
iscl
osur
e of
Cov
ered
Info
rmat
ion.
3.b.
Rev
iew
ed r
espo
nse
from
Sr.
Man
ager
Dig
ital t
eam
, not
ed t
hat
new
cus
tom
ers
rece
ive
an e
mai
l or
post
car
d up
on r
egis
terin
g fo
r a
new
acc
ount
. The
not
ice
incl
udes
a li
nk t
o th
e pr
ivac
y no
tice.
The
def
ault
is t
o se
nd a
not
ice
by e
mai
l, bu
t po
st c
ards
are
sen
t to
new
cus
tom
ers
who
do
not
prov
ide
an e
mai
l ad
dres
s.
3.c.
Rev
iew
ed t
he A
nnua
l Bill
Inse
rts
incl
uded
with
the
Nov
embe
r 20
15 b
ills
for
resi
dent
ial a
nd
com
mer
cial
cus
tom
ers
title
d C
usto
mer
Con
nect
ion
and
note
d th
at it
incl
udes
a li
nk t
o th
e P
rivac
y N
otic
e an
d an
ale
rt r
elat
ed t
o cu
stom
er s
cam
s.
3.d.
Rev
iew
ed li
stin
g of
new
acc
ount
reg
istr
atio
ns b
etw
een
May
23,
201
5 an
d Ju
ne 5
, 201
5 an
d no
ted
that
cus
tom
ers
who
rec
eive
d ne
w c
usto
mer
not
ices
wer
e fla
gged
.
3.e.
Rev
iew
ed r
espo
nse
from
Sr.
Man
ager
, Dig
ital,
note
d th
at 1
1,82
1 ne
w c
usto
mer
wel
com
e em
ails
w
ere
sent
bet
wee
n M
ay 2
3, 2
015
and
June
5, 2
015.
3.f.
Rev
iew
ed e
mai
l cor
resp
onde
nce
betw
een
the
Priv
acy
Com
plia
nce
Pro
gram
Lea
der
and
Mar
ketin
g O
pera
tions
con
firm
ing
dist
ribut
ion
of t
he a
nnua
l priv
acy
notic
e w
ith t
he N
ovem
ber
2015
bill
s.
– 23
–
© 2
016
KP
MG
LLP
, a D
elaw
are
limite
d lia
bilit
y pa
rtne
rshi
p an
d th
e U
.S. m
embe
r fir
m o
f th
e K
PM
G n
etw
ork
of in
depe
nden
t m
embe
r fir
ms
affil
iate
d w
ith K
PM
G In
tern
atio
nal C
oope
rativ
e (“
KP
MG
Inte
rnat
iona
l”),
a S
wis
s en
tity.
All
right
s re
serv
ed. N
DP
PS
576
245
The
KP
MG
nam
e an
d lo
go a
re r
egis
tere
d tr
adem
arks
or
trad
emar
ks o
f K
PM
G In
tern
atio
nal.
CP
UC
Ru
le 2
R
ule
d
escr
ipti
on
Fo
rm:
The
notic
e sh
all b
e la
belle
d N
otic
e of
Acc
essi
ng, C
olle
ctin
g, S
torin
g, U
sing
and
Dis
clos
ing
Ene
rgy
Usa
ge In
form
atio
n
(1) b
e w
ritte
n in
eas
ily u
nder
stan
dabl
e la
ngua
ge, a
nd
(2) b
e no
long
er t
han
is n
eces
sary
to
conv
ey t
he r
equi
site
info
rmat
ion.
c(1)
-(2)
Ass
essm
ent
pro
ced
ure
s A
sses
smen
t re
sult
s E
xcep
tio
ns
1. R
evie
w S
CE
’s m
etho
ds f
or
prov
idin
g cu
stom
ers
notic
e ab
out
thei
r pr
ivac
y an
d ac
cess
ing
the
priv
acy
notic
e.
1.a.
Rev
iew
ed S
CE
.com
and
not
ed t
hat
the
"Priv
acy
Not
ice"
link
is in
clud
ed o
n th
e bo
ttom
of
each
pag
e w
ithin
the
site
tre
e. U
sers
may
acc
ess
any
of t
hese
Not
ices
fro
m t
he le
ft n
avig
atio
n pa
ne, w
ithin
the
P
rivac
y N
otic
e pa
ge o
n S
CE
.com
, or
by c
licki
ng t
he h
yper
links
with
in t
he N
otic
e.
1.b.
Rev
iew
ed C
usto
mer
Wel
com
e Le
tter
s an
d th
e A
nnua
l Bill
inse
rt s
ent
to c
usto
mer
s an
d no
ted
that
th
ey c
onta
in t
he U
RL
at w
hich
cus
tom
ers
can
find
the
Not
ice
of A
cces
sing
, Col
lect
ing,
Sto
ring,
Usi
ng
and
Dis
clos
ing
Ene
rgy
Usa
ge In
form
atio
n on
line
1.c.
Rev
iew
ed s
ampl
e sy
stem
-gen
erat
ed e
mai
ls f
rom
SC
E a
nd o
bser
ved
that
a li
nk t
o th
e P
rivac
y N
otic
e is
incl
uded
at
the
bott
om o
f th
e em
ail.
2. D
eter
min
e w
heth
er a
pr
oced
ure
exis
ts t
o re
view
the
re
adab
ility
of
the
priv
acy
notic
e an
d m
ake
upda
tes
base
d on
cu
stom
er f
eedb
ack
rela
ted
to
read
abili
ty a
nd c
onte
nt.
2.a.
Rev
iew
ed t
he C
PU
C S
mar
t G
rid P
rivac
y D
ecis
ion
Trac
king
doc
umen
t an
d no
tes
that
SC
E s
hall
prov
ide
to c
usto
mer
s up
on r
eque
st c
onve
nien
t an
d se
cure
acc
ess
to t
heir
Cov
ered
Info
rmat
ion:
(1) i
n an
ea
sily
rea
dabl
e fo
rmat
tha
t is
at
a le
vel n
o le
ss d
etai
led
than
tha
t at
whi
ch t
he c
over
ed e
ntity
dis
clos
es
the
data
to
third
par
ties.
(2) T
he C
omm
issi
on s
hall,
by
subs
eque
nt r
ule,
pre
scrib
e w
hat
is a
rea
sona
ble
time
for
resp
ondi
ng t
o cu
stom
er r
eque
sts
for
acce
ss.
2.b.
Rev
iew
ed t
he S
CE
web
site
and
obs
erve
d th
at it
is a
vaila
ble
in E
nglis
h, S
pani
sh, C
hine
se, K
orea
n,
and
Vie
tnam
ese.
The
link
s to
the
Not
ice
of A
cces
sing
, Col
lect
ing,
Sto
ring,
Usi
ng a
nd D
iscl
osin
g E
nerg
y U
sage
Info
rmat
ion
are
prov
ided
in t
he n
ativ
e la
ngua
ge, t
houg
h th
e la
ngua
ge it
self
is o
nly
prov
ided
in
Eng
lish.
3. D
eter
min
e w
heth
er S
CE
’s
Priv
acy
Not
ice
is w
ritte
n in
an
easy
-to-
unde
rsta
nd la
ngua
ge.
3. R
evie
wed
Not
ice
of A
cces
sing
, Col
lect
ing,
Sto
ring,
Usi
ng a
nd D
iscl
osin
g E
nerg
y U
sage
Info
rmat
ion
and
note
d th
at it
is w
ritte
n at
a 1
6th
grad
e Fl
esch
-Kin
caid
rea
ding
leve
l (i.e
. bes
t un
ders
tood
by
thos
e w
ith f
our
year
s of
uni
vers
ity-le
vel t
rain
ing)
.
– 24
–
© 2
016
KP
MG
LLP
, a D
elaw
are
limite
d lia
bilit
y pa
rtne
rshi
p an
d th
e U
.S. m
embe
r fir
m o
f th
e K
PM
G n
etw
ork
of in
depe
nden
t m
embe
r fir
ms
affil
iate
d w
ith K
PM
G In
tern
atio
nal C
oope
rativ
e (“
KP
MG
Inte
rnat
iona
l”),
a S
wis
s en
tity.
All
right
s re
serv
ed. N
DP
PS
576
245
The
KP
MG
nam
e an
d lo
go a
re r
egis
tere
d tr
adem
arks
or
trad
emar
ks o
f K
PM
G In
tern
atio
nal.
CP
UC
Ru
le 2
R
ule
d
escr
ipti
on
C
on
ten
t: T
he n
otic
e an
d th
e po
sted
priv
acy
polic
y sh
all s
tate
cle
arly
:
(1) t
he id
entit
y of
the
cov
ered
ent
ity,
(2) t
he e
ffec
tive
date
of
the
notic
e or
pos
ted
priv
acy
polic
y,
(3) t
he c
over
ed e
ntity
’s p
roce
ss f
or a
lterin
g th
e no
tice
or p
oste
d pr
ivac
y po
licy,
incl
udin
g ho
w t
he c
usto
mer
will
be
info
rmed
of
any
alte
ratio
ns, a
nd w
here
prio
r ve
rsio
ns w
ill b
e m
ade
avai
labl
e to
cus
tom
ers,
and
(4) t
he t
itle
and
cont
act
info
rmat
ion,
incl
udin
g em
ail a
ddre
ss, p
osta
l add
ress
, and
tel
epho
ne n
umbe
r, o
f an
off
icia
l at
the
cove
red
entit
y w
ho c
an a
ssis
t th
e cu
stom
er w
ith p
rivac
y qu
estio
ns, c
once
rns,
or
com
plai
nts
rega
rdin
g th
e co
llect
ion,
sto
rage
, us
e, o
r di
strib
utio
n of
cov
ered
info
rmat
ion.
d(1
)-(4
)
Ass
essm
ent
pro
ced
ure
s A
sses
smen
t re
sult
s E
xcep
tio
ns
1. U
nder
stan
d th
e pr
oced
ures
in
plac
e to
iden
tify
cove
red
entit
ies
and
dete
rmin
e w
heth
er t
he
effe
ctiv
e da
te is
indi
cate
d in
the
re
leva
nt d
ocum
enta
tion.
1. R
evie
wed
the
Priv
acy
Not
ice
and
Not
ice
of A
cces
sing
, Col
lect
ing,
Sto
ring,
Usi
ng, a
nd D
iscl
osin
g C
over
ed In
form
atio
n on
the
Com
pany
web
site
and
obs
erve
d th
at t
hey
iden
tify
SC
E a
s th
e co
vere
d en
tity
and
incl
ude
the
notic
e ef
fect
ive
date
and
link
s to
pre
viou
s (D
ated
) ver
sion
s of
the
not
ice.
2. U
nder
stan
d ho
w t
he
regu
lato
ry r
equi
rem
ents
, m
anag
emen
t re
view
and
ap
prov
al p
roce
ss w
orks
, in
clud
ing
pote
ntia
l alte
ratio
ns o
f th
e pr
ivac
y po
licie
s.
2.a.
Rev
iew
ed t
he P
rivac
y P
rogr
am M
anua
l and
Priv
acy
Pol
icy
and
note
d th
at t
hat
it do
es n
ot d
etai
l the
pr
oces
s fo
r re
visi
ng S
CE
’s p
rivac
y po
licy,
incl
udin
g w
hat
circ
umst
ance
s tr
igge
r re
visi
ons,
the
st
akeh
olde
rs in
volv
ed, d
eadl
ines
for
sub
mis
sion
s, a
nd g
uide
lines
for
cre
atin
g an
d di
strib
utin
g dr
afts
of
revi
sion
s.
2.b.
Rev
iew
ed t
he C
ompl
ianc
e C
oord
inat
ion
& E
CM
S D
eplo
ymen
t 20
15 d
ocum
ent
and
note
d th
at E
CM
S
was
dep
loye
d w
ithin
the
Com
pany
to
cent
raliz
e co
mpl
ianc
e re
quire
men
ts a
nd m
onito
r an
d tr
ack
com
plia
nce
stat
us a
nd a
ccou
ntab
ility
.
2.c.
Met
with
Priv
acy
Com
plia
nce
Pro
gram
Lea
der,
and
was
info
rmed
tha
t th
e C
ompa
ny u
ses
a co
mpl
ianc
e tr
acki
ng s
yste
m t
o id
entif
y an
d tr
ack
priv
acy
com
plia
nce
requ
irem
ents
. The
Priv
acy
Com
plia
nce
Pro
gram
will
wor
k w
ith t
he L
aw D
epar
tmen
t to
inte
rpre
t re
gula
tory
req
uire
men
ts a
nd u
se
the
trac
king
sys
tem
to
assi
gn c
ontr
ol o
wne
rs w
ho a
re r
espo
nsib
le f
or im
plem
entin
g th
e re
quire
men
ts.
2.d.
Met
with
Dire
ctor
, Com
plia
nce,
Pol
icie
s &
Info
rmat
ion
Gov
erna
nce,
and
was
info
rmed
tha
t th
e P
rivac
y C
ompl
ianc
e pr
ogra
m is
a c
entr
aliz
ed f
unct
ion
with
in S
CE
tha
t es
tabl
ishe
s ce
ntra
lized
gui
delin
es
that
the
Ope
ratin
g U
nits
mus
t im
plem
ent.
2.e.
Met
with
Sr.
Att
orne
y, L
aw d
epar
tmen
t, a
nd w
as in
form
ed t
hat
she
is t
he a
ttor
ney
assi
gned
to
priv
acy
regu
latio
ns a
nd w
ould
not
ify t
he P
rivac
y C
ompl
ianc
e P
rogr
am L
eade
r if
a ne
w c
hang
e is
req
uire
d.
3. In
spec
t or
igin
al a
nd r
evis
ion
date
s of
pol
icie
s to
det
erm
ine
if ac
tual
upd
ates
/edi
ts a
re m
ade
befo
re a
ppro
vals
.
3. R
evie
wed
the
Priv
acy
Not
ice
and
Not
ice
of A
cces
sing
, Col
lect
ing,
Sto
ring,
Usi
ng, a
nd D
iscl
osin
g C
over
ed In
form
atio
n on
the
Com
pany
web
site
and
obs
erve
d th
e no
tice
effe
ctiv
e da
te a
nd li
nks
to
prev
ious
(Dat
ed) v
ersi
ons
of t
he n
otic
e th
at h
ave
been
sup
erse
ded
over
tim
e.
– 25
–
© 2
016
KP
MG
LLP
, a D
elaw
are
limite
d lia
bilit
y pa
rtne
rshi
p an
d th
e U
.S. m
embe
r fir
m o
f th
e K
PM
G n
etw
ork
of in
depe
nden
t m
embe
r fir
ms
affil
iate
d w
ith K
PM
G In
tern
atio
nal C
oope
rativ
e (“
KP
MG
Inte
rnat
iona
l”),
a S
wis
s en
tity.
All
right
s re
serv
ed. N
DP
PS
576
245
The
KP
MG
nam
e an
d lo
go a
re r
egis
tere
d tr
adem
arks
or
trad
emar
ks o
f K
PM
G In
tern
atio
nal.
4. D
eter
min
e ho
w S
CE
info
rms
cust
omer
s of
any
alte
ratio
ns t
o th
e P
rivac
y N
otic
e an
d w
here
pr
ior
vers
ions
will
be
mad
e av
aila
ble
to c
usto
mer
s.
4. R
evie
wed
the
Priv
acy
Not
ice
and
Not
ice
of A
cces
sing
, Col
lect
ing,
Sto
ring,
Usi
ng, a
nd D
iscl
osin
g C
over
ed In
form
atio
n on
the
Com
pany
web
site
and
obs
erve
d th
e no
tice
effe
ctiv
e da
te a
nd li
nks
to
prev
ious
(Dat
ed) v
ersi
ons
of t
he n
otic
e th
at h
ave
been
sup
erse
ded
over
tim
e.
5. E
xam
ine
whe
ther
SC
E’s
pr
ivac
y no
tices
to
iden
tify
whe
ther
the
titl
e an
d co
ntac
t in
form
atio
n (in
clud
ing
emai
l ad
dres
s, p
osta
l add
ress
and
te
leph
one
num
ber)
of
an o
ffic
ial
at t
he c
over
ed e
ntity
is in
dica
ted,
w
ho c
an a
ssis
t th
e cu
stom
er
with
pot
entia
l priv
acy
ques
tions
, co
ncer
ns, o
r co
mpl
aint
s.
5. R
evie
wed
Not
ice
of A
cces
sing
, Col
lect
ing,
Sto
ring,
Usi
ng, a
nd D
iscl
osin
g E
nerg
y U
sage
Info
rmat
ion
onlin
e an
d no
ted
that
it p
rovi
des
cust
omer
s w
ith t
he t
elep
hone
num
ber
and
post
al a
ddre
ss o
f cu
stom
er
serv
ice
repr
esen
tativ
es w
ho c
an h
elp
with
que
stio
ns, c
once
rns,
and
dis
pute
s re
gard
ing
priv
acy.
Fur
ther
, it
prov
ides
a li
nk t
o co
mm
unic
ate
via
emai
l.
6. D
eter
min
e w
heth
er a
spe
cific
pe
rson
or
grou
p w
ithin
SC
E is
re
spon
sibl
e or
acc
ount
able
for
pr
ivac
y an
d se
curit
y po
licy
deve
lopm
ent,
impl
emen
tatio
n,
mon
itorin
g, e
nfor
cing
and
up
datin
g.
6.a.
Rev
iew
ed t
he P
rivac
y C
ompl
ianc
e P
rogr
am M
anua
l and
not
ed t
hat
the
Priv
acy
Com
plia
nce
Pro
gram
Le
ader
and
tea
m is
res
pons
ible
for
priv
acy
polic
y an
d pr
oced
ure
deve
lopm
ent,
impl
emen
tatio
n,
mon
itorin
g, e
nfor
cing
, and
upd
atin
g.
6.b.
Rev
iew
ed t
he C
PU
C S
mar
t G
rid D
ata
Priv
acy
Dec
isio
n R
equi
rem
ents
Tra
ckin
g sh
eet
and
note
d th
at
the
Priv
acy
Com
plia
nce
Pro
gram
Lea
der
is r
espo
nsib
le f
or d
evel
opin
g, c
oord
inat
ing,
and
impl
emen
ting
a co
nsis
tent
set
of
priv
acy
and
secu
rity
rule
s, a
nd r
elat
ed c
usto
mer
info
rmat
ion
requ
est
form
s as
ado
pted
in
D.1
1-07
-056
.
6.c.
Met
with
Priv
acy
Com
plia
nce
Pro
gram
Lea
der,
and
was
info
rmed
tha
t he
is r
espo
nsib
le f
or t
he
onlin
e P
rivac
y N
otic
e an
d w
ill w
ork
with
the
Law
Dep
artm
ent
to id
entif
y an
y re
quire
d ch
ange
s an
d en
sure
the
pol
icy
is u
pdat
ed.
– 26
–
© 2
016
KP
MG
LLP
, a D
elaw
are
limite
d lia
bilit
y pa
rtne
rshi
p an
d th
e U
.S. m
embe
r fir
m o
f th
e K
PM
G n
etw
ork
of in
depe
nden
t m
embe
r fir
ms
affil
iate
d w
ith K
PM
G In
tern
atio
nal C
oope
rativ
e (“
KP
MG
Inte
rnat
iona
l”),
a S
wis
s en
tity.
All
right
s re
serv
ed. N
DP
PS
576
245
The
KP
MG
nam
e an
d lo
go a
re r
egis
tere
d tr
adem
arks
or
trad
emar
ks o
f K
PM
G In
tern
atio
nal.
CP
UC
RU
LE 3
- P
urp
ose
sp
ecif
icat
ion
Ove
rall
Co
ncl
usi
on
N
o e
xcep
tio
ns
no
ted
.
CP
UC
R
ule
3
Ru
le D
escr
ipti
on
C
ateg
ori
es o
f In
form
atio
n:
(1) E
ach
cate
gory
of
cove
red
info
rmat
ion
colle
cted
, use
d, s
tore
d or
dis
clos
ed b
y th
e co
vere
d en
tity,
and
, for
eac
h ca
tego
ry o
f co
vere
d in
form
atio
n, t
he r
easo
nabl
y sp
ecifi
c pu
rpos
es f
or w
hich
it w
ill b
e co
llect
ed, s
tore
d, u
sed,
or
disc
lose
d,
(2) e
ach
cate
gory
of
cove
red
info
rmat
ion
that
is d
iscl
osed
to
third
par
ties,
and
, for
eac
h su
ch c
ateg
ory,
(i) t
he p
urpo
ses
for
whi
ch it
is d
iscl
osed
, and
(ii)
the
cate
gorie
s of
thi
rd p
artie
s to
whi
ch it
is d
iscl
osed
, and
(3) t
he id
entit
ies
of t
hose
thi
rd p
artie
s to
who
m d
ata
is d
iscl
osed
for
sec
onda
ry p
urpo
ses,
and
the
sec
onda
ry p
urpo
ses
for
whi
ch t
he in
form
atio
n is
dis
clos
ed.
a(1)
-(3)
Ass
essm
ent
pro
ced
ure
s A
sses
smen
t re
sult
s E
xcep
tio
ns
1. D
eter
min
e w
heth
er S
CE
’s
Priv
acy
Not
ice
docu
men
ts t
he (1
) ca
tego
ries
and
purp
oses
of
Cov
ered
Info
rmat
ion
colle
cted
, us
ed, s
tore
d or
dis
clos
ed, (
2)
each
cat
egor
y of
Cov
ered
In
form
atio
n th
at is
dis
clos
ed t
o th
ird p
artie
s an
d pu
rpos
e of
di
sclo
sure
, and
(3) t
he id
entit
ies
of t
hose
thi
rd p
artie
s w
ith w
hom
C
over
ed In
form
atio
n is
sha
red
for
seco
ndar
y pu
rpos
es.
1. R
evie
wed
Not
ice
of A
cces
sing
, Col
lect
ing,
Sto
ring,
Usi
ng, a
nd D
iscl
osin
g E
nerg
y U
sage
In
form
atio
n on
line
and
note
d th
at it
pro
vide
s:
—Th
e ki
nd o
f in
form
atio
n th
at w
ill b
e co
llect
ed f
rom
and
abo
ut c
usto
mer
s;
—H
ow t
hat
info
rmat
ion
will
be
used
, sto
red,
and
pro
tect
ed;
—In
wha
t ca
ses
cust
omer
info
rmat
ion
will
be
disc
lose
d to
thi
rd p
artie
s; a
nd
—To
who
m c
usto
mer
info
rmat
ion
will
be
pote
ntia
lly d
iscl
osed
in t
he o
utlin
ed c
ircum
stan
ces.
2. D
eter
min
e w
heth
er S
CE
tra
cks
the
cate
gorie
s of
age
nts,
co
ntra
ctor
s an
d ot
her
third
par
ties
to w
hich
the
y di
sclo
se C
over
ed
Info
rmat
ion
for
a pr
imar
y pu
rpos
e.
2.a.
Rev
iew
ed t
he C
ompa
ny’s
201
5 A
nnua
l Priv
acy
Rep
ort
and
note
d th
at S
CE
dis
clos
ed C
over
ed
Info
rmat
ion
for
a pr
imar
y pu
rpos
e to
147
cus
tom
er-a
utho
rized
thi
rd p
artie
s vi
a th
e G
reen
But
ton
conn
ect
prog
ram
(Opt
ion
5 on
the
CIS
R F
orm
), 16
ven
dors
und
er c
ontr
act,
and
1 E
nerg
y D
ata
Cen
ter
as a
utho
rized
und
er t
he “
Ene
rgy
Dat
a C
ente
r” d
ecis
ion,
D.1
4-05
-016
. 2.
b. M
et w
ith S
r. M
anag
er, C
yber
secu
rity
and
was
info
rmed
tha
t S
CE
has
a r
isk
man
agem
ent
prog
ram
in p
lace
whi
ch r
anks
sup
plie
rs b
y ris
k le
vels
and
tra
cks
whe
ther
sup
plie
rs h
ave
acce
ss t
o C
over
ed In
form
atio
n th
roug
h a
ques
tionn
aire
s an
d an
nual
ris
k as
sess
men
t. A
lso,
not
ed t
hat
Cyb
erse
curit
y w
as n
ot in
volv
ed in
the
coo
rdin
atio
n w
ith S
uppl
y C
hain
in 2
015,
as
it w
as a
new
pr
oces
s.
– 27
–
© 2
016
KP
MG
LLP
, a D
elaw
are
limite
d lia
bilit
y pa
rtne
rshi
p an
d th
e U
.S. m
embe
r fir
m o
f th
e K
PM
G n
etw
ork
of in
depe
nden
t m
embe
r fir
ms
affil
iate
d w
ith K
PM
G In
tern
atio
nal C
oope
rativ
e (“
KP
MG
Inte
rnat
iona
l”),
a S
wis
s en
tity.
All
right
s re
serv
ed. N
DP
PS
576
245
The
KP
MG
nam
e an
d lo
go a
re r
egis
tere
d tr
adem
arks
or
trad
emar
ks o
f K
PM
G In
tern
atio
nal.
2.c.
Rev
iew
ed t
he C
yber
secu
rity
Sta
ndar
d: T
hird
Par
ty P
rovi
ders
and
det
erm
ined
tha
t th
ird p
artie
s re
quiri
ng a
cces
s to
com
pany
com
putin
g sy
stem
s or
ele
ctro
nic
data
mus
t pa
rtic
ipat
e in
and
com
plet
e th
e cy
bers
ecur
ity r
isk
asse
ssm
ent
proc
ess
befo
re t
hey
are
allo
wed
to
acce
ss c
ompa
ny c
ompu
ting
syst
ems
or e
lect
roni
c da
ta.
3. D
eter
min
e w
heth
er a
pr
oced
ure
exis
ts t
o en
sure
new
cu
stom
ers
rece
ive
notic
e of
C
ompa
ny’s
rea
sons
for
col
lect
ing,
us
ing,
sto
ring,
or
disc
losi
ng
Cov
ered
Info
rmat
ion.
3.a.
Rev
iew
ed t
he C
PU
C S
mar
t G
rid P
rivac
y D
ecis
ion
Trac
king
doc
umen
t an
d no
ted
that
it p
rovi
des
cust
omer
writ
ten
notic
e w
hen
conf
irmin
g a
new
cus
tom
er a
ccou
nt. A
t le
ast
once
a y
ear
SC
E s
hall
info
rm c
usto
mer
how
the
y m
ay o
btai
n a
copy
of
cove
red
entit
y no
tice
rega
rdin
g th
e ac
cess
ing,
co
llect
ion,
sto
rage
, use
, and
dis
clos
ure
of C
over
ed In
form
atio
n.
3.b.
Rev
iew
ed r
espo
nse
from
Sr.
Man
ager
, Dig
ital t
eam
, not
ed t
hat
new
cus
tom
ers
rece
ive
an e
mai
l or
pos
t ca
rd u
pon
regi
ster
ing
for
a ne
w a
ccou
nt. T
he n
otic
e in
clud
es a
link
to
the
priv
acy
notic
e. T
he
defa
ult
is t
o se
nd t
he n
otic
e by
em
ail,
but
post
car
ds a
re s
ent
to n
ew c
usto
mer
s w
ho d
o no
t pr
ovid
e an
em
ail a
ddre
ss.
3.c.
Rev
iew
ed A
nnua
l Bill
inse
rts
incl
uded
with
the
Nov
embe
r 20
15 b
ills
for
resi
dent
ial a
nd
com
mer
cial
cus
tom
ers
title
d C
usto
mer
Con
nect
ion
and
note
d th
at it
incl
udes
a li
nk t
o th
e P
rivac
y N
otic
e an
d an
ale
rt r
elat
ed t
o cu
stom
er s
cam
s.
4. D
eter
min
e w
heth
er S
CE
ef
fect
ivel
y m
onito
rs c
ompl
ianc
e w
ith it
s co
llect
ion,
use
, sto
rage
, an
d di
sclo
sure
pra
ctic
es.
4.a.
Rev
iew
ed t
he C
ompl
ianc
e C
oord
inat
ion
& E
nter
pris
e C
ompl
ianc
e M
anag
emen
t S
yste
m (E
CM
S)
Dep
loym
ent
2015
doc
umen
t an
d no
ted
that
EC
MS
was
dep
loye
d w
ithin
the
Com
pany
to
cent
raliz
e co
mpl
ianc
e re
quire
men
ts a
nd m
onito
r an
d tr
ack
com
plia
nce
stat
us a
nd a
ccou
ntab
ility
.
4.b.
Met
with
Priv
acy
Com
plia
nce
Pro
gram
Lea
der,
and
Sr.
Att
orne
y, L
aw D
epar
tmen
t, a
nd w
as
info
rmed
tha
t as
par
t of
the
Priv
acy
Com
plia
nce
Pro
gram
, the
Priv
acy
Com
plia
nce
and
Law
D
epar
tmen
t ar
e in
volv
ed in
mon
itorin
g co
mpl
ianc
e re
quire
men
ts f
rom
the
CP
UC
(with
the
Law
D
epar
tmen
t ha
ving
dire
ct c
onta
ct w
ith t
he C
PU
C),
indu
stry
tra
de g
roup
s, a
nd in
tera
ctio
n w
ith o
ther
ut
ilitie
s. C
ompl
ianc
e an
d re
port
ing
requ
irem
ents
are
inpu
tted
by
the
Priv
acy
Com
plia
nce
Pro
gram
Le
ader
and
ver
ified
by
the
Law
Dep
artm
ent
via
the
EC
MS
sys
tem
, whi
ch a
ssig
ns a
uni
que
proc
ess
owne
r an
d id
entif
ies
rele
vant
con
trol
s in
ord
er t
o en
sure
com
plia
nce
4.c.
Met
with
Man
ager
, Aud
it S
ervi
ces,
and
was
info
rmed
tha
t A
udit
Ser
vice
s pe
rfor
ms
seve
ral
audi
ts e
ach
year
ass
ocia
ted
with
ent
erpr
ise
risks
. In
2015
, thr
ee a
udits
wer
e co
nduc
ted
rela
ted
to
priv
acy
and
secu
rity,
how
ever
non
e of
the
se a
udits
dire
ctly
dea
lt w
ith C
over
ed In
form
atio
n.
4.d.
Rev
iew
ed t
he D
ata
Priv
acy
Gov
erna
nce
Aud
it re
port
per
form
ed b
y A
udit
Ser
vice
s du
ring
the
cove
red
perio
d an
d no
ted
that
Aud
it S
ervi
ces
dete
rmin
ed t
hat
the
priv
acy
prog
ram
is w
ell d
esig
ned
and
impl
emen
ted
and
conc
lude
d th
e au
dit
as “
satis
fact
ory
with
exc
eptio
ns.”
– 28
–
© 2
016
KP
MG
LLP
, a D
elaw
are
limite
d lia
bilit
y pa
rtne
rshi
p an
d th
e U
.S. m
embe
r fir
m o
f th
e K
PM
G n
etw
ork
of in
depe
nden
t m
embe
r fir
ms
affil
iate
d w
ith K
PM
G In
tern
atio
nal C
oope
rativ
e (“
KP
MG
Inte
rnat
iona
l”),
a S
wis
s en
tity.
All
right
s re
serv
ed. N
DP
PS
576
245
The
KP
MG
nam
e an
d lo
go a
re r
egis
tere
d tr
adem
arks
or
trad
emar
ks o
f K
PM
G In
tern
atio
nal.
CP
UC
R
ule
3
Ru
le D
escr
ipti
on
R
eten
tio
n T
ime:
The
notic
e re
quire
d un
der
sect
ion
2 sh
all p
rovi
de:
The
appr
oxim
ate
perio
d of
tim
e th
at c
over
ed in
form
atio
n w
ill b
e re
tain
ed b
y th
e co
vere
d en
tity;
b
Ass
essm
ent
pro
ced
ure
s A
sses
smen
t re
sult
s E
xcep
tio
ns
1. D
eter
min
e w
heth
er S
CE
’s
Priv
acy
Not
ice
addr
esse
s th
e re
tent
ion
of C
over
ed In
form
atio
n.
1. R
evie
wed
the
Not
ice
of A
cces
sing
, Col
lect
ing,
Sto
ring,
Usi
ng a
n D
iscl
osin
g E
nerg
y U
sage
In
form
atio
n, p
ublic
ly a
vaila
ble
on S
CE
.com
, and
not
ed t
hat
the
notic
e ad
dres
ses
the
rete
ntio
n of
en
ergy
usa
ge in
form
atio
n "W
e w
ill r
etai
n al
l Ene
rgy
Usa
ge in
form
atio
n in
com
plia
nce
with
the
law
an
d on
ly a
s lo
ng a
s re
ason
ably
nec
essa
ry o
r as
aut
horiz
ed b
y th
e C
PU
C t
o ac
com
plis
h on
e of
the
pr
imar
y pu
rpos
es d
escr
ibed
abo
ve o
r fo
r a
purp
ose
that
you
spe
cific
ally
aut
horiz
e."
CP
UC
R
ule
3
Ru
le d
escr
ipti
on
C
ust
om
er L
imit
atio
n:
The
notic
e re
quire
d un
der
sect
ion
2 sh
all p
rovi
de a
des
crip
tion
of
(1) t
he m
eans
by
whi
ch c
usto
mer
s m
ay v
iew
, inq
uire
abo
ut, o
r di
sput
e th
eir
cove
red
info
rmat
ion
c(1)
Ass
essm
ent
pro
ced
ure
s A
sses
smen
t re
sult
s E
xcep
tio
ns
1. D
eter
min
e w
heth
er S
CE
’s
Priv
acy
Not
ice
addr
esse
s cu
stom
ers’
abi
lity
to v
iew
, in
quire
, or
disp
ute
thei
r C
over
ed
Info
rmat
ion
or o
ther
PII.
1.a.
Rev
iew
ed t
he N
otic
e of
Acc
essi
ng, C
olle
ctin
g, S
torin
g, U
sing
and
Dis
clos
ing
Ene
rgy
Usa
ge
Info
rmat
ion,
pub
licly
ava
ilabl
e on
SC
E.c
om, a
nd n
oted
tha
t cu
stom
ers
may
con
tact
the
Chi
ef E
thic
s an
d C
ompl
ianc
e O
ffic
er t
hrou
gh m
ail,
emai
l or
phon
e w
ith a
ny q
uest
ions
and
to
find
out
how
the
y ca
n lim
it, v
iew
, or
disp
ute
the
disc
lose
d in
form
atio
n.
1.b.
Rev
iew
ed a
n au
tom
ated
em
ail s
ent
by S
CE
to
wel
com
e ne
w c
usto
mer
s w
ho p
rovi
de e
mai
l ad
dres
ses,
and
a p
ostc
ard
mai
led
to t
hose
who
don
’t p
rovi
de e
mai
l add
ress
, and
obs
erve
d th
at S
CE
di
sclo
ses
that
:
—C
usto
mer
s ca
n m
anag
e on
line
billi
ng t
hrou
gh "M
y A
ccou
nt;"
—C
usto
mer
s m
ay v
isit
SC
E’s
Priv
acy
Not
ice
thro
ugh
a w
eb li
nk p
rovi
ded.
– 29
–
© 2
016
KP
MG
LLP
, a D
elaw
are
limite
d lia
bilit
y pa
rtne
rshi
p an
d th
e U
.S. m
embe
r fir
m o
f th
e K
PM
G n
etw
ork
of in
depe
nden
t m
embe
r fir
ms
affil
iate
d w
ith K
PM
G In
tern
atio
nal C
oope
rativ
e (“
KP
MG
Inte
rnat
iona
l”),
a S
wis
s en
tity.
All
right
s re
serv
ed. N
DP
PS
576
245
The
KP
MG
nam
e an
d lo
go a
re r
egis
tere
d tr
adem
arks
or
trad
emar
ks o
f K
PM
G In
tern
atio
nal.
CP
UC
R
ule
3
Ru
le d
escr
ipti
on
C
ust
om
er L
imit
atio
n:
The
notic
e re
quire
d un
der
sect
ion
2 sh
all p
rovi
de a
des
crip
tion
of:
(2) t
he m
eans
, if
any,
by
whi
ch c
usto
mer
s m
ay li
mit
the
colle
ctio
n, u
se, s
tora
ge o
r di
sclo
sure
of
cove
red
info
rmat
ion
and
the
cons
eque
nces
to
cust
omer
s if
they
exe
rcis
e su
ch li
mits
. c(
2)
Ass
essm
ent
pro
ced
ure
s A
sses
smen
t re
sult
s E
xcep
tio
ns
1. D
eter
min
e w
heth
er S
CE
’s
priv
acy
notic
es a
ddre
ss
expl
icit/
impl
icit
cust
omer
cho
ice
and
cons
ent
rega
rdin
g da
ta
colle
ctio
n, u
se, h
andl
ing,
and
di
sclo
sure
pra
ctic
es, a
nd t
he
cons
eque
nces
for
den
ying
co
nsen
t.
1. R
evie
wed
the
Priv
acy
Not
ice,
last
upd
ated
on
May
26,
201
5 an
d pu
blic
ly a
vaila
ble
on S
CE
.com
. O
bser
ved
that
it in
clud
es d
ata
priv
acy
rela
ted
links
as
follo
ws:
—A
link
to
the
Web
site
Priv
acy
Not
ice,
—A
link
to
the
Not
ice
of A
cces
sing
, Col
lect
ing,
Sto
ring,
Usi
ng a
nd D
iscl
osin
g E
nerg
y U
sage
In
form
atio
n,
—C
onta
ct in
form
atio
n fo
r qu
estio
ns r
elat
ing
to d
ata
priv
acy,
—D
efin
ition
of
"Per
sona
l Inf
orm
atio
n" a
s de
fined
by
SC
E.
2. D
eter
min
e w
heth
er S
CE
’s
priv
acy
notic
es a
ddre
ss t
he
expl
icit/
impl
icit
cons
ent
requ
ired
to c
olle
ct, u
se, a
nd d
iscl
ose
Cov
ered
Info
rmat
ion
and
othe
r P
erso
nal I
nfor
mat
ion.
2. R
evie
wed
the
Not
ice
of A
cces
sing
, Col
lect
ing,
Sto
ring,
Usi
ng a
nd D
iscl
osin
g E
nerg
y U
sage
In
form
atio
n an
d no
ted
that
it a
ddre
ss e
xplic
it co
nsen
t and
con
sequ
ence
s fo
r de
nyin
g su
ch c
onse
nt.
The
Not
ice
expl
icitl
y ad
dres
ses
met
hods
for
the
cus
tom
ers
to "O
pt-O
ut,"
whi
ch a
llow
s cu
stom
ers
to
deny
con
sent
for
SC
E t
o co
llect
, sto
re, u
se, a
nd d
iscl
ose
thei
r C
over
ed In
form
atio
n. In
par
ticul
ar, t
he
Not
ice
incl
udes
the
fol
low
ing:
—“…
You
hav
e th
e rig
ht t
o no
t pr
ovid
e us
you
r S
ocia
l Sec
urity
Num
ber
but
you
may
be
char
ged
a de
posi
t or
hav
e th
e de
posi
t w
aive
d if
enro
lled
in D
irect
Pay
men
t.”
—“…
You
hav
e th
e rig
ht n
ot t
o pr
ovid
e yo
ur e
mai
l add
ress
how
ever
, you
will
not
be
able
to
take
adv
anta
ge o
f ou
r di
gita
l ser
vice
s su
ch a
s el
ectr
onic
bill
ing
and
paym
ents
.”
3. D
eter
min
e w
heth
er
com
mun
icat
ion
to in
divi
dual
s ad
dres
s th
e co
nseq
uenc
es o
f de
nyin
g co
nsen
t.
3. S
ee C
PU
C R
ule
3 c
(2) 2
.a. A
sses
smen
t Te
st R
esul
ts f
or d
etai
ls.
4. In
spec
t S
CE
’s s
yste
ms
whe
re
Cus
tom
er E
nerg
y U
sage
Dat
a is
co
llect
ed t
o de
term
ine
whe
ther
cu
stom
ers’
impl
icit
or e
xplic
it co
nsen
t pr
efer
ence
s ar
e ca
ptur
ed
(bef
ore
data
tra
nsfe
r).
4.a.
Rev
iew
ed t
he "W
ays
to A
cces
s an
d S
hare
You
r U
sage
Dat
a" w
eb p
age
on S
CE
.com
and
not
ed
that
it p
rovi
des
inst
ruct
ions
to
cust
omer
s on
how
the
y ca
n au
thor
ize
shar
ing
thei
r da
ta w
ith a
Thi
rd
Par
ty v
endo
r.
4.b.
Obs
erve
d sc
reen
shot
s of
the
Dat
a S
harin
g ta
b an
d no
ted
that
cus
tom
ers
can
sele
ct t
he t
ypes
of
data
, the
fre
quen
cy, a
nd t
he d
urat
ion
for
whi
ch t
hey
will
sha
re w
ith a
sel
ecte
d Th
ird P
arty
.
– 30
–
© 2
016
KP
MG
LLP
, a D
elaw
are
limite
d lia
bilit
y pa
rtne
rshi
p an
d th
e U
.S. m
embe
r fir
m o
f th
e K
PM
G n
etw
ork
of in
depe
nden
t m
embe
r fir
ms
affil
iate
d w
ith K
PM
G In
tern
atio
nal C
oope
rativ
e (“
KP
MG
Inte
rnat
iona
l”),
a S
wis
s en
tity.
All
right
s re
serv
ed. N
DP
PS
576
245
The
KP
MG
nam
e an
d lo
go a
re r
egis
tere
d tr
adem
arks
or
trad
emar
ks o
f K
PM
G In
tern
atio
nal.
CP
UC
RU
LE 4
Ind
ivid
ual
par
tici
pat
ion
(ac
cess
an
d c
on
tro
l)
Ove
rall
Co
ncl
usi
on
N
o e
xcep
tio
ns
no
ted
.
CP
UC
R
ule
4
Ru
le d
escr
ipti
on
A
cces
s:
Cov
ered
ent
ities
sha
ll pr
ovid
e to
cus
tom
ers
upon
req
uest
con
veni
ent
and
secu
re a
cces
s to
the
ir co
vere
d in
form
atio
n:
(1) i
n an
eas
ily r
eada
ble
form
at t
hat
is a
t a
leve
l no
less
det
aile
d th
an t
hat a
t w
hich
the
cov
ered
ent
ity d
iscl
oses
the
dat
a to
th
ird p
artie
s.
a(1)
Ass
essm
ent
pro
ced
ure
s A
sses
smen
t re
sult
s E
xcep
tio
ns
1. D
eter
min
e w
heth
er S
CE
’s
Priv
acy
Not
ice
addr
esse
s th
e pr
ovis
ion
of a
cces
s to
indi
vidu
als
to t
heir
Cov
ered
Info
rmat
ion.
1. R
evie
wed
Not
ice
of A
cces
sing
, Col
lect
ing,
Sto
ring,
Usi
ng, a
nd D
iscl
osin
g E
nerg
y U
sage
In
form
atio
n on
line
and
note
d th
at it
sta
tes
that
mos
t cu
stom
ers
can
find
thei
r in
form
atio
n on
the
ir m
onth
ly b
ills
or o
n S
CE
’s w
ebsi
te. A
lso,
not
ed t
hat
to r
ecei
ve in
stan
t ac
cess
to
bill,
mak
e pa
ymen
ts,
and
rece
ive
impo
rtan
t al
erts
, the
cus
tom
er m
ust
regi
ster
for
the
SC
E.c
om M
y A
ccou
nt s
ervi
ce,
whi
ch r
equi
res
an e
mai
l add
ress
. Als
o, n
oted
tha
t cus
tom
ers
have
the
rig
ht t
o op
t ou
t of
rec
eivi
ng
emai
ls. O
nce
a cu
stom
er is
reg
iste
red
to u
se S
CE
.com
My
Acc
ount
, the
y ca
n op
t ou
t of
fut
ure
mai
lings
in M
y A
ccou
nt.
2. D
eter
min
e w
heth
er S
CE
’s
inte
rnal
pol
icie
s de
scrib
e th
e pr
oces
s fo
r pr
ovid
ing
cust
omer
s w
ith a
cces
s to
the
ir C
over
ed
Info
rmat
ion.
2. R
evie
wed
the
SC
E.c
om U
ser
ID t
o C
SS
Acc
ount
Str
uctu
re "L
inki
ng" P
roce
ss a
nd n
oted
tha
t gu
idel
ines
are
pro
vide
d to
cal
l cen
ters
and
cus
tom
er s
ervi
ce e
mpl
oyee
s to
hel
p pr
ovid
e cu
stom
ers
with
acc
ess
to t
heir
Cov
ered
Info
rmat
ion.
3. D
eter
min
e w
heth
er c
usto
mer
s ca
n ac
cess
the
ir C
over
ed
Info
rmat
ion
in a
det
aile
d, y
et
easy
-to-
read
for
mat
.
3.a.
Rev
iew
ed S
CE
.com
and
not
ed t
hat
cust
omer
s ca
n ac
cess
the
ir en
ergy
usa
ge d
ata
usin
g th
eir
user
ID t
hrou
gh t
he M
y A
ccou
nt s
ervi
ce.
3.b.
Rev
iew
ed a
sam
ple
cust
omer
bill
and
not
ed t
hat
mon
thly
bill
s pr
ovid
e cu
stom
ers
with
ave
rage
us
age
leve
ls f
or t
he p
rece
ding
12
mon
ths
and
the
prec
edin
g ye
ar f
or t
he m
onth
ly b
ill c
ycle
.
3.c.
Exa
min
ed f
our
My
Acc
ount
scr
eens
hots
and
not
ed t
hat
cust
omer
s ca
n se
lect
the
Opt
ion,
"U
nder
stan
d m
y B
ill" f
rom
the
Bill
Pag
e an
d ac
cess
the
ir U
sage
and
Tie
r le
vel i
n an
eas
y to
rea
d fo
rmat
. Als
o, n
oted
tha
t th
ey c
an g
o to
the
ir M
y A
ccou
nt H
ome
Pag
e an
d ac
cess
the
ir U
sage
at
an
hour
ly le
vel,
Rec
ent
Leve
l, B
illed
Mon
ths,
and
Mon
thly
Tre
nd in
form
atio
n. C
usto
mer
s ca
n al
so
acce
ss t
heir
acco
unt
data
thr
ough
the
mai
l if
they
do
not
have
a M
y A
ccou
nt s
et u
p.
– 31
–
© 2
016
KP
MG
LLP
, a D
elaw
are
limite
d lia
bilit
y pa
rtne
rshi
p an
d th
e U
.S. m
embe
r fir
m o
f th
e K
PM
G n
etw
ork
of in
depe
nden
t m
embe
r fir
ms
affil
iate
d w
ith K
PM
G In
tern
atio
nal C
oope
rativ
e (“
KP
MG
Inte
rnat
iona
l”),
a S
wis
s en
tity.
All
right
s re
serv
ed. N
DP
PS
576
245
The
KP
MG
nam
e an
d lo
go a
re r
egis
tere
d tr
adem
arks
or
trad
emar
ks o
f K
PM
G In
tern
atio
nal.
CP
UC
Ru
le
4 R
ule
des
crip
tio
n
Co
ntr
ol:
Cov
ered
ent
ities
sha
ll pr
ovid
e cu
stom
ers
with
con
veni
ent
mec
hani
sms
for:
(1) g
rant
ing
and
revo
king
aut
horiz
atio
n fo
r se
cond
ary
uses
of
cove
red
info
rmat
ion,
(2) d
ispu
ting
the
accu
racy
or
com
plet
enes
s of
cov
ered
info
rmat
ion
that
the
cov
ered
ent
ity is
sto
ring
or d
istr
ibut
ing
for
any
prim
ary
or s
econ
dary
pur
pose
, and
(3) r
eque
stin
g co
rrec
tions
or
amen
dmen
ts t
o co
vere
d in
form
atio
n th
at t
he c
over
ed e
ntity
is c
olle
ctin
g, s
torin
g, u
sing
, or
dist
ribut
ing
for
any
prim
ary
or s
econ
dary
pur
pose
.
b(1
)-(3
)
Ass
essm
ent
pro
ced
ure
s A
sses
smen
t re
sult
s E
xcep
tio
ns
1. D
eter
min
e w
heth
er S
CE
has
a
proc
ess
in p
lace
for
pro
vidi
ng
cust
omer
s w
ith a
cces
s to
gra
nt
and
revo
ke a
utho
rizat
ion
for
seco
ndar
y pu
rpos
es.
1.a.
SC
E d
oes
not
volu
ntar
ily e
ngag
e in
sec
onda
ry p
urpo
ses.
See
als
o C
PU
C R
ule
6d (1
- 3)
A
sses
smen
t Te
st R
esul
ts f
or d
etai
ls.
1.
b. M
et w
ith P
rivac
y C
ompl
ianc
e P
rogr
am L
eade
r, a
nd S
r. A
ttor
ney,
Law
Dep
artm
ent,
and
was
in
form
ed t
hat
SC
E d
oes
not
volu
ntar
ily c
olle
ct o
r us
e in
form
atio
n fo
r se
cond
ary
purp
oses
. SC
E o
nly
uses
and
col
lect
s in
form
atio
n fo
r P
rimar
y P
urpo
ses
as d
efin
ed b
y th
e C
PU
C P
rivac
y D
ecis
ion
(D. 1
1-07
-056
) and
tho
se r
easo
ns a
re id
entif
ied
in t
he N
otic
e of
Acc
essi
ng, C
olle
ctin
g, S
torin
g, U
sing
, and
D
iscl
osin
g E
nerg
y U
sage
Info
rmat
ion,
whi
ch is
pub
licly
ava
ilabl
e on
SC
E.c
om.
1.c.
Met
with
Prin
cipa
l Man
ager
, Bill
ing
Ope
ratio
ns M
anag
emen
t, a
nd B
usin
ess
Ana
lyst
, Bill
ing
Ope
ratio
ns M
anag
emen
t an
d no
ted
that
cus
tom
er c
onse
nt is
req
uire
d pr
ior
to d
iscl
osur
e of
cu
stom
er in
form
atio
n th
roug
h th
e au
thor
izat
ion
form
: Cus
tom
er In
form
atio
n S
tand
ardi
zed
Req
uest
(C
ISR
For
m).
We
revi
ewed
the
CIS
R F
orm
, pub
licly
ava
ilabl
e on
SC
E.c
om, a
nd n
oted
tha
t su
ch
cons
ent
wou
ld b
e co
nfirm
ed, t
rack
ed, a
nd r
enew
ed a
t m
axim
um in
terv
als
of 3
yea
rs.
1.d.
Rev
iew
ed t
he C
ISR
For
m t
empl
ate
as w
ell a
s co
mpl
eted
CIS
R F
orm
sam
ples
and
not
ed t
hat
cust
omer
s pr
ovid
ed a
utho
rizat
ion
and
cons
ent
for
disc
losu
re o
f sp
ecifi
c ac
coun
t in
form
atio
n to
de
sign
ated
thi
rd p
artie
s fo
r in
terv
als
such
as
sing
le-t
ime
cons
ent,
one
yea
r co
nsen
t, o
r cu
stom
tim
e in
terv
al (a
s se
lect
ed b
y th
e cu
stom
er a
nd f
or a
per
iod
of u
p to
thr
ee y
ears
).
2. D
eter
min
e w
heth
er S
CE
has
a
proc
ess
in p
lace
for
cus
tom
ers
to
acce
ss t
heir
Cov
ered
Info
rmat
ion
and
disp
ute
its a
ccur
acy
and
com
plet
enes
s.
2.a.
Rev
iew
ed N
otic
e of
Acc
essi
ng, C
olle
ctin
g, S
torin
g, U
sing
and
Dis
clos
ing
Ene
rgy
Usa
ge
Info
rmat
ion
avai
labl
e pu
blic
ly o
n S
CE
.com
and
not
ed t
hat
cust
omer
s ha
ve a
cces
s to
the
ir C
over
ed
Info
rmat
ion
thro
ugh
mon
thly
bill
s an
d th
eir
SC
E o
nlin
e ac
coun
t ca
lled
My
Acc
ount
. Cov
ered
In
form
atio
n is
pro
vide
d as
act
ual u
sage
and
dis
play
s ho
urly
usa
ge in
15-
min
ute
inte
rval
s. C
usto
mer
s ca
n co
ntac
t S
CE
thr
ough
pho
ne, w
eb, o
r m
ail w
ith q
uest
ions
, con
cern
s an
d co
mpl
aint
s.
2.b.
Met
with
Man
ager
, Cus
tom
er C
onta
ct C
ente
r, an
d pe
rfor
med
a w
alkt
hrou
gh o
f th
e Ir
win
dale
C
onta
ct C
ente
r, w
hich
incl
uded
list
enin
g to
sam
ple
cust
omer
cal
ls, a
nd n
oted
tha
t C
usto
mer
S
olut
ions
Rep
rese
ntat
ives
(CS
Rs)
hav
e th
e ab
ility
to
mak
e up
date
s to
cus
tom
er p
rofil
es u
pon
requ
est
and
also
pro
mpt
cus
tom
ers
to c
ompl
ete
or u
pdat
e th
eir
Per
sona
l Inf
orm
atio
n on
file
with
S
CE
, as
nece
ssar
y.
– 32
–
© 2
016
KP
MG
LLP
, a D
elaw
are
limite
d lia
bilit
y pa
rtne
rshi
p an
d th
e U
.S. m
embe
r fir
m o
f th
e K
PM
G n
etw
ork
of in
depe
nden
t m
embe
r fir
ms
affil
iate
d w
ith K
PM
G In
tern
atio
nal C
oope
rativ
e (“
KP
MG
Inte
rnat
iona
l”),
a S
wis
s en
tity.
All
right
s re
serv
ed. N
DP
PS
576
245
The
KP
MG
nam
e an
d lo
go a
re r
egis
tere
d tr
adem
arks
or
trad
emar
ks o
f K
PM
G In
tern
atio
nal.
2.c.
Rev
iew
ed S
CE
’s M
y A
ccou
nt a
nd G
reen
But
ton
prog
ram
pag
es o
n th
e w
ebsi
te a
nd n
oted
tha
t cu
stom
ers
who
hav
e an
onl
ine
My
Acc
ount
use
rnam
e an
d pa
ssw
ord,
in a
dditi
on t
o el
ectr
ic
Sm
artM
eter
s co
nnec
ted
to t
he n
etw
ork,
can
acc
ess
thei
r la
st 3
6 m
onth
s of
the
ir C
EU
D t
hrou
gh t
he
My
Acc
ount
pag
e.
2.d.
Obt
aine
d an
d in
spec
ted
scre
ensh
ots
of M
y A
ccou
nt u
sage
rep
orts
and
not
ed t
hat
cust
omer
s w
ho h
ave
My
Acc
ount
acc
ess
with
SC
E c
an a
cces
s th
eir
Ene
rgy
Usa
ge D
ata
thro
ugh
the
"Usa
ge"
tab
avai
labl
e on
the
ir "M
y A
ccou
nt H
ome"
sec
tion
page
. The
res
ultin
g in
tera
ctiv
e gr
aph
orga
nize
s th
e cu
stom
er’s
ele
ctric
ity u
sage
dat
a by
mon
th, b
illin
g cy
cle,
day
, or
15-m
inut
e in
terv
al, a
s se
lect
ed b
y th
e cu
stom
er. I
n ad
ditio
n, M
y A
ccou
nt p
rovi
des
cust
omer
s w
ith o
nlin
e ac
cess
to
usag
e an
d ot
her
Per
sona
l Inf
orm
atio
n, a
s w
ell a
s th
e ab
ility
to
disp
ute
pote
ntia
l inc
orre
ct/in
accu
rate
dat
a.
2.e.
Rev
iew
ed s
ampl
es o
f cu
stom
er b
ills
and
note
d th
at t
hey
incl
ude
a ph
one
num
ber
avai
labl
e fr
om
6AM
to
9PM
, Mon
day
thro
ugh
Frid
ay, a
nd 8
AM
thr
ough
5P
M o
n S
atur
days
(1-8
00-6
84-8
123)
for
cu
stom
ers
to in
quire
, dis
pute
or
ques
tion
thei
r bi
ll. T
he b
ills
also
info
rm c
usto
mer
s th
at if
not
sa
tisfie
d w
ith S
CE
res
pons
e, t
hey
can
cont
act
the
CP
UC
Con
sum
er A
ffai
rs B
ranc
h by
mai
l, vi
a th
e in
tern
et, o
r ca
ll th
em. T
he b
ill a
lso
prov
ides
a p
re-a
ddre
ssed
tem
plat
e fo
r cu
stom
ers
to f
ill o
ut a
nd
upda
te o
r ch
ange
the
ir P
erso
nal I
nfor
mat
ion
on f
ile w
ith S
CE
.
3. D
eter
min
e w
heth
er S
CE
has
a
proc
ess
in p
lace
to
mak
e co
rrec
tions
or
amen
dmen
ts t
o th
e co
llect
ion,
sto
rage
, use
, or
dist
ribut
ion
of C
over
ed
Info
rmat
ion
upon
a c
usto
mer
’s
requ
est.
3.a.
Rev
iew
ed N
otic
e of
Acc
essi
ng, C
olle
ctin
g, S
torin
g, U
sing
, and
Dis
clos
ing
Ene
rgy
Usa
ge
Info
rmat
ion
and
note
d th
at it
indi
cate
s th
at c
usto
mer
s m
ay c
onta
ct S
CE
thr
ough
pho
ne, e
mai
l or
mai
l with
any
que
stio
ns, c
once
rns,
and
com
plai
nts.
3.b.
Lis
tene
d to
sam
ple
cust
omer
cal
ls a
t th
e Ir
win
dale
Con
tact
Cen
ter
and
note
d th
at C
SR
s, o
nce
verif
ied
the
acco
unt
owne
r, c
an u
pdat
e cu
stom
ers’
rec
ords
, inc
ludi
ng c
orre
ctin
g ad
dres
ses,
pho
ne
num
bers
, nam
es, a
nd s
ocia
l sec
urity
num
bers
.
3.c.
Rev
iew
ed S
mar
tMet
er O
pt-O
ut n
otic
e pu
blic
ly a
vaila
ble
at S
CE
.com
and
not
ed f
or c
usto
mer
s w
ho d
o no
t w
ish
to h
ave
adva
nced
met
ers
inst
alle
d on
the
ir ho
mes
, the
y ca
n op
t ou
t by
cal
ling
1-80
0-81
0-23
69. T
his
page
incl
udes
a F
AQ
sec
tion
with
det
ails
and
cos
ts a
ssoc
iate
d w
ith o
ptin
g ou
t.
3.d.
Rev
iew
ed C
onsu
mer
Aff
airs
--Com
plai
nt R
esol
utio
n-C
onfid
entia
l Tre
atm
ent
of R
ecor
ds P
olic
y an
d Fo
rmal
Com
plai
nt H
andb
ook
and
note
d cu
stom
ers
may
sub
mit
form
al a
nd in
form
al c
ompl
aint
s pu
rsua
nt t
o ap
plic
able
CP
UC
rul
es a
nd r
egul
atio
ns.
3.e.
Rev
iew
ed P
roce
dure
to
File
Con
fiden
tial C
usto
mer
Per
sona
l Dat
a U
nder
Sea
l and
not
ed t
hat
this
doc
umen
t is
a g
uida
nce
to S
CE
em
ploy
ees
who
pro
cess
cus
tom
er c
ompl
aint
s an
d de
tails
how
to
pro
cess
the
se c
ompl
aint
s co
nfid
entia
lly.
3.f.
Rev
iew
ed c
usto
mer
bill
sam
ples
and
not
ed t
hat
they
incl
ude
a ph
one
num
ber
avai
labl
e fr
om
6AM
to
9PM
, Mon
day
thro
ugh
Frid
ay, a
nd 8
AM
to
5PM
on
Sat
urda
ys (1
-800
-684
-812
3) f
or
cust
omer
s to
inqu
ire, d
ispu
te o
r qu
estio
n th
eir
bill.
The
bill
s al
so in
form
cus
tom
ers
that
if n
ot
satis
fied
with
SC
E r
espo
nse,
the
y ca
n co
ntac
t th
e C
PU
C C
onsu
mer
Aff
airs
Bra
nch
by m
ail,
via
the
– 33
–
© 2
016
KP
MG
LLP
, a D
elaw
are
limite
d lia
bilit
y pa
rtne
rshi
p an
d th
e U
.S. m
embe
r fir
m o
f th
e K
PM
G n
etw
ork
of in
depe
nden
t m
embe
r fir
ms
affil
iate
d w
ith K
PM
G In
tern
atio
nal C
oope
rativ
e (“
KP
MG
Inte
rnat
iona
l”),
a S
wis
s en
tity.
All
right
s re
serv
ed. N
DP
PS
576
245
The
KP
MG
nam
e an
d lo
go a
re r
egis
tere
d tr
adem
arks
or
trad
emar
ks o
f K
PM
G In
tern
atio
nal.
inte
rnet
, or
call
them
. The
bill
als
o pr
ovid
es a
pre
-add
ress
ed t
empl
ate
for
cust
omer
s to
fill
out
and
up
date
or
chan
ge t
heir
Per
sona
l Inf
orm
atio
n on
file
with
SC
E.
CP
UC
Ru
le
4 R
ule
Des
crip
tio
n
Dis
clo
sure
Pu
rsu
ant
to L
egal
Pro
cess
:
(1) E
xcep
t as
oth
erw
ise
prov
ided
in t
his
rule
or
expr
essl
y au
thor
ized
by
stat
e or
fed
eral
law
or
by o
rder
of
the
Com
mis
sion
, a
cove
red
entit
y sh
all n
ot d
iscl
ose
cove
red
info
rmat
ion
exce
pt p
ursu
ant
to a
war
rant
or
othe
r co
urt
orde
r na
min
g w
ith
spec
ifici
ty t
he c
usto
mer
s w
hose
info
rmat
ion
is s
ough
t. U
nles
s ot
herw
ise
dire
cted
by
a co
urt,
law
, or
orde
r of
the
C
omm
issi
on, c
over
ed e
ntiti
es s
hall
trea
t re
ques
ts f
or r
eal-t
ime
acce
ss t
o co
vere
d in
form
atio
n as
wire
taps
, req
uirin
g ap
prov
al
unde
r th
e fe
dera
l or
stat
e w
ireta
p la
w a
s ne
cess
ary.
(2) U
nles
s ot
herw
ise
proh
ibite
d by
cou
rt o
rder
, law
, or
orde
r of
the
Com
mis
sion
, a c
over
ed e
ntity
, upo
n re
ceip
t of
a
subp
oena
for
dis
clos
ure
of c
over
ed in
form
atio
n pu
rsua
nt t
o le
gal p
roce
ss, s
hall,
prio
r to
com
plyi
ng, n
otify
the
cus
tom
er in
w
ritin
g an
d al
low
the
cus
tom
er 7
day
s to
app
ear
and
cont
est
the
clai
m o
f th
e pe
rson
or
entit
y se
ekin
g di
sclo
sure
.
(6) O
n an
ann
ual b
asis
, cov
ered
ent
ities
sha
ll re
port
to
the
Com
mis
sion
the
num
ber
of d
eman
ds r
ecei
ved
for
disc
losu
re o
f cu
stom
er d
ata
purs
uant
to
lega
l pro
cess
or
purs
uant
to
situ
atio
ns o
f im
min
ent
thre
at t
o lif
e or
pro
pert
y an
d th
e nu
mbe
r of
cu
stom
ers
who
se r
ecor
ds w
ere
disc
lose
d. U
pon
requ
est
of th
e C
omm
issi
on, c
over
ed e
ntiti
es s
hall
repo
rt a
dditi
onal
in
form
atio
n to
the
Com
mis
sion
on
such
dis
clos
ures
. The
Com
mis
sion
may
mak
e su
ch r
epor
ts p
ublic
ly a
vaila
ble
with
out
iden
tifyi
ng t
he a
ffec
ted
cust
omer
s, u
nles
s m
akin
g su
ch r
epor
ts p
ublic
is p
rohi
bite
d by
sta
te o
r fe
dera
l law
or
by o
rder
of
the
Com
mis
sion
.
c(1)
-(6)
Ass
essm
ent
pro
ced
ure
s A
sses
smen
t re
sult
s E
xcep
tio
ns
1. D
eter
min
e w
heth
er S
CE
has
pr
oced
ures
in p
lace
to
ensu
re
prop
er h
andl
ing
and
docu
men
tatio
n of
any
Cov
ered
In
form
atio
n da
ta d
iscl
osur
es f
or
lega
l rea
sons
.
1.a.
Rev
iew
ed N
otic
e of
Acc
essi
ng, C
olle
ctin
g, S
torin
g, U
sing
and
Dis
clos
ing
Ene
rgy
Usa
ge
Info
rmat
ion
and
note
d cu
stom
ers
are
info
rmed
tha
t S
CE
doe
s no
t di
sclo
se C
over
ed In
form
atio
n w
ithou
t cu
stom
ers’
prio
r co
nsen
t, u
nles
s re
ques
ted
by 1
) law
enf
orce
men
t of
ficer
s pu
rsua
nt t
o le
gal
proc
ess,
2) c
ontr
acte
d Th
ird P
arty
for
Ess
entia
l Ser
vice
s, o
r 3)
the
CP
UC
, cer
tain
aca
dem
ic
rese
arch
ers
and
gove
rnm
enta
l age
ncie
s.
1.b.
Rev
iew
ed P
rivac
y P
olic
y gu
idan
ce d
ocum
ent
for
empl
oyee
s w
ith a
cces
s to
Per
sona
l Inf
orm
atio
n an
d no
ted
that
SC
E k
eeps
cus
tom
er P
II co
nfid
entia
l and
doe
s no
t di
sclo
se in
form
atio
n un
less
it is
to
a Th
ird P
arty
with
pre
viou
s w
ritte
n cu
stom
er c
onse
nt, o
r un
less
the
Com
pany
is o
ther
wis
e re
quire
d or
per
mitt
ed t
o di
sclo
se s
uch
info
rmat
ion
purs
uant
to
a le
gal p
roce
ss.
1.c.
Rev
iew
ed t
he A
dvic
e Le
tter
281
9-E
Tar
iff R
ule
25 f
iling
and
not
ed t
hat
upon
rec
eivi
ng o
f w
arra
nt
or o
ther
cou
rt o
rder
s su
ch a
s su
bpoe
na f
or d
iscl
osur
e of
Cov
ered
Info
rmat
ion
for
lega
l pur
pose
s,
SC
E n
otifi
es t
he c
usto
mer
in w
ritin
g an
d al
low
s 7
days
for
the
cus
tom
er t
o co
ntes
t di
sclo
sure
.
1.d.
Rev
iew
ed t
he A
dvic
e Le
tter
281
9-E
Tar
iff R
ule
25 f
iling
and
not
ed t
hat
cust
omer
s’ e
xplic
it co
nsen
t is
req
uire
d fo
r di
sclo
sure
of
Cov
ered
Info
rmat
ion
for
seco
ndar
y pu
rpos
es. P
rior
expl
icit
– 34
–
© 2
016
KP
MG
LLP
, a D
elaw
are
limite
d lia
bilit
y pa
rtne
rshi
p an
d th
e U
.S. m
embe
r fir
m o
f th
e K
PM
G n
etw
ork
of in
depe
nden
t m
embe
r fir
ms
affil
iate
d w
ith K
PM
G In
tern
atio
nal C
oope
rativ
e (“
KP
MG
Inte
rnat
iona
l”),
a S
wis
s en
tity.
All
right
s re
serv
ed. N
DP
PS
576
245
The
KP
MG
nam
e an
d lo
go a
re r
egis
tere
d tr
adem
arks
or
trad
emar
ks o
f K
PM
G In
tern
atio
nal.
cons
ent
for
disc
losu
re is
not
req
uire
d in
situ
atio
ns p
ursu
ant
to a
lega
l pro
cess
, im
min
ent
thre
at t
o lif
e or
pro
pert
y, o
r is
aut
horiz
ed b
y th
e C
omm
issi
on p
ursu
ant
to it
s ju
risdi
ctio
n.
1.e.
Rev
iew
ed G
uide
lines
and
Pro
cedu
res
for
Han
dlin
g th
e S
ervi
ce o
f S
umm
ons
and
Com
plai
nts,
S
ubpo
enas
, and
Oth
er L
egal
Doc
umen
ts g
uida
nce
docu
men
t av
aila
ble
to a
ll em
ploy
ees
in S
CE
’s
intr
anet
and
not
ed t
his
docu
men
t de
scrib
es p
roce
dure
s fo
r tr
eatin
g th
e re
ceip
t of
sum
mon
s an
d co
mpl
aint
s, s
ubpo
enas
, and
oth
er le
gal d
ocum
ents
. Not
ed t
he f
ollo
win
g:
—W
hen
SC
E e
mpl
oyee
s re
ceiv
e a
sum
mon
s or
a s
ubpo
ena,
the
y ar
e re
quire
d to
con
tact
the
La
w D
epar
tmen
t an
d fo
rwar
d th
e re
ques
t to
the
SC
E S
ubpo
ena
Coo
rdin
ator
.
—Th
e La
w D
epar
tmen
t S
ubpo
ena
Coo
rdin
ator
and
res
pons
ible
att
orne
y co
ordi
nate
all
info
rmat
ion
prov
ided
for
a s
ubpo
ena.
—S
ubpo
enas
req
uest
ing
cust
omer
Per
sona
l Inf
orm
atio
n w
ill b
e co
mpl
ied
with
in t
he m
anne
r an
d w
ithin
the
tim
e in
dica
ted
in t
he b
ody
of t
he s
ubpo
ena.
1.f.
Rev
iew
ed S
harin
g P
erso
nal I
nfor
mat
ion
Inte
rnal
ly /
3rd
Par
ties
Inte
rnal
Por
tal a
rtic
le a
vaila
ble
to
all S
CE
em
ploy
ees
via
the
com
pany
’s in
tran
et a
nd n
oted
tha
t fo
r su
bpoe
nas
and
war
rant
s,
empl
oyee
s ar
e in
stru
cted
to
“ser
ve t
o th
e La
w D
epar
tmen
t’s
Sub
poen
a C
oord
inat
or a
t th
e G
ener
al
Off
ice
in R
osem
ead.
Acc
epta
nce
is p
rohi
bite
d at
all
othe
r lo
catio
ns."
The
Sub
poen
a C
oord
inat
or lo
gs
all s
umm
ons
and
com
plai
nts
into
the
Dat
a R
eque
st (D
R) m
odul
e w
ithin
SC
E’s
Cla
ims
Man
agem
ent
Sys
tem
(CM
IS),
cate
goriz
ing
the
subp
oena
by
type
, req
uest
or, a
nd t
he n
umbe
r of
acc
ount
s re
fere
nced
in t
he r
eque
st. S
umm
ons
and
com
plai
nts
are
revi
ewed
by
the
Sub
poen
a C
oord
inat
or a
nd
forw
arde
d to
the
app
ropr
iate
sec
tion
of t
he L
aw D
epar
tmen
t fo
r ha
ndlin
g.
2. In
spec
t do
cum
enta
tion
rega
rdin
g di
sclo
sure
of
Cov
ered
In
form
atio
n pu
rsua
nt t
o a
lega
l pu
rpos
e to
det
erm
ine
whe
ther
th
e en
tity
prop
erly
han
dled
the
de
man
d.
2.a.
Rev
iew
ed S
CE
’s W
ebsi
te P
rivac
y P
olic
y av
aila
ble
at
ww
w.s
ce.c
om/w
ps/p
orta
l/hom
e/pr
ivac
y/w
ebsi
te-p
rivac
y-no
tice
and
note
d th
at S
CE
sta
tes
that
the
C
ompa
ny m
ust
disc
lose
Per
sona
l Inf
orm
atio
n in
situ
atio
ns w
here
req
uire
d to
by
law
, as
com
pelle
d by
a s
ubpo
ena
or s
imila
r le
gal p
roce
ss.
2.b.
Rev
iew
ed t
he P
rivac
y P
olic
y in
tend
ed f
or a
ll S
CE
em
ploy
ees
via
SC
E’s
intr
anet
and
not
ed t
hat
Cov
ered
Info
rmat
ion
may
onl
y be
dis
clos
ed t
o a
third
-par
ty w
ith c
usto
mer
writ
ten
cons
ent
unle
ss
the
Com
pany
is o
ther
wis
e re
quire
d or
per
mitt
ed t
o di
sclo
se s
uch
info
rmat
ion
purs
uant
to
a le
gal
proc
ess.
Whe
n re
ceiv
ed, r
eque
sts
purs
uant
to
lega
l pro
cess
es a
re f
irst
docu
men
ted
by S
ubpo
ena
Coo
rdin
ator
s, a
nd t
hen
dire
cted
to
the
appr
opria
te a
ttor
neys
in t
he L
aw D
epar
tmen
t su
ppor
ting
the
Com
pany
’s P
rivac
y P
rogr
am. T
he L
aw d
epar
tmen
t ap
prov
es a
ny d
iscl
osur
e of
Cov
ered
Info
rmat
ion
to t
hird
par
ties
purs
uant
to
a le
gal p
roce
ss.
2.c.
Rev
iew
ed s
ampl
e S
earc
h W
arra
nt e
ntitl
ed S
tate
of
Cal
iforn
ia, C
ount
y of
Ora
nge,
Sea
rch
War
rant
an
d A
ffid
avit,
as
it w
as s
erve
d to
SC
E o
n 04
/15/
2015
and
not
ed t
hat
the
docu
men
t w
as f
ully
ex
ecut
ed b
y a
mag
istr
ate
of t
he O
rang
e C
ount
y S
uper
ior
Cou
rt o
f C
alifo
rnia
and
sta
ted
that
"the
in
form
atio
n w
ould
be
nece
ssar
y to
sho
w t
hat
a fe
lony
has
bee
n co
mm
itted
or
that
a p
artic
ular
pe
rson
has
com
mitt
ed a
fel
ony.
" Bas
ed u
pon
the
lang
uage
not
ed in
the
Not
ice
of A
cces
sing
,
– 35
–
© 2
016
KP
MG
LLP
, a D
elaw
are
limite
d lia
bilit
y pa
rtne
rshi
p an
d th
e U
.S. m
embe
r fir
m o
f th
e K
PM
G n
etw
ork
of in
depe
nden
t m
embe
r fir
ms
affil
iate
d w
ith K
PM
G In
tern
atio
nal C
oope
rativ
e (“
KP
MG
Inte
rnat
iona
l”),
a S
wis
s en
tity.
All
right
s re
serv
ed. N
DP
PS
576
245
The
KP
MG
nam
e an
d lo
go a
re r
egis
tere
d tr
adem
arks
or
trad
emar
ks o
f K
PM
G In
tern
atio
nal.
Col
lect
ing,
Sto
ring,
Usi
ng a
nd D
iscl
osin
g E
nerg
y U
sage
Info
rmat
ion,
SC
E f
ollo
wed
gui
delin
es a
nd
resp
onde
d to
thi
s su
bpoe
na.
3. In
spec
t th
e A
nnua
l Rep
ort
subm
itted
to
the
Com
mis
sion
to
dete
rmin
e w
heth
er t
he e
ntity
re
port
ed t
he n
umbe
r of
dem
ands
re
ceiv
ed f
or d
iscl
osur
e of
cu
stom
er d
ata
purs
uant
to
lega
l pr
oces
s an
d th
e nu
mbe
r of
cu
stom
ers
who
se r
ecor
ds w
ere
disc
lose
d.
3.a.
Insp
ecte
d th
e C
ompa
ny’s
201
5 A
nnua
l Priv
acy
Rep
ort
subm
itted
to
the
Com
mis
sion
on
Apr
il 28
, 20
16 a
nd d
eter
min
ed t
hat
the
Com
pany
rep
orte
d 1
dem
and
rece
ived
for
dis
clos
ure
of c
usto
mer
dat
a pu
rsua
nt t
o le
gal p
roce
ss a
nd 1
cus
tom
er w
hose
rec
ords
wer
e di
sclo
sed.
3.
b. S
ee C
PU
C R
ule
4c (1
- 6)
Ass
essm
ent
Test
Res
ult
2.c.
for
det
ails
.
– 36
–
© 2
016
KP
MG
LLP
, a D
elaw
are
limite
d lia
bilit
y pa
rtne
rshi
p an
d th
e U
.S. m
embe
r fir
m o
f th
e K
PM
G n
etw
ork
of in
depe
nden
t m
embe
r fir
ms
affil
iate
d w
ith K
PM
G In
tern
atio
nal C
oope
rativ
e (“
KP
MG
Inte
rnat
iona
l”),
a S
wis
s en
tity.
All
right
s re
serv
ed. N
DP
PS
576
245
The
KP
MG
nam
e an
d lo
go a
re r
egis
tere
d tr
adem
arks
or
trad
emar
ks o
f K
PM
G In
tern
atio
nal.
CP
UC
Ru
le
4 R
ule
des
crip
tio
n
Dis
clo
sure
of
Info
rmat
ion
in S
itu
atio
ns
of
Imm
inen
t T
hre
at t
o L
ife
or
Pro
per
ty:
Thes
e ru
les
conc
erni
ng a
cces
s, c
ontr
ol a
nd d
iscl
osur
e do
not
app
ly t
o in
form
atio
n pr
ovid
ed t
o em
erge
ncy
resp
onde
rs in
si
tuat
ions
invo
lvin
g an
imm
inen
t th
reat
to
life
or p
rope
rty.
Em
erge
ncy
disc
losu
res,
how
ever
, rem
ain
subj
ect
to r
epor
ting
rule
4(c
)(6).
d(1
)-(6
)
Ass
essm
ent
pro
ced
ure
s A
sses
smen
t re
sult
s E
xcep
tio
ns
1. D
eter
min
e w
heth
er C
ompa
ny
has
proc
edur
es in
pla
ce t
o en
sure
pr
oper
han
dlin
g an
d do
cum
enta
tion
of a
ny C
over
ed In
form
atio
n da
ta
disc
losu
res
in s
ituat
ions
of
imm
inen
t th
reat
to
life
or p
rope
rty.
1.a.
Rev
iew
ed t
he W
ebsi
te P
rivac
y P
olic
y an
d no
ted
that
the
com
pany
adv
ises
vis
itors
tha
t it
may
di
sclo
se P
erso
nal I
nfor
mat
ion
whe
n, "i
n go
od f
aith
tha
t di
sclo
sure
is n
eces
sary
to
law
enf
orce
men
t or
the
Uni
ted
Sta
tes’
Gov
ernm
ent,
to
prot
ect
[the
cus
tom
ers’
] rig
hts,
pro
tect
[cus
tom
ers’
] saf
ety
or
the
safe
ty o
f ot
hers
..."
1.b.
Met
with
Priv
acy
Com
plia
nce
Pro
gram
Lea
der,
and
Man
ager
, Cus
tom
er C
onta
ct C
ente
r, a
nd
disc
usse
d th
e di
sclo
sure
of
Per
sona
l Inf
orm
atio
n in
situ
atio
ns o
f im
min
ent
thre
at t
o lif
e or
pro
pert
y.
Not
ed t
hat
alth
ough
SC
E d
oes
not
have
a s
epar
ate
proc
edur
e fo
r ad
dres
sing
a r
eque
st f
or P
erso
nal
Info
rmat
ion
in s
ituat
ions
of
imm
inen
t th
reat
to
life
or p
rope
rty,
dis
clos
ures
in t
he s
ituat
ion
are
purs
uant
to
SC
E’s
Priv
acy
Pol
icy,
whi
ch s
tate
s th
e “T
he a
ppro
pria
te a
ttor
neys
in t
he L
aw
Dep
artm
ent,
res
pons
ible
for
sup
port
ing
the
Com
pany
’s p
rivac
y pr
ogra
m, s
hall
appr
ove
any
disc
losu
re o
f P
erso
nal I
nfor
mat
ion
to t
hird
par
ties
purs
uant
to
a le
gal p
roce
ss, e
mer
genc
y si
tuat
ion,
or
oth
er r
eque
st.”
2. In
spec
t do
cum
enta
tion
rega
rdin
g di
sclo
sure
of
Cov
ered
In
form
atio
n in
situ
atio
ns o
f im
min
ent
thre
at t
o lif
e of
pro
pert
y.
2.a.
Met
with
Priv
acy
Com
plia
nce
Pro
gram
Lea
der,
and
not
ed t
hat
the
Com
pany
has
not
rec
eive
d a
requ
est
for
Per
sona
l Inf
orm
atio
n in
situ
atio
ns o
f im
min
ent
thre
at t
o lif
e or
pro
pert
y.
2.b.
Rev
iew
ed t
he C
ompa
ny’s
201
5 A
nnua
l Priv
acy
Rep
ort
and
conf
irmed
tha
t no
req
uest
s fo
r C
over
ed In
form
atio
n w
ere
rece
ived
for
situ
atio
ns in
reg
ards
to
a th
reat
to
life
or p
rope
rty.
3. In
spec
t th
e A
nnua
l Rep
ort
subm
itted
to
the
Com
mis
sion
to
dete
rmin
e w
heth
er t
he C
ompa
ny
repo
rted
the
num
ber
of d
eman
ds
rece
ived
for
dis
clos
ure
of c
usto
mer
da
ta p
ursu
ant
to s
ituat
ions
of
imm
inen
t th
reat
to
life
or p
rope
rty
and
the
num
ber
of c
usto
mer
s w
hose
rec
ords
wer
e di
sclo
sed.
3. R
evie
wed
the
Com
pany
’s 2
015
Ann
ual P
rivac
y R
epor
t an
d no
ted
that
zer
o (0
) req
uest
s fo
r C
over
ed In
form
atio
n w
ere
rece
ived
for
situ
atio
ns in
reg
ards
to
a th
reat
to
life
or p
rope
rty
– 37
–
© 2
016
KP
MG
LLP
, a D
elaw
are
limite
d lia
bilit
y pa
rtne
rshi
p an
d th
e U
.S. m
embe
r fir
m o
f th
e K
PM
G n
etw
ork
of in
depe
nden
t m
embe
r fir
ms
affil
iate
d w
ith K
PM
G In
tern
atio
nal C
oope
rativ
e (“
KP
MG
Inte
rnat
iona
l”),
a S
wis
s en
tity.
All
right
s re
serv
ed. N
DP
PS
576
245
The
KP
MG
nam
e an
d lo
go a
re r
egis
tere
d tr
adem
arks
or
trad
emar
ks o
f K
PM
G In
tern
atio
nal.
CP
UC
RU
LE 5
Dat
a m
inim
izat
ion
Ove
rall
Co
ncl
usi
on
N
o e
xcep
tio
ns
no
ted
.
CP
UC
R
ule
5
Ru
le d
escr
ipti
on
G
ener
ally
:
Cov
ered
ent
ities
sha
ll co
llect
, sto
re, u
se, a
nd d
iscl
ose
only
as
muc
h co
vere
d in
form
atio
n as
is r
easo
nabl
y ne
cess
ary
or a
s au
thor
ized
by
the
Com
mis
sion
to
acco
mpl
ish
a sp
ecifi
c pr
imar
y pu
rpos
e id
entif
ied
in t
he n
otic
e re
quire
d un
der
sect
ion
2 or
fo
r a
spec
ific
seco
ndar
y pu
rpos
e au
thor
ized
by
the
cust
omer
. a A
sses
smen
t p
roce
du
res
Ass
essm
ent
resu
lts
Exc
epti
on
s
1. D
eter
min
e w
heth
er S
CE
has
da
ta m
inim
izat
ion
proc
edur
es in
pl
ace
as t
hey
rela
te t
o th
e co
llect
ion,
sto
rage
, usa
ge, a
nd
disc
losu
re o
f C
over
ed In
form
atio
n fo
r pr
imar
y pu
rpos
es.
1.a.
Rev
iew
ed t
he C
onsu
mer
Aff
airs
– C
ompl
aint
Res
olut
ion
- Con
fiden
tial T
reat
men
t of
Rec
ords
P
olic
y an
d no
ted
that
Con
sum
er A
ffai
rs e
mpl
oyee
s ar
e in
stru
cted
to
mai
ntai
n th
e co
nfid
entia
lity
of
cust
omer
com
plai
nts
thro
ugh
the
inta
ke a
nd r
evie
w p
roce
ss. C
ompl
aint
s sh
ould
be
mar
ked
as
"con
fiden
tial"
and
lock
ed o
n th
e la
ptop
or
in t
he d
esk.
1.b.
Rev
iew
ed t
he Id
entit
y Th
eft
Pre
vent
ion
proc
edur
e an
d no
ted
that
it a
ddre
sses
the
rel
ease
of
Cov
ered
Info
rmat
ion
to t
hird
par
ties,
inst
ruct
ing
pers
onne
l to
only
pro
vide
the
min
imum
info
rmat
ion
nece
ssar
y to
com
plet
e a
task
.
1.c.
Rev
iew
ed t
he 2
015
Eth
ics
and
Com
plia
nce
Com
mun
icat
ions
and
Out
reac
h tr
acki
ng s
heet
and
no
ted
that
the
dat
a m
inim
izat
ion
med
ia w
indo
w w
as p
oste
d to
the
por
tal o
n 10
/7/2
015.
1.d.
Obs
erve
d th
e D
ata
Min
imiz
atio
n P
orta
l art
icle
, whi
ch p
rovi
ded
empl
oyee
s w
ith s
ix
step
s/pr
oced
ures
as
they
rel
ate
to t
he c
olle
ctio
n, s
tora
ge, u
sage
, and
dis
clos
ure
of C
over
ed
Info
rmat
ion.
1.e.
Obs
erve
d th
e D
istr
ibut
ion
Por
tal a
rtic
le, w
hich
pro
vide
d em
ploy
ees
with
inst
ruct
ions
reg
ardi
ng
the
dist
ribut
ion
of c
usto
mer
Cov
ered
Info
rmat
ion
and
empl
oyee
Per
sona
l Inf
orm
atio
n to
thi
rd
part
ies.
1.f.
Met
with
Man
ager
, Loc
al G
over
nmen
t an
d P
artn
ersh
ip, a
nd w
as in
form
ed t
hat
as it
rel
ates
to
Dire
ct A
cces
s/E
nerg
y S
ervi
ce P
rovi
ders
and
Com
mun
ity C
hoic
e A
ggre
gato
rs, c
usto
mer
Cov
ered
In
form
atio
n is
acc
esse
d an
d pr
oces
sed
by a
spe
cific
tea
m w
ith a
dire
ct b
usin
ess
need
. Oth
er
Com
pany
em
ploy
ees
do n
ot h
ave
acce
ss t
o th
e da
ta o
r th
e fa
cilit
y w
here
tho
se e
mpl
oyee
s w
ork.
1.g.
Met
with
Prin
cipa
l Man
ager
, Bill
ing
and
Ope
ratio
ns M
anag
emen
t, a
nd B
usin
ess
Ana
lyst
, Bill
ing
and
Ope
ratio
ns M
anag
emen
t, a
nd w
as in
form
ed t
hat
SC
E w
ill p
rovi
de in
form
atio
n to
thi
rd p
artie
s on
ly if
the
Com
pany
has
rec
eive
d a
sign
ed C
usto
mer
Info
rmat
ion
Sta
ndar
dize
d R
eque
st (C
ISR
) for
m
and
only
the
info
rmat
ion
auth
oriz
ed b
y th
e cl
ient
will
be
rele
ased
. If
a si
gned
for
m is
not
on
file
or
the
Third
Par
ty r
eque
sts
addi
tiona
l inf
orm
atio
n, t
he r
eque
st f
or d
ata
will
be
deni
ed.
– 38
–
© 2
016
KP
MG
LLP
, a D
elaw
are
limite
d lia
bilit
y pa
rtne
rshi
p an
d th
e U
.S. m
embe
r fir
m o
f th
e K
PM
G n
etw
ork
of in
depe
nden
t m
embe
r fir
ms
affil
iate
d w
ith K
PM
G In
tern
atio
nal C
oope
rativ
e (“
KP
MG
Inte
rnat
iona
l”),
a S
wis
s en
tity.
All
right
s re
serv
ed. N
DP
PS
576
245
The
KP
MG
nam
e an
d lo
go a
re r
egis
tere
d tr
adem
arks
or
trad
emar
ks o
f K
PM
G In
tern
atio
nal.
2. D
eter
min
e w
heth
er S
CE
has
da
ta m
inim
izat
ion
proc
edur
es in
pl
ace
as t
hey
rela
te t
o th
e co
llect
ion,
sto
rage
, usa
ge, a
nd
disc
losu
re o
f C
over
ed In
form
atio
n fo
r se
cond
ary
purp
oses
.
2.a.
Rev
iew
ed t
he D
ata
Min
imiz
atio
n P
orta
l Art
icle
pub
lishe
d by
Eth
ics
and
Com
plia
nce,
and
not
ed
that
it p
rovi
des
six
step
s/pr
oced
ures
to
ensu
re d
ata
min
imiz
atio
n th
roug
h th
e co
llect
ion,
sto
rage
, us
age,
and
dis
clos
ure
of C
over
ed In
form
atio
n
2.b.
Met
with
Prin
cipa
l Man
ager
, Bill
ing
and
Ope
ratio
ns M
anag
emen
t, a
nd B
usin
ess
Ana
lyst
, Bill
ing
and
Ope
ratio
ns M
anag
emen
t, a
nd w
as in
form
ed t
hat
SC
E w
ill p
rovi
de in
form
atio
n to
thi
rd p
artie
s on
ly if
the
Com
pany
has
rec
eive
d a
sign
ed C
usto
mer
Info
rmat
ion
Ser
vice
Req
uest
(CIS
R) f
orm
and
on
ly t
he in
form
atio
n au
thor
ized
by
the
clie
nt w
ill b
e re
leas
ed. I
f a
sign
ed f
orm
is n
ot o
n fil
e or
the
Th
ird P
arty
req
uest
s ad
ditio
nal i
nfor
mat
ion,
the
req
uest
for
dat
a w
ill b
e de
nied
.
3. D
eter
min
e w
heth
er S
CE
has
in
tern
al p
rivac
y po
licie
s.
3.a.
Rev
iew
ed t
he P
rote
ctin
g P
erso
nal I
nfor
mat
ion
proc
edur
e an
d no
ted
that
it g
over
ns t
he h
andl
ing,
tr
ansm
ittal
, and
dis
play
of
Per
sona
l Inf
orm
atio
n an
d st
eps
to t
ake
in t
he e
vent
of
a su
spec
ted
data
br
each
invo
lvin
g P
erso
nal I
nfor
mat
ion.
3.b.
Rev
iew
ed t
he P
rivac
y P
olic
y, a
nd n
oted
tha
t it
incl
udes
pol
icy
on d
ata
min
imiz
atio
n,
"una
utho
rized
em
ploy
ees
or S
uppl
emen
tal W
orke
rs w
ill o
nly
be p
rovi
ded
acce
ss t
o P
erso
nal
Info
rmat
ion
as is
rea
sona
bly
nece
ssar
y to
ful
fill t
heir
requ
ired
busi
ness
fun
ctio
n an
d th
e ne
ed t
o ac
cess
thi
s in
form
atio
n sh
all b
e pe
riodi
cally
ver
ified
by
Eth
ics
and
Com
plia
nce.
" Als
o, n
oted
tha
t th
e de
finiti
on o
f P
erso
nal I
nfor
mat
ion
is in
clud
ed in
the
pol
icy.
3.c.
Rev
iew
ed s
uppl
emen
tal p
roce
dura
l doc
umen
ts, w
hich
incl
ude
Iden
tity
Thef
t P
reve
ntio
n, P
rivac
y B
reac
h N
otifi
catio
n, a
nd P
rote
ctin
g P
erso
nal I
nfor
mat
ion
and
note
d th
at p
olic
y an
d pr
oced
ures
for
id
entif
ying
red
fla
gs f
or c
usto
mer
acc
ount
s; n
otifi
catio
n pr
oced
ures
of
pote
ntia
l bre
ache
s; a
nd
guid
elin
es f
or p
rote
ctin
g P
erso
nal I
nfor
mat
ion
are
outli
ned.
3.d.
Rev
iew
ed t
he S
CE
inte
rnal
por
tal a
nd n
oted
tha
t em
ploy
ees
can
acce
ss d
iffer
ent
polic
ies
from
th
e P
olic
y La
ndin
g P
age
incl
udin
g pr
ivac
y, c
yber
secu
rity,
and
tra
inin
g.
– 39
–
© 2
016
KP
MG
LLP
, a D
elaw
are
limite
d lia
bilit
y pa
rtne
rshi
p an
d th
e U
.S. m
embe
r fir
m o
f th
e K
PM
G n
etw
ork
of in
depe
nden
t m
embe
r fir
ms
affil
iate
d w
ith K
PM
G In
tern
atio
nal C
oope
rativ
e (“
KP
MG
Inte
rnat
iona
l”),
a S
wis
s en
tity.
All
right
s re
serv
ed. N
DP
PS
576
245
The
KP
MG
nam
e an
d lo
go a
re r
egis
tere
d tr
adem
arks
or
trad
emar
ks o
f K
PM
G In
tern
atio
nal.
4. D
eter
min
e w
heth
er S
CE
im
plem
ents
dat
a m
inim
izat
ion
acro
ss U
ser
Acc
ess
role
s to
sy
stem
s an
d ap
plic
atio
ns w
here
C
over
ed In
form
atio
n is
sto
red,
us
ed, o
r pr
oces
sed.
4.a.
Per
insp
ectio
n of
the
sup
port
ing
docu
men
tatio
n re
late
d to
dat
a co
llect
ion,
sto
rage
, pro
cess
ing
and
use,
it w
as n
oted
tha
t th
e fo
llow
ing
data
min
imiz
atio
n gu
idel
ines
and
req
uire
men
ts h
ave
been
id
entif
ied
and
form
ally
doc
umen
ted:
—R
evie
wed
the
Dat
a M
inim
izat
ion
Por
tal A
rtic
le a
nd t
he P
rivac
y P
olic
y an
d no
ted
that
dat
a m
inim
izat
ion
is r
equi
red
for
all c
usto
mer
PII,
incl
udin
g C
over
ed In
form
atio
n. A
lso
note
d th
at
reas
onab
le t
echn
ical
, adm
inis
trat
ive,
and
phy
sica
l saf
egua
rds
are
requ
ired
to p
rote
ct
Cov
ered
Info
rmat
ion
from
una
utho
rized
acc
ess.
—R
evie
wed
the
Pro
tect
ing
Per
sona
l Inf
orm
atio
n pr
oced
ure
and
note
d th
at a
utho
rized
pe
rson
nel w
ill o
nly
be p
rovi
ded
acce
ss t
o P
erso
nal I
nfor
mat
ion
as is
rea
sona
bly
nece
ssar
y to
ful
fill t
heir
requ
ired
busi
ness
fun
ctio
n an
d th
e ne
ed t
o ac
cess
thi
s in
form
atio
n sh
all b
e pe
riodi
cally
ver
ified
by
the
supe
rvis
or o
r m
anag
er. P
erso
nal I
nfor
mat
ion
shal
l nev
er b
e ac
cess
ed o
r pr
ovid
ed f
or a
ny n
on-jo
b-re
late
d re
ason
. Als
o no
ted
that
upo
n ve
rific
atio
n of
an
auth
oriz
ed r
eque
st o
nly
the
min
imal
am
ount
of
info
rmat
ion
nece
ssar
y to
com
plet
e th
e re
ques
t w
ill b
e pr
ovid
ed. I
n ce
rtai
n ca
ses,
it m
ay b
e ap
prop
riate
to
trun
cate
, scr
ambl
e, o
r re
mov
e P
erso
nal I
nfor
mat
ion.
—R
evie
wed
the
Dat
a M
inim
izat
ion
- CS
OD
RS
O c
heck
list
and
findi
ngs
and
note
d th
at in
201
5 th
e C
ompa
ny c
ondu
cted
an
asse
ssm
ent
of it
s da
ta c
olle
ctio
n an
d us
e pr
actic
es b
y in
terv
iew
ing
key
stak
ehol
ders
thr
ough
out
the
Com
pany
. The
y di
d no
t fin
d an
y in
appr
opria
te
data
col
lect
ion
or u
se. A
lso
note
d th
at t
he a
sses
smen
t in
clud
ed h
ow d
ata
is c
olle
cted
, who
it
is c
olle
cted
fro
m, w
here
it is
sto
red,
and
rea
sons
for
col
lect
ion.
4.b.
Per
insp
ectio
n of
the
sys
tem
pro
file
ques
tionn
aire
s fo
r th
e 14
sys
tem
s co
ntai
ning
Cov
ered
In
form
atio
n an
d sy
stem
arc
hite
ctur
e di
agra
ms,
it w
as n
oted
tha
t us
er a
cces
s ro
les
are
in p
lace
to
help
ens
ure
data
min
imiz
atio
n.
– 40
–
© 2
016
KP
MG
LLP
, a D
elaw
are
limite
d lia
bilit
y pa
rtne
rshi
p an
d th
e U
.S. m
embe
r fir
m o
f th
e K
PM
G n
etw
ork
of in
depe
nden
t m
embe
r fir
ms
affil
iate
d w
ith K
PM
G In
tern
atio
nal C
oope
rativ
e (“
KP
MG
Inte
rnat
iona
l”),
a S
wis
s en
tity.
All
right
s re
serv
ed. N
DP
PS
576
245
The
KP
MG
nam
e an
d lo
go a
re r
egis
tere
d tr
adem
arks
or
trad
emar
ks o
f K
PM
G In
tern
atio
nal.
CP
UC
R
ule
5
Ru
le d
escr
ipti
on
D
ata
Ret
enti
on
:
Cov
ered
ent
ities
sha
ll m
aint
ain
cove
red
info
rmat
ion
only
for
as
long
as
reas
onab
ly n
eces
sary
or
as a
utho
rized
by
the
Com
mis
sion
to
acco
mpl
ish
a sp
ecifi
c pr
imar
y pu
rpos
e id
entif
ied
in t
he n
otic
e re
quire
d un
der
sect
ion
2 or
for
a s
peci
fic
seco
ndar
y pu
rpos
e au
thor
ized
by
the
cust
omer
. b
Ass
essm
ent
pro
ced
ure
s A
sses
smen
t re
sult
s E
xcep
tio
ns
1. D
eter
min
e w
heth
er S
CE
’s
inte
rnal
pol
icie
s ad
dres
s a
docu
men
t re
tent
ion
polic
y co
verin
g al
l rel
evan
t as
pect
s.
1.a.
Rev
iew
ed t
he R
ecor
ds M
anag
emen
t po
licy
that
gov
erns
the
ret
entio
n of
SC
E r
ecor
ds. A
lso
revi
ewed
rec
ords
ret
entio
n sc
hedu
le s
tand
ard,
whi
ch p
rovi
des
deta
iled
rete
ntio
n pe
riods
for
di
ffer
ent
data
set
s in
clud
ing
Inte
rval
Cus
tom
er E
nerg
y U
sage
Dat
a.
1.b.
Rev
iew
ed t
he C
lass
ifica
tion
and
Acc
ess
proc
edur
e an
d no
ted
that
it p
rovi
des
inst
ruct
ions
on
wha
t cl
assi
ficat
ion
leve
l sho
uld
be a
ssig
ned
to a
doc
umen
t re
late
d to
acc
ess
and
hand
ling,
incl
udin
g do
cum
ents
con
tain
ing
Cov
ered
Info
rmat
ion.
2. D
eter
min
e w
heth
er S
CE
’s
rete
ntio
n po
licie
s ar
e pe
riodi
cally
re
view
ed a
nd u
pdat
ed w
here
ne
cess
ary.
2. R
evie
wed
Rec
ords
Ret
entio
n S
ched
ule
Sta
ndar
d an
d de
term
ined
tha
t th
e R
ecor
ds R
eten
tion
Sch
edul
e is
dat
ed D
ecem
ber
9, 2
015,
the
thi
rd r
evis
ion,
and
reg
ular
ly r
evie
wed
and
upd
ated
.
3. D
eter
min
e w
heth
er a
m
anag
emen
t pr
oced
ure
exis
ts t
o he
lp e
nsur
e th
at d
ocum
ents
are
re
tain
ed in
com
plia
nce
with
C
ompa
ny p
olic
ies
and
that
re
cord
s ar
e ke
pt f
or o
nly
as lo
ng
as r
easo
nabl
y ne
cess
ary.
3.a.
Rev
iew
ed t
he jo
b ai
d C
ompl
etin
g a
Rec
ords
Dis
posi
tion
Rep
ort
and
note
d th
at it
pro
vide
s In
form
atio
n S
tew
ards
with
gui
danc
e on
acc
essi
ng D
ispo
sitio
n R
epor
ts a
nd id
entif
ying
and
ver
ifyin
g re
cord
s th
at m
ay b
e ap
prop
riate
for
des
truc
tion.
3.b.
Rev
iew
ed t
he D
ispo
sitio
n P
roce
ss W
orkf
low
and
not
ed t
hat
a fo
rmal
pro
cess
has
bee
n es
tabl
ishe
d w
ith a
rtic
ulat
ed r
oles
and
res
pons
ibili
ties
for
revi
ewin
g an
pre
parin
g el
igib
le r
ecor
ds f
or
dest
ruct
ion.
3.c.
Rev
iew
ed a
gend
as f
rom
the
Ent
erpr
ise
Info
rmat
ion
Gov
erna
nce
(EIG
) Cou
ncil
Mee
tings
, and
de
term
ined
tha
t ar
eas
of d
ata
stew
ards
hip
and
info
rmat
ion
man
agem
ent
land
scap
e ar
e ad
dres
sed.
Fu
rthe
r, e
xam
ined
the
Info
rmat
ion
Ste
war
ds a
nd R
ecor
d C
lean
-Up
Sch
edul
e an
d de
term
ined
tha
t pr
oced
ural
doc
umen
ts a
re in
pla
ce t
o he
lp e
nsur
e th
at d
ocum
ents
are
ret
aine
d in
com
plia
nce
with
C
ompa
ny p
olic
ies
and
that
rec
ords
are
kep
t fo
r on
ly a
s lo
ng a
s re
ason
ably
nec
essa
ry
3.d.
Met
with
Prin
cipa
l Man
ager
, Inf
orm
atio
n G
over
nanc
e O
rgan
izat
ion,
and
was
info
rmed
tha
t th
ere
is a
mon
thly
mee
ting
for
the
EIG
Cou
ncil
that
is a
gro
up o
f pe
ople
at
man
agem
ent
leve
l tha
t ca
n pr
ovid
e ov
ersi
ght
to R
ecor
ds a
nd In
form
atio
n M
anag
emen
t ec
osys
tem
.
– 41
–
© 2
016
KP
MG
LLP
, a D
elaw
are
limite
d lia
bilit
y pa
rtne
rshi
p an
d th
e U
.S. m
embe
r fir
m o
f th
e K
PM
G n
etw
ork
of in
depe
nden
t m
embe
r fir
ms
affil
iate
d w
ith K
PM
G In
tern
atio
nal C
oope
rativ
e (“
KP
MG
Inte
rnat
iona
l”),
a S
wis
s en
tity.
All
right
s re
serv
ed. N
DP
PS
576
245
The
KP
MG
nam
e an
d lo
go a
re r
egis
tere
d tr
adem
arks
or
trad
emar
ks o
f K
PM
G In
tern
atio
nal.
3.e.
Met
with
Info
rmat
ion
Ste
war
d, C
usto
mer
Ser
vice
, and
was
info
rmed
tha
t he
r ro
le s
erve
s as
the
po
int
of c
onta
ct a
nd li
aiso
n be
twee
n em
ploy
ees
and
Info
rmat
ion
Gov
erna
nce
“IG
” or
gani
zatio
n. T
o su
ppor
t th
e re
cord
s m
anag
emen
t pr
oces
s, In
form
atio
n S
tew
ards
will
fac
ilita
te a
nnua
l Rec
ords
C
lean
-up
Day
s. P
rior
to t
he c
lean
-up
date
, the
Info
rmat
ion
Ste
war
d ho
lds
a pl
anni
ng s
essi
on t
o in
form
the
tea
ms
of t
he u
pcom
ing
requ
irem
ents
. Aft
er t
he c
lean
-up
date
, the
Info
rmat
ion
Ste
war
d se
nds
a no
te s
ayin
g th
e si
tes
have
com
plet
ed t
he r
ecor
ds c
lean
-up
for
elec
tron
ic a
nd p
hysi
cal
copi
es.
3.f.
Rev
iew
ed t
he D
istr
ibut
ion
Rep
ort
Pro
cess
, Ris
k R
anki
ng, D
ispo
sitio
n R
epor
t tem
plat
e an
d Jo
b A
id f
or C
ompl
etin
g a
Dis
posi
tion
Rep
ort
and
note
d th
at t
he In
form
atio
n G
over
nanc
e de
part
men
t in
itiat
es t
he r
evie
w a
nd a
ppro
val p
roce
ss b
y di
strib
utin
g re
port
s th
at li
st r
ecor
ds e
ligib
le f
or
dest
ruct
ion
to t
he r
ecor
ds o
wne
r. T
he In
form
atio
n S
tew
ard
revi
ews
the
Dis
posi
tion
Rep
ort
with
the
ap
prop
riate
Sub
ject
Mat
ter
Exp
erts
(SM
Es)
or
reco
rd o
wne
r to
obt
ain
appr
oval
to
dest
roy.
Onc
e ap
prov
ed b
y re
cord
s ow
ner,
the
Info
rmat
ion
Ste
war
d se
nds
the
Rep
ort(
s) b
ack
to In
form
atio
n G
over
nanc
e.
4. In
spec
t ev
iden
ce o
f S
CE
’s
docu
men
ts c
ompl
ying
with
the
re
cord
ret
entio
n po
licie
s se
t fo
rth
by C
ompa
ny.
4.a.
Exa
min
ed t
he In
form
atio
n S
tew
ards
and
Rec
ord
Cle
an-U
p S
ched
ule
and
dete
rmin
ed t
hat
info
rmat
ion
stew
ards
mus
t pa
rtic
ipat
e in
rec
ords
cle
an u
p (b
oth
phys
ical
and
ele
ctro
nic)
acc
ordi
ng t
o as
sign
ed d
ates
in s
ched
ule.
4.b.
Rev
iew
ed a
sam
ple
Dis
posi
tion
Rep
ort
from
the
cov
ered
per
iod
and
note
d th
at e
ligib
le r
ecor
ds
for
dest
ruct
ion
that
wer
e ap
prov
ed a
nd d
estr
oyed
. The
rep
ort
was
com
plet
ed c
onsi
sten
t w
ith
Com
pany
pol
icy.
4.c.
Rev
iew
ed e
mai
l cor
resp
onde
nce
from
the
Cus
tom
er S
ervi
ce In
form
atio
n S
tew
ard
conf
irmin
g co
mpl
etio
n of
the
ele
ctro
nic
and
phys
ical
rec
ords
cle
an-u
p da
ys.
4.d.
Rev
iew
ed a
Thi
rd P
arty
Cer
tific
ate
of D
estr
uctio
n da
ted
2/13
/201
5 an
d no
ted
that
320
box
es
wer
e co
nfirm
ed d
estr
oyed
.
– 42
–
© 2
016
KP
MG
LLP
, a D
elaw
are
limite
d lia
bilit
y pa
rtne
rshi
p an
d th
e U
.S. m
embe
r fir
m o
f th
e K
PM
G n
etw
ork
of in
depe
nden
t m
embe
r fir
ms
affil
iate
d w
ith K
PM
G In
tern
atio
nal C
oope
rativ
e (“
KP
MG
Inte
rnat
iona
l”),
a S
wis
s en
tity.
All
right
s re
serv
ed. N
DP
PS
576
245
The
KP
MG
nam
e an
d lo
go a
re r
egis
tere
d tr
adem
arks
or
trad
emar
ks o
f K
PM
G In
tern
atio
nal.
CP
UC
R
ule
5
Ru
le d
escr
ipti
on
D
ata
Dis
clo
sure
:
Cov
ered
ent
ities
sha
ll no
t di
sclo
se t
o an
y Th
ird P
arty
mor
e co
vere
d in
form
atio
n th
an is
rea
sona
bly
nece
ssar
y or
as
auth
oriz
ed
by t
he C
omm
issi
on t
o ca
rry
out
on b
ehal
f of
the
cov
ered
ent
ity a
spe
cific
prim
ary
purp
ose
iden
tifie
d in
the
not
ice
requ
ired
unde
r se
ctio
n 2
or f
or a
spe
cific
sec
onda
ry p
urpo
se a
utho
rized
by
the
cust
omer
. c A
sses
smen
t p
roce
du
res
Ass
essm
ent
resu
lts
Exc
epti
on
s
1. U
nder
stan
d S
CE
’s p
rivac
y po
licie
s to
det
erm
ine
whe
ther
th
ey: —
desc
ribe
the
prac
tices
re
late
d to
sha
ring
Cov
ered
Info
rmat
ion
(if
appl
icab
le) w
ith t
hird
pa
rtie
s an
d th
e re
ason
s fo
r in
form
atio
n sh
arin
g,
—id
entif
y th
ird p
artie
s or
cl
asse
s of
thi
rd p
artie
s to
who
m C
over
ed
Info
rmat
ion
is
disc
lose
d.
1.a.
Rev
iew
ed N
otic
e of
Acc
essi
ng, C
olle
ctin
g, S
torin
g, U
sing
and
Dis
clos
ing
Ene
rgy
Usa
ge
Info
rmat
ion
and
note
d th
at S
CE
des
crib
es E
nerg
y U
sage
Info
rmat
ion
as “
deta
iled
elec
tric
al
cons
umpt
ion
data
(15-
min
ute
or h
ourly
) obt
aine
d th
roug
h S
CE
’s A
dvan
ced
Met
erin
g In
fras
truc
ture
” an
d, w
hen
asso
ciat
ed w
ith a
ny in
form
atio
n th
at c
ould
rea
sona
bly
iden
tify
a cu
stom
er, i
s pr
otec
ted
as
a ty
pe o
f P
erso
nal I
nfor
mat
ion.
As
such
, SC
E in
form
s cu
stom
ers
that
Per
sona
l Inf
orm
atio
n w
ill o
nly
be
disc
lose
d to
thi
rd p
artie
s fo
r ce
rtai
n pu
rpos
es id
entif
ied
in t
he n
otic
e an
d in
cas
es w
hen
prio
r an
d w
ritte
n cu
stom
er c
onse
nt h
as b
een
obta
ined
thr
ough
a C
ISR
For
m, o
r in
a s
peci
al c
ircum
stan
ce a
s pr
evio
usly
not
ed. I
n ad
ditio
n, S
CE
not
es t
hat
Third
Par
ty c
ontr
acto
rs a
re “
requ
ire[d
] to
have
pol
icie
s an
d pr
oced
ures
to
prot
ect
[our
] cus
tom
er’s
Ene
rgy
Usa
ge In
form
atio
n fr
om b
eing
dis
clos
ed.”
The
re
ason
s fo
r sh
arin
g in
form
atio
n in
clud
e:
—D
iscl
osur
e ne
cess
ary
to p
erfo
rm e
ssen
tial s
ervi
ces;
—D
iscl
osur
e to
non
-gov
ernm
enta
l thi
rd p
artie
s as
dire
cted
or
allo
wed
by
the
CP
UC
;
—D
iscl
osur
e to
gov
ernm
ent
agen
cies
as
dire
cted
by
CP
UC
Ord
er o
r R
esol
utio
n;
—D
iscl
osur
e up
on e
xplic
it cu
stom
er w
ritte
n co
nsen
t to
rel
ease
info
rmat
ion
to a
Thi
rd P
arty
;
—D
iscl
osur
e pu
rsua
nt t
o le
gal p
roce
sses
suc
h as
war
rant
or
subp
oena
;
—D
iscl
osur
e in
the
cas
e of
an
imm
inen
t th
reat
to
life
or p
rope
rty;
or
—O
ther
dis
clos
ures
as
orde
red
or a
llow
ed b
y th
e C
PU
C.
1.b.
Rev
iew
ed P
rote
ctin
g P
erso
nal I
nfor
mat
ion
Sta
ndar
d av
aila
ble
to e
mpl
oyee
s on
SC
E’s
intr
anet
, an
d no
ted
that
it in
clud
es g
uide
lines
sta
ting
"eac
h em
ploy
ee is
res
pons
ible
for
ens
urin
g th
at P
erso
nal
Info
rmat
ion
in t
heir
cont
rol i
s ha
ndle
d in
acc
orda
nce
with
thi
s pr
oced
ure
and
all a
pplic
able
lega
l and
re
gula
tory
req
uire
men
ts.”
We
note
d th
at f
or p
rovi
ding
Per
sona
l Inf
orm
atio
n to
sup
plie
rs, t
he “
Edi
son
Rep
rese
ntat
ive
shal
l ens
ure
the
Sup
plie
r ha
s an
exe
cute
d co
ntra
ct w
ith t
he C
ompa
ny, w
ith t
he
appr
opria
te e
xhib
it(s)
, tha
t al
low
s ac
cess
to
Per
sona
l Inf
orm
atio
n.”
1.c.
Rev
iew
ed a
list
of
16 v
endo
rs id
entif
ied
as t
hird
par
ties
with
acc
ess
to C
over
ed In
form
atio
n du
ring
2015
and
not
ed t
hat
the
coun
t m
atch
es t
he n
umbe
r of
ven
dors
rep
orte
d in
the
Com
pany
’s
2015
Ann
ual P
rivac
y R
epor
t.
– 43
–
© 2
016
KP
MG
LLP
, a D
elaw
are
limite
d lia
bilit
y pa
rtne
rshi
p an
d th
e U
.S. m
embe
r fir
m o
f th
e K
PM
G n
etw
ork
of in
depe
nden
t m
embe
r fir
ms
affil
iate
d w
ith K
PM
G In
tern
atio
nal C
oope
rativ
e (“
KP
MG
Inte
rnat
iona
l”),
a S
wis
s en
tity.
All
right
s re
serv
ed. N
DP
PS
576
245
The
KP
MG
nam
e an
d lo
go a
re r
egis
tere
d tr
adem
arks
or
trad
emar
ks o
f K
PM
G In
tern
atio
nal.
1.d.
Rev
iew
ed t
he G
reen
But
ton
– Th
ird P
arty
Con
nect
ion
info
rmat
ion
page
, pub
licly
ava
ilabl
e at
ht
tps:
//ww
w.s
ce.c
om/w
ps/p
orta
l/hom
e/pa
rtne
rs/p
artn
ersh
ips/
third
part
ylan
ding
page
, and
not
ed
vend
ors
are
requ
ired
to r
egis
ter
by c
reat
ing
a U
ser
ID a
nd P
assw
ord,
pro
vidi
ng t
he o
rgan
izat
ions
Ta
xpay
er Id
entif
icat
ion
Num
ber,
acc
eptin
g S
CE
’s T
erm
s &
Con
ditio
ns, a
nd p
erfo
rmin
g a
conn
ectiv
ity
test
for
the
dat
e tr
ansm
issi
on v
ia E
lect
roni
c D
ata
Inte
rcha
nge
(ED
I.)
1.e.
Rev
iew
ed S
CE
’s E
mpl
oyee
Priv
acy
Trai
ning
, pro
vide
d to
em
ploy
ees
with
acc
ess
to C
over
ed
Info
rmat
ion,
and
not
ed s
peci
fic t
rain
ing
cont
ent
that
des
crib
ed S
CE
’s p
olic
ies
rega
rdin
g th
e ha
ndlin
g an
d sh
arin
g of
Cov
ered
Info
rmat
ion,
and
not
ed t
he t
rain
ing
prov
ided
spe
cific
ref
eren
ces
to S
CE
po
licie
s co
ncer
ning
the
han
dlin
g, s
tora
ge, a
nd u
se o
f C
over
ed In
form
atio
n.
1.f.
Rev
iew
ed P
rivac
y P
rogr
am M
anua
l, av
aila
ble
to a
ll S
CE
em
ploy
ees
via
the
intr
anet
, and
not
ed
spec
ific
lang
uage
req
uirin
g em
ploy
ee a
nd c
ontr
acto
r co
mpl
ianc
e to
all
SC
E P
rivac
y C
ompl
ianc
e P
rogr
am a
nd R
ecor
ds M
anag
emen
t po
licie
s an
d pr
oced
ures
, as
wel
l as
appl
icab
le la
ws
and
regu
latio
ns. A
dditi
onal
ly, c
ontr
acto
rs a
re f
urth
er s
ubje
cted
to
thei
r co
ntra
ctua
l req
uire
men
ts a
s w
ell a
s th
e S
CE
Sup
plie
r C
ode
of C
ondu
ct.
1.g.
Rev
iew
ed P
rivac
y FA
Qs
avai
labl
e to
all
SC
E E
mpl
oyee
s vi
a th
e in
tran
et, a
nd n
oted
gui
danc
e fo
r em
ploy
ees
rece
ivin
g a
requ
est
for
Cov
ered
Info
rmat
ion,
who
are
inst
ruct
ed t
o id
entif
y if
the
requ
estin
g pa
rty
is p
erm
itted
to
rece
ive
the
info
rmat
ion.
For
sup
plie
rs, t
he d
ocum
ent
note
s th
e su
pplie
r co
ntra
ct m
ust
cont
ain
eith
er t
he E
diso
n P
erso
nal I
nfor
mat
ion
or S
ecur
ity In
cide
nt R
espo
nse
Pro
visi
on e
xhib
it as
par
t of
the
ir co
ntra
ct. I
f on
e of
the
se e
xhib
its a
re n
ot in
clud
ed, t
he e
mpl
oyee
is
inst
ruct
ed t
o no
t sh
are
any
Cov
ered
Info
rmat
ion
and
cont
act
the
Edi
son
Hel
pLin
e or
rea
ch o
ut t
o S
uppl
y M
anag
emen
t.
1.h.
Met
with
Man
ager
, Bill
ing
Ope
ratio
ns M
anag
emen
t, a
nd B
usin
ess
Ana
lyst
, Bill
ing
Ope
ratio
ns
Man
agem
ent,
and
not
ed t
hat
SC
E o
nly
shar
es c
usto
mer
info
rmat
ion
with
thi
rd p
artie
s w
ith p
rior
cust
omer
writ
ten
cons
ent
thro
ugh
the
Gre
en B
utto
n an
d C
ISR
pro
cess
for
bot
h re
side
ntia
l and
co
mm
erci
al a
ccou
nts.
The
cus
tom
er h
as t
he o
ptio
n to
pro
vide
Per
sona
l Inf
orm
atio
n ac
cess
au
thor
izat
ion
thro
ugh
the
CIS
R F
orm
for
a s
peci
fic p
erio
d up
to
a m
axim
um o
f 3
year
s. T
he c
usto
mer
m
ust
dete
rmin
e in
the
CIS
R F
orm
the
typ
e of
info
rmat
ion
shar
ed. U
pon
rece
ivin
g an
d ve
rifyi
ng t
he
info
rmat
ion
on t
he c
usto
mer
-sig
ned
CIS
R F
orm
, SC
E d
iscl
oses
the
req
uest
ed in
form
atio
n to
the
Thi
rd
Par
ty v
ia e
mai
l to
the
emai
l add
ress
not
ed o
n th
e C
ISR
For
m.
1.i.
Rev
iew
ed C
ISR
For
m (A
utho
rizat
ion
to R
ecei
ve C
usto
mer
Info
rmat
ion
or A
ct U
pon
a C
usto
mer
’s
Beh
alf,
als
o kn
own
as C
usto
mer
Info
rmat
ion
Sta
ndar
dize
d R
eque
st) a
nd o
bser
ved
Third
Par
ty D
esk
proc
essi
ng o
f C
ISR
For
ms,
and
not
ed t
hat
cust
omer
s m
ust
prov
ide
writ
ten
auth
oriz
atio
n to
SC
E t
o al
low
a T
hird
Par
ty t
o re
ceiv
e cu
stom
er in
form
atio
n or
act
on
the
cust
omer
’s b
ehal
f. T
his
info
rmat
ion
is v
erifi
ed m
anua
lly a
gain
st t
he C
SS
sys
tem
to
valid
ate
cust
omer
req
uest
prio
r to
ful
fillin
g th
e in
form
atio
n re
ques
t.
1.j.
Met
with
Prin
cipa
l Man
ager
, Bill
ing
Ope
ratio
ns M
anag
emen
t, a
nd B
usin
ess
Ana
lyst
, Bill
ing
Ope
ratio
ns M
anag
emen
t, a
nd n
oted
tha
t S
CE
doe
s no
t vo
lunt
arily
eng
age
in s
econ
dary
pur
pose
s. A
ny
– 44
–
© 2
016
KP
MG
LLP
, a D
elaw
are
limite
d lia
bilit
y pa
rtne
rshi
p an
d th
e U
.S. m
embe
r fir
m o
f th
e K
PM
G n
etw
ork
of in
depe
nden
t m
embe
r fir
ms
affil
iate
d w
ith K
PM
G In
tern
atio
nal C
oope
rativ
e (“
KP
MG
Inte
rnat
iona
l”),
a S
wis
s en
tity.
All
right
s re
serv
ed. N
DP
PS
576
245
The
KP
MG
nam
e an
d lo
go a
re r
egis
tere
d tr
adem
arks
or
trad
emar
ks o
f K
PM
G In
tern
atio
nal.
disc
losu
re o
f cu
stom
er P
erso
nal I
nfor
mat
ion
wou
ld r
equi
re e
xplic
it C
usto
mer
con
sent
via
a c
ompl
eted
C
ISR
For
m.
1.k.
Rev
iew
ed S
ervi
ce A
gree
men
t pr
ocur
emen
t te
mpl
ates
for
CC
A a
nd E
SP
sup
plie
rs (E
lect
rical
S
ervi
ce P
rovi
der
Ser
vice
Agr
eem
ent
and
Com
mun
ity C
hoic
e A
ggre
gato
r S
ervi
ce A
gree
men
t) a
s w
ell
as s
ampl
es o
f ex
ecut
ed c
ontr
acts
for
eac
h. W
e no
ted
the
cont
ract
s re
quire
non
disc
losu
re o
f C
onfid
entia
l Inf
orm
atio
n (in
clud
ing
cust
omer
info
rmat
ion)
with
out
SC
E’s
con
sent
unl
ess
any
gove
rnm
enta
l, ju
dici
al o
r re
gula
tory
aut
horit
y is
requ
iring
suc
h C
onfid
entia
l Inf
orm
atio
n pu
rsua
nt t
o an
y ap
plic
able
law
, reg
ulat
ion,
rul
ing,
or
orde
r.
– 45
–
© 2
016
KP
MG
LLP
, a D
elaw
are
limite
d lia
bilit
y pa
rtne
rshi
p an
d th
e U
.S. m
embe
r fir
m o
f th
e K
PM
G n
etw
ork
of in
depe
nden
t m
embe
r fir
ms
affil
iate
d w
ith K
PM
G In
tern
atio
nal C
oope
rativ
e (“
KP
MG
Inte
rnat
iona
l”),
a S
wis
s en
tity.
All
right
s re
serv
ed. N
DP
PS
576
245
The
KP
MG
nam
e an
d lo
go a
re r
egis
tere
d tr
adem
arks
or
trad
emar
ks o
f K
PM
G In
tern
atio
nal.
CP
UC
RU
LE 6
Use
an
d d
iscl
osu
re li
mit
atio
n
Ove
rall
Co
ncl
usi
on
O
ne
exce
pti
on
no
ted
:
Co
ntr
act
Co
mp
lian
ce:
A f
orm
al p
roce
ss d
oes
not
exis
t to
enf
orce
or
trac
k co
mpl
ianc
e of
Thi
rd P
arty
/ V
endo
r co
ntra
cts
arou
nd t
he s
afeg
uard
ing
of
Cov
ered
Info
rmat
ion.
– 46
–
© 2
016
KP
MG
LLP
, a D
elaw
are
limite
d lia
bilit
y pa
rtne
rshi
p an
d th
e U
.S. m
embe
r fir
m o
f th
e K
PM
G n
etw
ork
of in
depe
nden
t m
embe
r fir
ms
affil
iate
d w
ith K
PM
G In
tern
atio
nal C
oope
rativ
e (“
KP
MG
Inte
rnat
iona
l”),
a S
wis
s en
tity.
All
right
s re
serv
ed. N
DP
PS
576
245
The
KP
MG
nam
e an
d lo
go a
re r
egis
tere
d tr
adem
arks
or
trad
emar
ks o
f K
PM
G In
tern
atio
nal.
CP
UC
R
ule
6
Ru
le d
escr
ipti
on
D
iscl
osur
es t
o Th
ird P
artie
s
(1) I
nitia
l Dis
clos
ures
by
an E
lect
rical
Cor
pora
tion:
An
elec
tric
al c
orpo
ratio
n m
ay d
iscl
ose
Cov
ered
Info
rmat
ion
with
out
cust
omer
con
sent
to
a Th
ird P
arty
act
ing
unde
r co
ntra
ct w
ith t
he C
omm
issi
on f
or t
he p
urpo
se o
f pr
ovid
ing
serv
ices
au
thor
ized
pur
suan
t to
an
orde
r or
res
olut
ion
of t
he C
omm
issi
on o
r to
a g
over
nmen
tal e
ntity
for
the
pur
pose
of
prov
idin
g en
ergy
eff
icie
ncy
or e
nerg
y ef
ficie
ncy
eval
uatio
n se
rvic
es p
ursu
ant
to a
n or
der
or r
esol
utio
n of
the
Com
mis
sion
. An
elec
tric
al
corp
orat
ion
may
dis
clos
e co
vere
d in
form
atio
n to
a T
hird
Par
ty w
ithou
t cu
stom
er c
onse
nt
—a.
whe
n ex
plic
itly
orde
red
to d
o so
by
the
Com
mis
sion
; or
—b.
for
a p
rimar
y pu
rpos
e be
ing
carr
ied
out
unde
r co
ntra
ct w
ith a
nd o
n be
half
of t
he e
lect
rical
cor
pora
tion
disc
losi
ng
the
data
; pro
vide
d th
at t
he c
over
ed e
ntity
dis
clos
ing
the
data
sha
ll, b
y co
ntra
ct, r
equi
re t
he T
hird
Par
ty t
o ag
ree
to
acce
ss, c
olle
ct, s
tore
, use
, and
dis
clos
e th
e co
vere
d in
form
atio
n un
der
polic
ies,
pra
ctic
es a
nd n
otifi
catio
n re
quire
men
ts n
o le
ss p
rote
ctiv
e th
an t
hose
und
er w
hich
the
cov
ered
ent
ity it
self
oper
ates
as
requ
ired
unde
r th
is
rule
, unl
ess
othe
rwis
e di
rect
ed b
y th
e C
omm
issi
on.
(2) S
ubse
quen
t D
iscl
osur
es: A
ny e
ntity
tha
t re
ceiv
es c
over
ed in
form
atio
n de
rived
initi
ally
fro
m a
cov
ered
ent
ity m
ay d
iscl
ose
such
cov
ered
info
rmat
ion
to a
noth
er e
ntity
with
out
cust
omer
con
sent
for
a p
rimar
y pu
rpos
e, p
rovi
ded
that
the
ent
ity
disc
losi
ng t
he c
over
ed in
form
atio
n sh
all,
by c
ontr
act,
req
uire
the
ent
ity r
ecei
ving
the
cov
ered
info
rmat
ion
to u
se t
he c
over
ed
info
rmat
ion
only
for
suc
h pr
imar
y pu
rpos
e an
d to
agr
ee t
o st
ore,
use
, and
dis
clos
e th
e co
vere
d in
form
atio
n un
der
polic
ies,
pr
actic
es a
nd n
otifi
catio
n re
quire
men
ts n
o le
ss p
rote
ctiv
e th
an t
hose
und
er w
hich
the
cov
ered
ent
ity f
rom
whi
ch t
he c
over
ed
info
rmat
ion
was
initi
ally
der
ived
ope
rate
s as
req
uire
d by
this
rul
e, u
nles
s ot
herw
ise
dire
cted
by
the
Com
mis
sion
.
(3)T
erm
inat
ing
Dis
clos
ures
to
Ent
ities
Fai
ling
to C
ompl
y w
ith T
heir
Priv
acy
Ass
uran
ces:
Whe
n a
cove
red
entit
y di
sclo
ses
cove
red
info
rmat
ion
to a
Thi
rd P
arty
und
er t
his
subs
ectio
n 6(
c), i
t sh
all s
peci
fy b
y co
ntra
ct,
unle
ss o
ther
wis
e or
dere
d by
the
Com
mis
sion
, tha
t it
shal
l be
cons
ider
ed a
mat
eria
l bre
ach
if th
e Th
ird P
arty
eng
ages
in a
pa
tter
n or
pra
ctic
e of
acc
essi
ng, s
torin
g, u
sing
or
disc
losi
ng t
he c
over
ed in
form
atio
n in
vio
latio
n of
the
Thi
rd P
arty
’s
cont
ract
ual o
blig
atio
ns t
o ha
ndle
the
cov
ered
info
rmat
ion
unde
r po
licie
s no
less
pro
tect
ive
than
tho
se u
nder
whi
ch t
he
cove
red
entit
y fr
om w
hich
the
cov
ered
info
rmat
ion
was
initi
ally
der
ived
ope
rate
s in
com
plia
nce
with
thi
s ru
le.
—If
a c
over
ed e
ntity
dis
clos
ing
cove
red
info
rmat
ion
for
a pr
imar
y pu
rpos
e be
ing
carr
ied
out
unde
r co
ntra
ct w
ith a
nd o
n be
half
of t
he e
ntity
dis
clos
ing
the
data
fin
ds t
hat
a Th
ird P
arty
con
trac
tor
to w
hich
it d
iscl
osed
cov
ered
info
rmat
ion
is
enga
ged
in a
pat
tern
or
prac
tice
of a
cces
sing
, sto
ring,
usi
ng o
r di
sclo
sing
cov
ered
info
rmat
ion
in v
iola
tion
of t
he
Third
Par
ty’s
con
trac
tual
obl
igat
ions
rel
ated
to
hand
ling
cove
red
info
rmat
ion,
the
dis
clos
ing
entit
y sh
all p
rom
ptly
ce
ase
disc
losi
ng c
over
ed in
form
atio
n to
suc
h Th
ird P
arty
.
—If
a c
over
ed e
ntity
dis
clos
ing
cove
red
info
rmat
ion
to a
Com
mis
sion
-aut
horiz
ed o
r cu
stom
er-a
utho
rized
Thi
rd P
arty
re
ceiv
es a
cus
tom
er c
ompl
aint
abo
ut t
he T
hird
Par
ty’s
mis
use
of d
ata
or o
ther
vio
latio
n of
the
priv
acy
rule
s, t
he
disc
losi
ng e
ntity
sha
ll, u
pon
cust
omer
req
uest
or
at t
he C
omm
issi
on’s
dire
ctio
n, p
rom
ptly
cea
se d
iscl
osin
g th
at
cust
omer
’s in
form
atio
n to
suc
h Th
ird P
arty
. The
dis
clos
ing
entit
y sh
all n
otify
the
Com
mis
sion
of
any
such
com
plai
nts
or s
uspe
cted
vio
latio
ns.
c(1)
-(3)
– 47
–
© 2
016
KP
MG
LLP
, a D
elaw
are
limite
d lia
bilit
y pa
rtne
rshi
p an
d th
e U
.S. m
embe
r fir
m o
f th
e K
PM
G n
etw
ork
of in
depe
nden
t m
embe
r fir
ms
affil
iate
d w
ith K
PM
G In
tern
atio
nal C
oope
rativ
e (“
KP
MG
Inte
rnat
iona
l”),
a S
wis
s en
tity.
All
right
s re
serv
ed. N
DP
PS
576
245
The
KP
MG
nam
e an
d lo
go a
re r
egis
tere
d tr
adem
arks
or
trad
emar
ks o
f K
PM
G In
tern
atio
nal.
Ass
essm
ent
pro
ced
ure
s A
sses
smen
t re
sult
s E
xcep
tio
ns
1. U
nder
stan
d S
CE
’s p
rivac
y po
licie
s to
det
erm
ine
whe
ther
th
ey: —
desc
ribe
the
prac
tices
re
late
d to
sha
ring
Per
sona
l Inf
orm
atio
n (if
app
licab
le) w
ith
third
par
ties
and
the
reas
ons
for
info
rmat
ion
shar
ing
iden
tify
third
par
ties
or
clas
ses
of t
hird
par
ties
to w
hom
Cov
ered
In
form
atio
n is
di
sclo
sed.
1.a.
Rev
iew
ed N
otic
e of
Acc
essi
ng, C
olle
ctin
g, S
torin
g, U
sing
and
Dis
clos
ing
Ene
rgy
Usa
ge
Info
rmat
ion
and
note
d th
at S
CE
lim
its t
he s
peci
fic r
easo
ns f
or s
harin
g C
over
ed In
form
atio
n w
ith a
Thi
rd
Par
ty t
o th
e fo
llow
ing:
—
Dis
clos
ure
nece
ssar
y to
per
form
ess
entia
l ser
vice
s;
—D
iscl
osur
e to
non
-gov
ernm
enta
l thi
rd p
artie
s as
dire
cted
or
allo
wed
by
the
CP
UC
;
—D
iscl
osur
e to
gov
ernm
ent
agen
cies
as
dire
cted
by
CP
UC
Ord
er o
r R
esol
utio
n;
—D
iscl
osur
e up
on e
xplic
it cu
stom
er w
ritte
n co
nsen
t to
rel
ease
info
rmat
ion
to a
Thi
rd P
arty
;
—D
iscl
osur
e pu
rsua
nt t
o le
gal p
roce
sses
suc
h as
war
rant
or
subp
oena
;
—D
iscl
osur
e in
the
cas
e of
an
imm
inen
t th
reat
to
life
or p
rope
rty;
or
—O
ther
dis
clos
ures
as
orde
red
or a
llow
ed b
y th
e C
PU
C.
2.b.
Rev
iew
ed P
rote
ctin
g P
erso
nal I
nfor
mat
ion
Pol
icy
inte
nded
for
all
empl
oyee
s an
d no
ted
the
com
pany
info
rms
empl
oyee
s th
at: “
Aut
horiz
ed e
mpl
oyee
s sh
all p
rovi
de o
nly
the
Per
sona
l Inf
orm
atio
n re
ason
ably
nec
essa
ry f
or s
uppl
iers
to
com
plet
e th
eir
wor
k. P
rior
to p
rovi
ding
any
Per
sona
l Inf
orm
atio
n to
a s
uppl
ier,
che
ck w
ith S
uppl
y M
anag
emen
t to
ens
ure
the
supp
lier
has
an e
xecu
ted
cont
ract
with
the
C
ompa
ny w
ith t
he a
ppro
pria
te e
xhib
it(s)
tha
t al
low
s ac
cess
to
Per
sona
l Inf
orm
atio
n.”
2.
c. R
evie
wed
the
201
5 A
nnua
l Priv
acy
Rep
ort
and
note
d th
at S
CE
dis
clos
es t
hree
typ
es o
f au
thor
ized
th
ird p
artie
s ac
cess
ing
Cov
ered
Info
rmat
ion:
(1)
Cus
tom
er A
utho
rized
, (2)
Ven
dors
Und
er C
ontr
act,
an
d (3
) Ene
rgy
Dat
a C
ente
rs.
2.d.
Rev
iew
ed S
uppl
ier
Cod
e of
Con
duct
and
not
ed S
CE
inst
ruct
s su
pplie
rs t
hat
Edi
son
reso
urce
s,
incl
udin
g th
e us
e of
Cov
ered
Info
rmat
ion,
are
onl
y to
be
used
for
“le
gitim
ate
Edi
son
busi
ness
pu
rpos
es”.
2. D
eter
min
e w
heth
er S
CE
in
form
s cu
stom
ers
that
P
erso
nal I
nfor
mat
ion
is
disc
lose
d to
thi
rd p
artie
s on
ly
for
the
purp
oses
(a) i
dent
ified
in
the
notic
e, a
nd (b
) for
whi
ch
the
indi
vidu
al h
as p
rovi
ded
impl
icit
or e
xplic
it co
nsen
t, o
r as
spe
cific
ally
allo
wed
or
requ
ired
by la
w o
r re
gula
tion
befo
re d
ata
is d
iscl
osed
to
third
pa
rtie
s.
2.a.
Rev
iew
ed N
otic
e of
Acc
essi
ng, C
olle
ctin
g, S
torin
g, U
sing
and
Dis
clos
ing
Ene
rgy
Usa
ge
Info
rmat
ion
and
note
d th
at S
CE
info
rms
cust
omer
s it
may
sha
re P
erso
nal I
nfor
mat
ion
with
thi
rd p
artie
s fo
r es
sent
ial s
ervi
ces,
i.e.
, pur
pose
s of
ope
ratin
g th
e ut
ility
sys
tem
. The
Not
ice
spec
ifies
tha
t S
CE
doe
s no
t us
e P
erso
nal I
nfor
mat
ion
for
purp
oses
bey
ond
thos
e lis
ted
in t
he N
otic
e, a
nd t
hat
SC
E d
oes
not
shar
e P
erso
nal I
nfor
mat
ion
with
thi
rd p
artie
s w
ithou
t th
e cu
stom
ers’
prio
r w
ritte
n co
nsen
t. In
add
ition
, it
indi
cate
s th
at:
—C
usto
mer
s m
ay a
utho
rize
any
Third
Par
ty t
o ha
ve a
cces
s to
the
ir S
CE
pro
vide
d in
form
atio
n by
su
bmitt
ing
a C
ISR
For
m g
rant
ing
such
acc
ess
or t
hrou
gh t
he G
reen
But
ton
Con
nect
pro
gram
.
—S
CE
may
dis
clos
e P
erso
nal I
nfor
mat
ion,
incl
udin
g C
usto
mer
Ene
rgy
Usa
ge D
ata,
info
rmat
ion
unde
r th
e fo
llow
ing
circ
umst
ance
s:
(1) C
ontr
acte
d th
ird p
artie
s pr
ovid
ing
Ess
entia
l Ser
vice
s;
(2) N
on-g
over
nmen
tal t
hird
par
ties
perf
orm
ing
serv
ices
und
er a
con
trac
t w
ith t
he C
PU
C o
r un
der
orde
r by
the
CP
UC
;
– 48
–
© 2
016
KP
MG
LLP
, a D
elaw
are
limite
d lia
bilit
y pa
rtne
rshi
p an
d th
e U
.S. m
embe
r fir
m o
f th
e K
PM
G n
etw
ork
of in
depe
nden
t m
embe
r fir
ms
affil
iate
d w
ith K
PM
G In
tern
atio
nal C
oope
rativ
e (“
KP
MG
Inte
rnat
iona
l”),
a S
wis
s en
tity.
All
right
s re
serv
ed. N
DP
PS
576
245
The
KP
MG
nam
e an
d lo
go a
re r
egis
tere
d tr
adem
arks
or
trad
emar
ks o
f K
PM
G In
tern
atio
nal.
(3) G
over
nmen
t ag
enci
es t
hat
are
usin
g, c
olle
ctin
g, a
nd s
torin
g P
erso
nal I
nfor
mat
ion
to p
erfo
rm e
nerg
y ef
ficie
ncy,
ene
rgy
eval
uatio
n, o
r ot
her
spec
ified
ser
vice
s un
der
a C
PU
C O
rder
or
Res
olut
ion;
(4) T
o a
Third
Par
ty w
ith e
xplic
it cu
stom
er c
onse
nt t
hrou
gh t
he u
se o
f a
CIS
R F
orm
;
(5) P
ursu
ant
to a
lega
l pro
cess
suc
h as
a w
arra
nt o
r su
bpoe
na;
(6) I
n a
case
of
imm
inen
t th
reat
to
life
or p
rope
rty,
incl
udin
g di
sclo
sure
to
law
enf
orce
men
t;
(7) A
s or
dere
d by
the
CP
UC
; and
(8) A
s al
low
ed b
y th
e C
PU
C t
o ce
rtai
n ac
adem
ic r
esea
rche
rs a
nd g
over
nmen
tal a
genc
ies.
Und
er a
ll ci
rcum
stan
ces
note
d ab
ove,
SC
E a
dvis
es c
usto
mer
s th
at t
he C
ompa
ny w
ill li
mit
the
type
and
am
ount
of
Per
sona
l Inf
orm
atio
n sh
ared
with
thi
rd p
artie
s to
tha
t, w
hich
is r
easo
nabl
y ne
cess
ary
for
the
Third
P
arty
to
acco
mpl
ish
the
purp
ose
for
whi
ch it
nee
ds a
cces
s to
Per
sona
l Inf
orm
atio
n.
2.b.
Rev
iew
ed A
utho
rizat
ion
to R
ecei
ve C
usto
mer
Info
rmat
ion
Or
Act
Upo
n A
Cus
tom
er’s
Beh
alf
(or
CIS
R F
orm
), av
aila
ble
publ
icly
at
ww
w.s
ce.c
om/w
ps/w
cm/c
onne
ct/d
01a2
941-
2690
-4da
f-97
e3-
2549
f276
cc32
/100
715_
Form
14_7
96_C
ISR
v2.p
df?M
OD
=A
JPE
RE
S, a
nd n
oted
tha
t by
com
plet
ing
this
fo
rm, t
he c
usto
mer
exp
licitl
y au
thor
izes
a T
hird
Par
ty t
o re
ques
t an
d re
ceiv
e th
e cu
stom
er’s
dat
a su
ch
as b
illin
g hi
stor
y, a
ccou
nt in
form
atio
n, a
nd u
sage
dat
a (u
p to
a m
axim
um o
f m
ost
rece
nt 1
2-m
onth
s).
The
cust
omer
mus
t sp
ecify
whe
ther
thi
s is
a o
ne-t
ime
auth
oriz
atio
n, o
ne-y
ear
auth
oriz
atio
n, o
r de
term
ine
an e
xpira
tion
date
lim
ited
to m
axim
um t
hree
yea
rs. T
he f
orm
als
o co
llect
s th
e Th
ird P
arty
’s
info
rmat
ion,
suc
h as
the
ent
ity’s
nam
e an
d te
leph
one
num
ber.
By
com
plet
ing
this
for
m, t
he c
usto
mer
m
ust
chec
k bo
x st
atin
g th
at t
he c
usto
mer
"und
erst
ands
tha
t [h
e/sh
e] m
ay c
ance
l thi
s au
thor
izat
ion
at
any
time
by s
ubm
ittin
g a
writ
ten
requ
est.
" A s
ampl
e of
com
plet
ed C
ISR
For
ms
wer
e re
view
ed f
or
evid
ence
on
cons
iste
ncy
with
thi
s pr
oces
s an
d no
ted
no e
xcep
tions
.
2.c.
Rev
iew
ed t
he G
reen
But
ton
Con
nect
info
rmat
ion
page
, pub
licly
ava
ilabl
e at
w
ww
.sce
.com
/wps
/por
tal/h
ome/
part
ners
/par
tner
ship
s/th
irdpa
rtyl
andi
ngpa
ge/,
and
note
d th
at
cust
omer
s w
ith a
My
Acc
ount
logi
n an
d S
mar
tMet
er c
onne
cted
to
the
netw
ork
can
choo
se t
o sh
are
up
to 1
3 m
onth
s of
ele
ctric
usa
ge d
ata
with
sel
ecte
d th
ird p
artie
s. T
hird
par
ties
mus
t re
gist
er w
ith t
his
prog
ram
with
a u
niqu
e U
ser
ID, P
assw
ord,
and
Tax
paye
r Id
entif
icat
ion
Num
ber,
as
wel
l as
pass
a
Con
nect
ivity
Tes
t an
d ac
cept
SC
E’s
Ter
ms
and
Con
ditio
ns f
or t
he p
rogr
am.
2.d.
Rev
iew
ed G
reen
But
ton
Con
nect
My
Dat
a A
cces
s A
gree
men
t an
d no
ted
spec
ific
lang
uage
re
gard
ing
data
priv
acy.
Dur
ing
regi
stra
tion
for
the
Gre
en B
utto
n pr
ogra
m, t
hird
par
ties
ackn
owle
dge
that
SC
E w
ill c
olle
ct P
erso
nal I
nfor
mat
ion
in c
onne
ctio
n w
ith t
heir
use
of t
he p
rogr
am, a
nd t
hat
SC
E
will
not
“re
nt, s
ell,
or o
ther
wis
e m
ake
avai
labl
e to
any
Thi
rd P
arty
for
any
rea
son
any
of t
his
info
rmat
ion
that
per
sona
lly id
entif
ies
[the
cus
tom
ers]
” ex
cept
ing
for
circ
umst
ance
s su
ch a
s “t
o pr
ovid
e se
rvic
es o
r to
com
ply
with
app
licab
le la
ws
or r
egul
atio
ns, i
nclu
ding
CP
UC
or
cour
t or
ders
”.
2.e.
Rev
iew
ed C
usto
mer
Con
tact
Cen
ter
New
Hire
Tra
inin
g G
uide
lines
and
not
ed t
hat
in c
ases
suc
h as
a
conf
eren
ce c
all o
r 3-
way
cal
l whe
re a
Thi
rd P
arty
is o
n th
e lin
e, t
he c
usto
mer
ser
vice
spe
cial
ist
is
– 49
–
© 2
016
KP
MG
LLP
, a D
elaw
are
limite
d lia
bilit
y pa
rtne
rshi
p an
d th
e U
.S. m
embe
r fir
m o
f th
e K
PM
G n
etw
ork
of in
depe
nden
t m
embe
r fir
ms
affil
iate
d w
ith K
PM
G In
tern
atio
nal C
oope
rativ
e (“
KP
MG
Inte
rnat
iona
l”),
a S
wis
s en
tity.
All
right
s re
serv
ed. N
DP
PS
576
245
The
KP
MG
nam
e an
d lo
go a
re r
egis
tere
d tr
adem
arks
or
trad
emar
ks o
f K
PM
G In
tern
atio
nal.
inst
ruct
ed t
o ad
vise
the
cus
tom
er t
hat
he /
she
will
be
aske
d to
ver
ify P
erso
nal I
nfor
mat
ion
he o
r sh
e m
ay n
ot w
ant
shar
ed w
ith t
he T
hird
Par
ty.
3. D
eter
min
e w
heth
er S
CE
co
mm
unic
ates
spe
cific
in
stru
ctio
ns f
or h
andl
ing
Per
sona
l Inf
orm
atio
n an
d th
e co
nseq
uenc
es o
f im
prop
er
disc
losu
re t
o th
e Th
ird P
arty
pr
ior
to d
iscl
osin
g th
e in
form
atio
n.
3.a.
Insp
ecte
d C
ontr
act
Exh
ibit
3-E
diso
n P
erso
nal I
nfor
mat
ion,
mos
t fr
eque
ntly
use
d fo
r en
gagi
ng t
hird
pa
rtie
s re
quiri
ng a
cces
s to
Cov
ered
Info
rmat
ion,
and
not
ed it
con
tain
s la
ngua
ge li
miti
ng t
he u
se o
f P
erso
nal I
nfor
mat
ion
and
requ
ires
the
cont
ract
or t
o pr
otec
t da
ta f
rom
una
utho
rized
dis
clos
ure.
In t
he
even
t of
a b
reac
h, s
peci
fic c
ontr
act
term
s ar
e de
fined
whi
ch d
etai
l con
sequ
ence
s of
impr
oper
di
sclo
sure
.
3.b.
Rev
iew
ed S
uppl
ier
Cod
e of
Con
duct
and
not
ed t
hat
SC
E in
form
s su
pplie
rs t
hat
acce
ss o
f U
tility
in
form
atio
n m
ust
be li
mite
d to
per
form
ance
of
legi
timat
e S
CE
bus
ines
s pu
rpos
es. I
n ad
ditio
n,
info
rmat
ion
shar
ed b
y S
CE
mus
t be
han
dled
in a
ccor
danc
e w
ith a
pplic
able
lega
l and
reg
ulat
ory
requ
irem
ent,
incl
udin
g fe
dera
l and
sta
te r
egul
atio
ns, s
uch
as C
alifo
rnia
’s P
rivac
y La
ws,
Mas
sach
uset
ts’
Dat
a P
rote
ctio
n La
w, o
r th
e C
PU
C S
mar
t G
rid D
ata
Priv
acy
Reg
ulat
ion.
3.c.
Rev
iew
ed t
empl
ates
for
ser
vice
agr
eem
ents
with
Ene
rgy
Ser
vice
Pro
vide
rs (E
SP
s), a
nd
Com
mun
ity C
hoic
e A
ggre
gato
rs (C
CA
s) w
ho p
rovi
de e
nerg
y to
SC
E’s
cus
tom
ers
and
have
acc
ess
to
Cov
ered
Info
rmat
ion,
and
not
ed t
hat
thes
e ve
ndor
s m
ust
sign
ser
vice
agr
eem
ents
with
the
Util
ity,
whi
ch d
efin
e ro
les
and
resp
onsi
bilit
ies
of b
oth
part
ies,
incl
udin
g pr
ovis
ions
with
man
dato
ry s
afeg
uard
s ar
ound
cus
tom
er in
form
atio
n.
3.d.
Met
with
Man
ager
, Cus
tom
er C
onta
ct C
ente
r, a
nd w
as in
form
ed t
hat
cust
omer
s m
ust
be
auth
entic
ated
bef
ore
acce
ss is
aut
horiz
ed b
y us
ing
thei
r ac
coun
t in
form
atio
n (i.
e. S
ocia
l sec
urity
nu
mbe
r, a
ccou
nt m
embe
r, s
ervi
ce ID
, etc
.). W
e sa
mpl
ed a
nd li
sten
ed t
o cu
stom
er c
alls
to
verif
y th
is
proc
ess.
3.e.
Met
with
Man
ager
, Cus
tom
er C
hoic
e S
ervi
ces,
and
was
info
rmed
tha
t th
e 1
CC
A a
nd 1
7 E
SP
s ha
d C
PU
C a
ppro
ved
cert
ifica
tion
prio
r to
ent
erin
g in
to a
ser
vice
agr
eem
ent
with
SC
E. A
ppro
vals
to
wor
k w
ith S
CE
wer
e co
mpl
eted
ele
ctro
nica
lly t
hrou
gh S
CE
.com
. Onc
e a
serv
ice
agre
emen
t is
est
ablis
hed,
tr
ansf
er o
f cu
stom
er b
illin
g in
form
atio
n to
the
se v
endo
rs is
don
e th
roug
h th
e se
cure
d E
DI p
roce
ss,
subj
ect
to a
sig
ned
ED
I Tra
ding
Par
tner
Agr
eem
ent
as n
oted
in t
he D
irect
Acc
ess
ES
P H
andb
ook.
3.f.
Rev
iew
ed D
irect
Acc
ess
ES
P H
andb
ook,
ava
ilabl
e pu
blic
ly o
n S
CE
.com
, and
not
ed C
CA
s an
d E
SP
s ar
e re
quire
d to
sub
mit
com
plet
ed C
ISR
For
ms
prio
r to
SC
E d
iscl
osin
g an
y cu
stom
er P
erso
nal
Info
rmat
ion.
4. U
nder
stan
d w
heth
er T
hird
P
arty
con
trac
ting
docu
men
tatio
n is
con
sist
ent
with
the
SC
E’s
pol
icie
s an
d pr
oced
ures
.
4.a.
Rev
iew
ed c
ontr
act
tem
plat
e us
ed b
y S
CE
for
ven
dors
with
acc
ess
to C
over
ed In
form
atio
n or
EP
I (E
diso
n P
erso
nal I
nfor
mat
ion)
dat
ed J
une
2013
and
use
d th
roug
h th
e co
vere
d pe
riod,
and
not
ed t
he
follo
win
g la
ngua
ge s
urro
undi
ng p
rote
ctio
n of
cus
tom
er in
form
atio
n:
– 50
–
© 2
016
KP
MG
LLP
, a D
elaw
are
limite
d lia
bilit
y pa
rtne
rshi
p an
d th
e U
.S. m
embe
r fir
m o
f th
e K
PM
G n
etw
ork
of in
depe
nden
t m
embe
r fir
ms
affil
iate
d w
ith K
PM
G In
tern
atio
nal C
oope
rativ
e (“
KP
MG
Inte
rnat
iona
l”),
a S
wis
s en
tity.
All
right
s re
serv
ed. N
DP
PS
576
245
The
KP
MG
nam
e an
d lo
go a
re r
egis
tere
d tr
adem
arks
or
trad
emar
ks o
f K
PM
G In
tern
atio
nal.
—"C
ontr
acto
r sh
all,
and
shal
l req
uire
Con
trac
tor’
s P
erso
nnel
and
Sub
cont
ract
ors
to a
cces
s an
d us
e E
PI s
olel
y fo
r th
e pu
rpos
e of
per
form
ing
the
Ser
vice
s an
d cr
eatin
g D
eliv
erab
les
unde
r a
CW
A o
r S
OW
(as
appl
icab
le),
but
not
othe
rwis
e. In
add
ition
, Con
trac
tor
shal
l com
ply,
and
en
sure
tha
t C
ontr
acto
r’s
Per
sonn
el a
nd S
ubco
ntra
ctor
s co
mpl
y, w
ith a
ll A
pplic
able
Law
s an
d E
diso
n P
olic
ies
rela
ting
to t
he p
rote
ctio
n of
EP
I".
—"C
ontr
acto
r sh
all n
ot, a
nd s
hall
ensu
re C
ontr
acto
r’s
Per
sonn
el a
nd S
ubco
ntra
ctor
s do
not
: (i)
use
EP
I for
Con
trac
tor’
s, C
ontr
acto
r’s
Per
sonn
el o
r S
ubco
ntra
ctor
s’ o
wn
bene
fit o
r fo
r an
y pu
rpos
e ot
her
than
as
expr
essl
y st
ated
in S
ectio
n 7(
a) a
bove
; or
(ii) d
iscl
ose
EP
I to
any
Third
P
arty
; exc
ept
as p
erm
itted
" for
the
exe
cutio
n of
Ess
entia
l Ser
vice
s.
In a
dditi
on, t
he t
empl
ate
requ
ires
cons
ulta
nts
to c
ompl
y w
ith a
pplic
able
law
s re
latin
g to
pro
tect
ion
of
cust
omer
con
fiden
tial i
nfor
mat
ion,
and
sha
ll no
t us
e S
CE
’s c
usto
mer
info
rmat
ion
for
thei
r ow
n be
nefit
s, o
r di
sclo
se c
onfid
entia
l inf
orm
atio
n to
a T
hird
Par
ty. C
ontr
acte
d pa
rtie
s ar
e re
quire
d to
sig
n a
non-
disc
losu
re c
ertif
icat
e to
cer
tify
unde
rsta
ndin
g of
pro
tect
ing
conf
iden
tial i
nfor
mat
ion.
4.b.
Rev
iew
ed c
ontr
act
tem
plat
es f
or C
omm
unity
Cho
ice
Agg
rega
tors
(CC
As)
, Ele
ctric
Ser
vice
P
rovi
ders
(ES
Ps)
and
Mas
ter
Ser
vice
s A
gree
men
ts a
nd n
oted
tha
t th
ere
wer
e so
me
inco
nsis
tenc
ies
in
the
priv
acy
and
secu
rity
lang
uage
for
pro
visi
ons
rela
ted
to s
afeg
uard
ing
Cov
ered
Info
rmat
ion.
4.c.
Rev
iew
ed 9
sam
ple
cont
ract
s fo
r ve
ndor
s w
ith a
cces
s to
Cov
ered
Info
rmat
ion,
and
not
ed t
hat
7 of
th
e 9
cont
ract
s co
ntai
ned
prov
isio
ns r
equi
ring
the
Third
Par
ty t
o sa
fegu
ard
Cov
ered
Info
rmat
ion
at t
he
stan
dard
of
SC
E’s
in a
lignm
ent
with
the
Priv
acy
Dec
isio
ns.
KP
MG
obs
erve
d 2
Con
trac
ts n
ot in
ful
l co
mpl
ianc
e th
at w
ere
exec
uted
prio
r to
the
dat
e of
the
Priv
acy
Dec
isio
ns.
Alth
ough
the
se c
ontr
acts
co
ntai
n ce
rtai
n pr
ovis
ions
req
uirin
g th
e ve
ndor
to
safe
guar
d C
over
ed In
form
atio
n at
the
sta
ndar
d w
ith
whi
ch S
CE
pro
tect
s th
eir
own
info
rmat
ion,
the
re a
re s
ome
cont
ract
lang
uage
inco
nsis
tenc
ies.
SC
E is
aw
are
of t
hese
lega
cy c
ontr
acts
and
is w
orki
ng w
ith t
heir
proc
urem
ent
team
s to
upd
ate
thes
e ve
ndor
co
ntra
cts.
4.d.
Rev
iew
ed C
ontr
acto
r N
ondi
sclo
sure
Agr
eem
ents
and
not
ed t
hat
SC
E r
equi
res
third
par
ties
to
mai
ntai
n th
e co
nfid
entia
lity
of c
usto
mer
Per
sona
l Inf
orm
atio
n an
d ha
ve s
afeg
uard
s in
pla
ce t
o m
aint
ain
secu
re a
cces
s to
cus
tom
er P
erso
nal I
nfor
mat
ion.
4.e.
Rev
iew
ed t
he D
irect
Acc
ess
ES
P H
andb
ook
avai
labl
e pu
blic
ly o
n S
CE
.com
and
not
ed t
hat
it co
ntai
ns t
he in
stru
ctio
ns a
nd e
stab
lishm
ent
form
s re
quire
d fo
r an
ES
P t
o co
nduc
t bu
sine
ss w
ithin
the
S
CE
ser
vice
ter
ritor
ies.
Thi
s do
cum
ent
outli
nes
the
step
s ne
cess
ary
for
ES
Ps
to e
nrol
l with
Edi
son,
in
sign
ing
an E
SP
Ser
vice
Agr
eem
ent
and
com
plet
ing
CIS
R F
orm
s fo
r cu
stom
ers
serv
ed.
4.f.
Rev
iew
ed t
he E
SP
Ser
vice
Agr
eem
ent,
ava
ilabl
e on
line
at S
CE
.com
, and
not
ed t
hat
it co
ntai
ns
spec
ific
lang
uage
whe
re b
oth
part
ies
agre
e to
“re
mai
n in
com
plia
nce
with
all
appl
icab
le la
ws
and
tarif
fs, i
nclu
ding
app
licab
le C
PU
C r
equi
rem
ents
” as
wel
l as
not
to d
iscl
ose
“any
Con
fiden
tial
Info
rmat
ion
obta
ined
pur
suan
t to
thi
s A
gree
men
t to
any
Thi
rd P
arty
, inc
ludi
ng a
ffili
ates
of
such
Par
ty,
with
out
the
expr
ess
prio
r w
ritte
n co
nsen
t of
the
oth
er P
arty
.”
– 51
–
© 2
016
KP
MG
LLP
, a D
elaw
are
limite
d lia
bilit
y pa
rtne
rshi
p an
d th
e U
.S. m
embe
r fir
m o
f th
e K
PM
G n
etw
ork
of in
depe
nden
t m
embe
r fir
ms
affil
iate
d w
ith K
PM
G In
tern
atio
nal C
oope
rativ
e (“
KP
MG
Inte
rnat
iona
l”),
a S
wis
s en
tity.
All
right
s re
serv
ed. N
DP
PS
576
245
The
KP
MG
nam
e an
d lo
go a
re r
egis
tere
d tr
adem
arks
or
trad
emar
ks o
f K
PM
G In
tern
atio
nal.
5. In
spec
t sa
mpl
e ev
iden
ce o
f ac
know
ledg
men
ts /
cert
ifica
tions
fro
m t
hird
par
ties
rega
rdin
g co
mpl
ianc
e w
ith
SC
E’s
dat
a pr
ivac
y po
licie
s.
5.a.
Met
with
Priv
acy
Com
plia
nce
Pro
gram
Lea
der,
and
Man
ager
, Acq
uisi
tion
Pla
nnin
g an
d P
rocu
rem
ent
Ste
war
dshi
p, a
nd n
oted
tha
t al
l new
Thi
rd P
arty
ven
dors
are
con
trac
tual
ly o
blig
ated
per
th
eir
cont
ract
cla
uses
with
SC
E t
o m
aint
ain
the
priv
acy
of t
he in
form
atio
n sh
ared
, how
ever
, no
form
al
proc
ess
exis
ts t
o en
forc
e an
d tr
ack
com
plia
nce
of v
endo
rs a
nd s
uppl
iers
.
A f
orm
al p
roce
ss d
oes
not
exis
t to
enf
orce
or
trac
k co
mpl
ianc
e of
Th
ird P
arty
/ V
endo
r co
ntra
cts
arou
nd t
he
safe
guar
ding
of
Cov
ered
Info
rmat
ion.
6. D
eter
min
e w
heth
er S
CE
has
a
proc
ess
in p
lace
to
revi
ew
cont
ract
com
plia
nce
for
third
pa
rtie
s re
ceiv
ing
Cov
ered
In
form
atio
n.
6.a.
See
CP
UC
Rul
e 6c
Ass
essm
ent
Test
Res
ult
5.a.
for
det
ails
. A
for
mal
pro
cess
doe
s no
t ex
ist
to e
nfor
ce o
r tr
ack
com
plia
nce
of
Third
Par
ty /
Ven
dor
cont
ract
s ar
ound
the
sa
fegu
ardi
ng o
f C
over
ed In
form
atio
n.
CP
UC
R
ule
6
Ru
le d
escr
ipti
on
S
eco
nd
ary
Pu
rpo
ses.
No
cove
red
entit
y sh
all u
se o
r di
sclo
se c
over
ed in
form
atio
n fo
r an
y se
cond
ary
purp
ose
with
out
obta
inin
g th
e cu
stom
er’s
pr
ior,
exp
ress
, writ
ten
auth
oriz
atio
n fo
r ea
ch t
ype
of s
econ
dary
pur
pose
. Thi
s au
thor
izat
ion
is n
ot r
equi
red
whe
n in
form
atio
n is
:
(1) p
rovi
ded
purs
uant
to
a le
gal p
roce
ss a
s de
scrib
ed in
4(c
) abo
ve;
(2) p
rovi
ded
in s
ituat
ions
of
imm
inen
t th
reat
to
life
or p
rope
rty
as d
escr
ibed
in 4
(d) a
bove
; or
(3) a
utho
rized
by
the
Com
mis
sion
pur
suan
t to
its
juris
dict
ion
and
cont
rol.
d(1)
-(3)
Ass
essm
ent
pro
ced
ure
s A
sses
smen
t re
sult
s E
xcep
tio
ns
1. D
eter
min
e w
heth
er S
CE
en
gage
s in
sec
onda
ry p
urpo
ses,
an
d de
term
ine
if pr
oced
ures
are
in
pla
ce t
o:
—no
tify
indi
vidu
als
and
obta
in t
heir
cons
ent
prio
r to
dis
clos
ing
Cov
ered
Info
rmat
ion
to
a Th
ird P
arty
for
1.a.
Met
with
Prin
cipa
l Man
ager
, Bill
ing
Ope
ratio
ns M
anag
emen
t, a
nd B
usin
ess
Ana
lyst
, Bill
ing
Ope
ratio
ns M
anag
emen
t, a
nd n
oted
tha
t S
CE
cur
rent
ly d
oes
not
volu
ntar
ily e
ngag
e in
usi
ng C
over
ed
Info
rmat
ion
for
seco
ndar
y pu
rpos
es. W
e w
ere
info
rmed
tha
t S
CE
req
uire
s cu
stom
er c
onse
nt p
rior
to
disc
losu
re o
f C
over
ed In
form
atio
n fo
r se
cond
ary
purp
oses
, whi
ch w
ould
be
docu
men
ted
thro
ugh
a co
mpl
eted
and
sig
ned
Aut
horiz
atio
n to
Rec
eive
Cus
tom
er In
form
atio
n or
Act
upo
n a
Cus
tom
er’s
B
ehal
f (C
ISR
For
m).
See
als
o C
PU
C R
ule
6 c
(2) A
sses
smen
t Te
st R
esul
ts f
or d
etai
ls.
1.b.
Rev
iew
ed N
otic
e of
Acc
essi
ng, C
olle
ctin
g, S
torin
g, U
sing
and
Dis
clos
ing
Ene
rgy
Usa
ge
Info
rmat
ion
and
note
d th
at it
indi
cate
s cu
stom
ers
are
requ
ired
to p
rovi
de c
onse
nt f
or a
ny o
ther
use
th
at is
not
an
"ess
entia
l ser
vice
". S
CE
will
onl
y di
sclo
se C
over
ed In
form
atio
n fo
r a
purp
ose
unre
late
d to
ess
entia
l ser
vice
s un
der
4 sp
ecifi
c ci
rcum
stan
ces:
– 52
–
© 2
016
KP
MG
LLP
, a D
elaw
are
limite
d lia
bilit
y pa
rtne
rshi
p an
d th
e U
.S. m
embe
r fir
m o
f th
e K
PM
G n
etw
ork
of in
depe
nden
t m
embe
r fir
ms
affil
iate
d w
ith K
PM
G In
tern
atio
nal C
oope
rativ
e (“
KP
MG
Inte
rnat
iona
l”),
a S
wis
s en
tity.
All
right
s re
serv
ed. N
DP
PS
576
245
The
KP
MG
nam
e an
d lo
go a
re r
egis
tere
d tr
adem
arks
or
trad
emar
ks o
f K
PM
G In
tern
atio
nal.
purp
oses
not
iden
tifie
d in
the
priv
acy
notic
e,
—do
cum
ent
whe
ther
SC
E
has
notif
ied
the
indi
vidu
al a
nd r
ecei
ved
the
indi
vidu
al’s
con
sent
, m
onito
r th
at P
erso
nal
Info
rmat
ion
is b
eing
pr
ovid
ed t
o th
ird p
artie
s on
ly f
or u
ses
spec
ified
in
the
priv
acy
notic
e.
"(1) U
pon
rece
ipt
of [t
he C
usto
mer
s’] e
xplic
it co
nsen
t to
rel
ease
info
rmat
ion
to a
Thi
rd P
arty
tha
t [t
he
Cus
tom
ers]
spe
cific
ally
iden
tify,
(2) P
ursu
ant
to le
gal p
roce
ss s
uch
as a
war
rant
or
subp
oena
,
(3) I
n th
e ca
se o
f an
imm
inen
t th
reat
to
life
or p
rope
rty,
or
(4) A
s or
dere
d by
the
CP
UC
."
1.c.
Rev
iew
ed P
rivac
y N
otic
e pu
blic
ly a
vaila
ble
on t
he S
CE
.com
web
site
and
not
ed t
hat
SC
E r
equi
res
that
Cov
ered
Info
rmat
ion
may
onl
y be
dis
clos
ed t
o a
Third
Par
ty (w
hose
fun
ctio
ns d
o no
t re
late
to
Prim
ary
Pur
pose
s / E
ssen
tial S
ervi
ces)
with
prio
r cu
stom
er w
ritte
n co
nsen
t. S
ince
SC
E d
oes
not
enga
ge in
sec
onda
ry p
urpo
ses,
all
disc
losu
re o
f C
over
ed In
form
atio
n to
thi
rd p
artie
s re
late
d to
non
-es
sent
ial s
ervi
ces
wou
ld b
e in
itiat
ed b
y th
e C
usto
mer
.
1.d.
Met
with
Prin
cipa
l Man
ager
, Bill
ing
Ope
ratio
ns M
anag
emen
t an
d B
usin
ess
Ana
lyst
, Bill
ing
Ope
ratio
ns M
anag
emen
t an
d ob
serv
ed t
he p
roce
ssin
g of
a s
ampl
e C
ISR
For
m. T
he T
hird
Par
ty D
esk
is r
espo
nsib
le f
or t
he p
roce
ssin
g of
CIS
R F
orm
s as
wel
l as
fulfi
lling
dat
a re
ques
ts. C
ISR
For
ms
are
rece
ived
via
em
ail t
o 3r
dpar
ty@
sce.
com
or
via
mai
l or
fax.
Upo
n re
ceip
t, t
he C
ISR
For
m is
ana
lyze
d fo
r co
mpl
eten
ess
and
the
cust
omer
’s a
ccou
nt in
form
atio
n is
ver
ified
in C
SS
. If
no e
xcep
tions
are
no
ted,
the
info
rmat
ion
is d
ownl
oade
d fr
om C
SS
and
the
req
uest
is f
ulfil
led
by r
espo
ndin
g to
the
em
ail a
ddre
ss a
s no
ted
on t
he C
ISR
For
m. T
he T
hird
Par
ty d
esk
logs
CIS
R r
eque
sts
thro
ugh
the
inte
rnal
Off
ice
365
syst
em a
s w
ell a
s a
Sha
red
File
Sto
rage
driv
e, w
here
cop
ies
of a
ll co
rres
pond
ence
an
d co
mpl
eted
CIS
R F
orm
s ar
e st
ored
for
cus
tom
ers.
Man
agem
ent
perf
orm
s m
onth
ly Q
A/Q
C
chec
ks t
o en
sure
thi
s sy
stem
is o
pera
ting
as d
esig
ned.
2. D
eter
min
e w
heth
er c
usto
mer
co
nsen
t au
thor
izin
g us
e of
en
ergy
usa
ge d
ata
for
seco
ndar
y pu
rpos
es is
doc
umen
ted.
2.a.
Not
app
licab
le a
s S
CE
doe
s no
t di
sclo
se C
over
ed In
form
atio
n fo
r se
cond
ary
purp
oses
.
3. D
eter
min
e w
heth
er c
usto
mer
co
nsen
t au
thor
izin
g us
e of
en
ergy
usa
ge d
ata
for
seco
ndar
y pu
rpos
es is
doc
umen
ted
3.a.
Met
with
Prin
cipa
l Man
ager
, Bill
ing
Ope
ratio
ns M
anag
emen
t, a
nd B
usin
ess
Ana
lyst
, Bill
ing
Ope
ratio
ns M
anag
emen
t an
d no
ted
that
the
Thi
rd P
arty
des
k re
ceiv
es C
ISR
For
ms
via
emai
l to
3rdp
arty
@sc
e.co
m o
r vi
a m
ail a
nd f
ax. T
hese
CIS
R F
orm
s ar
e fil
ed in
SC
E’s
inte
rnal
Off
ice
365
syst
em a
s w
ell a
s a
Sha
red
File
Sto
rage
driv
e, a
cces
sibl
e on
ly t
o st
aff
with
in t
he B
illin
g O
pera
tions
de
part
men
t, r
ough
ly 8
em
ploy
ees.
CP
UC
R
ule
6
Ru
le d
escr
ipti
on
C
ust
om
er A
uth
ori
zati
on
:
(1) A
utho
rizat
ion.
Sep
arat
e au
thor
izat
ion
by e
ach
cust
omer
mus
t be
obt
aine
d fo
r al
l dis
clos
ures
of
cove
red
info
rmat
ion
exce
pt
as o
ther
wis
e pr
ovid
ed f
or h
erei
n.
e(1)
-(3)
– 53
–
© 2
016
KP
MG
LLP
, a D
elaw
are
limite
d lia
bilit
y pa
rtne
rshi
p an
d th
e U
.S. m
embe
r fir
m o
f th
e K
PM
G n
etw
ork
of in
depe
nden
t m
embe
r fir
ms
affil
iate
d w
ith K
PM
G In
tern
atio
nal C
oope
rativ
e (“
KP
MG
Inte
rnat
iona
l”),
a S
wis
s en
tity.
All
right
s re
serv
ed. N
DP
PS
576
245
The
KP
MG
nam
e an
d lo
go a
re r
egis
tere
d tr
adem
arks
or
trad
emar
ks o
f K
PM
G In
tern
atio
nal.
(2) R
evoc
atio
n. C
usto
mer
s ha
ve t
he r
ight
to
revo
ke, a
t an
y tim
e, a
ny p
revi
ousl
y gr
ante
d au
thor
izat
ion.
(3) O
ppor
tuni
ty t
o R
evok
e. T
he c
onse
nt o
f a
resi
dent
ial c
usto
mer
sha
ll co
ntin
ue w
ithou
t ex
pira
tion,
but
an
entit
y re
ceiv
ing
info
rmat
ion
purs
uant
to
a re
side
ntia
l cus
tom
er’s
aut
horiz
atio
n sh
all c
onta
ct t
he c
usto
mer
, at
leas
t an
nual
ly, t
o in
form
the
cu
stom
er o
f th
e au
thor
izat
ion
gran
ted
and
to p
rovi
de a
n op
port
unity
for
rev
ocat
ion.
The
con
sent
of
a no
n-re
side
ntia
l cus
tom
er
shal
l con
tinue
in t
he s
ame
way
, but
an
entit
y re
ceiv
ing
info
rmat
ion
purs
uant
to
a no
n-re
side
ntia
l cus
tom
er’s
aut
horiz
atio
n sh
all c
onta
ct t
he c
usto
mer
, to
info
rm t
he c
usto
mer
of
the
auth
oriz
atio
n gr
ante
d an
d to
pro
vide
an
oppo
rtun
ity f
or r
evoc
atio
n ei
ther
upo
n th
e te
rmin
atio
n of
the
con
trac
t, o
r an
nual
ly if
the
re is
no
cont
ract
.
Ass
essm
ent
pro
ced
ure
s A
sses
smen
t re
sult
s E
xcep
tio
ns
1. D
eter
min
e w
heth
er
cust
omer
s re
ceiv
e no
tice
and
mus
t pr
ovid
e se
para
te
auth
oriz
atio
n if
info
rmat
ion
is
bein
g us
ed f
or a
new
sec
onda
ry
purp
ose.
1.a.
Not
app
licab
le a
s S
CE
doe
s no
t vo
lunt
arily
eng
age
in s
econ
dary
pur
pose
s. S
ee a
lso
CP
UC
Rul
e 6
d (1
) Ass
essm
ent
Test
Res
ults
for
det
ails
.
2. U
nder
stan
d ho
w c
usto
mer
s ar
e no
tifie
d of
the
ir rig
ht t
o re
voke
any
pre
viou
sly
gran
ted
auth
oriz
atio
n an
d th
e pr
oces
s to
do
so.
2.a
Rev
iew
ed t
he C
ISR
For
m a
nd n
oted
tha
t in
ord
er t
o co
mpl
ete
the
form
, cus
tom
ers
mus
t pr
ovid
e ex
plic
it co
nsen
t an
d si
gn a
ckno
wle
dgem
ent
clau
se t
hat
stat
es “
[the
cus
tom
er] u
nder
stan
ds t
hat
[he/
she]
may
can
cel t
his
auth
oriz
atio
n at
any
tim
e by
sub
mitt
ing
a w
ritte
n re
ques
t."
2.b.
Rev
iew
ed t
he C
ISR
For
m a
nd n
oted
the
for
m a
llow
s fo
r th
e cu
stom
er t
o sp
ecify
wha
t ty
pes
of
Cov
ered
Info
rmat
ion
are
auth
oriz
ed f
or d
iscl
osur
e as
wel
l as
the
dura
tion
of a
utho
rizat
ion.
The
sp
ecifi
ed t
ypes
of
info
rmat
ion
incl
ude
the
optio
ns t
o re
ques
t an
d/or
rec
eive
any
:
—C
usto
mer
Bill
ing
Rec
ords
, Bill
ing
His
tory
, and
his
toric
al m
eter
usa
ge d
ata;
—C
opie
s of
cus
tom
er c
orre
spon
denc
e w
ith S
CE
—In
vest
igat
ion
of u
tility
bill
s
—S
peci
al m
eter
ing
data
in a
ssoc
iatio
n w
ith t
he a
ccou
nt
—R
ate
Ana
lysi
s in
form
atio
n
—R
ate
chan
ge in
form
atio
n
—V
erifi
catio
n of
bal
ance
s on
cus
tom
er a
ccou
nts
and
disc
ontin
uanc
e no
tices
.
The
spec
ified
dur
atio
n of
the
se r
eque
sts
are
for:
—S
ingl
e U
se A
utho
rizat
ion
—O
ne Y
ear
Aut
horiz
atio
n;
—C
usto
m A
utho
rizat
ion
up t
o a
spec
ified
dat
e (m
axim
um o
f 3
year
s).W
e al
so n
oted
tha
t a
new
CIS
R F
orm
mus
t be
sub
mitt
ed in
ord
er t
o ex
tend
or
rene
w t
he s
ame
auth
oriz
atio
n.
– 54
–
© 2
016
KP
MG
LLP
, a D
elaw
are
limite
d lia
bilit
y pa
rtne
rshi
p an
d th
e U
.S. m
embe
r fir
m o
f th
e K
PM
G n
etw
ork
of in
depe
nden
t m
embe
r fir
ms
affil
iate
d w
ith K
PM
G In
tern
atio
nal C
oope
rativ
e (“
KP
MG
Inte
rnat
iona
l”),
a S
wis
s en
tity.
All
right
s re
serv
ed. N
DP
PS
576
245
The
KP
MG
nam
e an
d lo
go a
re r
egis
tere
d tr
adem
arks
or
trad
emar
ks o
f K
PM
G In
tern
atio
nal.
2.c.
Met
with
Man
ager
, Rev
enue
Ser
vice
Ope
ratio
ns, a
nd o
bser
ved
the
proc
essi
ng o
f sa
mpl
e C
ISR
Fo
rms.
Not
ed t
hat
requ
est
for
data
is c
ompa
red
agai
nst
the
type
of
info
rmat
ion
auth
oriz
ed o
n th
e C
ISR
For
m a
nd d
ata
requ
ests
will
not
be
com
plet
ed if
not
dul
y au
thor
ized
by
the
Cus
tom
er.
CP
UC
R
ule
6
Ru
le d
escr
ipti
on
P
arit
y
Cov
ered
ent
ities
sha
ll pe
rmit
cust
omer
s to
can
cel a
utho
rizat
ion
for
any
seco
ndar
y pu
rpos
e of
the
ir co
vere
d in
form
atio
n by
th
e sa
me
mec
hani
sm in
itial
ly u
sed
to g
rant
aut
horiz
atio
n.
f Ass
essm
ent
pro
ced
ure
s A
sses
smen
t re
sult
s E
xcep
tio
ns
1. In
spec
t sa
mpl
e co
mm
unic
atio
ns t
o se
e w
heth
er
cust
omer
s ar
e no
tifie
d of
how
th
ey c
an c
ance
l aut
horiz
atio
n fo
r an
y se
cond
ary
purp
oses
.
1.a.
Rev
iew
ed t
he C
ISR
For
m a
nd n
oted
the
cus
tom
ers
mus
t ch
eck
a bo
x to
agr
ee t
hat
they
un
ders
tand
the
y “m
ay c
ance
l the
aut
horiz
atio
n at
any
tim
e by
sub
mitt
ing
a w
ritte
n re
ques
t.”
1.b.
Met
with
Prin
cipa
l Man
ager
, Bill
ing
Ope
ratio
ns M
anag
emen
t, a
nd B
usin
ess
Ana
lyst
, Bill
ing
Ope
ratio
ns M
anag
emen
t, a
nd n
oted
tha
t S
CE
cur
rent
ly d
oes
not
volu
ntar
ily e
ngag
e in
usi
ng C
over
ed
Info
rmat
ion
for
seco
ndar
y pu
rpos
es. W
e w
ere
info
rmed
tha
t S
CE
req
uire
s cu
stom
er c
onse
nt p
rior
to
disc
losu
re o
f C
over
ed In
form
atio
n fo
r se
cond
ary
purp
oses
, whi
ch w
ould
be
docu
men
ted
thro
ugh
a co
mpl
eted
and
sig
ned
Aut
horiz
atio
n to
Rec
eive
Cus
tom
er In
form
atio
n O
r A
ct U
pon
a C
usto
mer
’s
Beh
alf
(CIS
R F
orm
). S
ee a
lso
CP
UC
Rul
e 6
c (2
) Ass
essm
ent
Test
Res
ults
for
det
ails
.
1.c.
Met
with
Man
ager
, Cus
tom
er S
ervi
ce
Info
rmat
ion
Gov
erna
nce
Org
aniz
atio
n, a
nd n
oted
tha
t vi
a th
e G
reen
But
ton
Con
nect
pro
gram
, cus
tom
ers
have
acc
ess
thro
ugh
thei
r S
CE
‘My
Acc
ount
’ site
to
elec
tron
ical
ly a
utho
rize,
man
age,
and
rev
oke
acce
ss t
o th
ird p
artie
s.
CP
UC
R
ule
6
Ru
le d
escr
ipti
on
A
vaila
bili
ty o
f A
gg
reg
ated
Usa
ge
Dat
a.
Cov
ered
ent
ities
sha
ll pe
rmit
the
use
of a
ggre
gate
d us
age
data
tha
t is
rem
oved
of
all P
erso
nally
Iden
tifia
ble
info
rmat
ion
to b
e us
ed f
or a
naly
sis,
rep
ortin
g or
pro
gram
man
agem
ent
prov
ided
tha
t th
e re
leas
e of
tha
t da
ta d
oes
not
disc
lose
or
reve
al
spec
ific
cust
omer
info
rmat
ion
beca
use
of t
he s
ize
of t
he g
roup
, rat
e cl
assi
ficat
ion,
or
natu
re o
f th
e in
form
atio
n.
g
Ass
essm
ent
pro
ced
ure
s A
sses
smen
t re
sult
s E
xcep
tio
ns
1. D
eter
min
e w
heth
er S
CE
’s
Priv
acy
Not
ice
or in
tern
al p
olic
ies
addr
ess
the
use
of a
ggre
gate
in
form
atio
n.
1. E
xam
ined
the
Web
site
Priv
acy
Not
ice
and
note
d th
at t
he u
se o
f ag
greg
ate
non
Per
sona
l In
form
atio
n is
incl
uded
in t
he n
otic
e an
d st
ates
the
fol
low
ing:
"Non
Per
sona
l Inf
orm
atio
n” m
eans
in
form
atio
n th
at d
oes
not
uniq
uely
iden
tify
an in
divi
dual
or
grou
ps o
f in
divi
dual
s. T
his
Non
Per
sona
l In
form
atio
n is
mai
ntai
ned
by u
s in
the
agg
rega
te, s
o w
e do
not
kno
w t
he id
entit
y of
any
par
ticul
ar
user
or
grou
ps o
f us
ers.
"
– 55
–
© 2
016
KP
MG
LLP
, a D
elaw
are
limite
d lia
bilit
y pa
rtne
rshi
p an
d th
e U
.S. m
embe
r fir
m o
f th
e K
PM
G n
etw
ork
of in
depe
nden
t m
embe
r fir
ms
affil
iate
d w
ith K
PM
G In
tern
atio
nal C
oope
rativ
e (“
KP
MG
Inte
rnat
iona
l”),
a S
wis
s en
tity.
All
right
s re
serv
ed. N
DP
PS
576
245
The
KP
MG
nam
e an
d lo
go a
re r
egis
tere
d tr
adem
arks
or
trad
emar
ks o
f K
PM
G In
tern
atio
nal.
2. D
eter
min
e w
heth
er S
CE
has
a
proc
edur
e in
pla
ce t
o en
sure
ag
greg
ate
info
rmat
ion
does
not
di
sclo
se o
r re
veal
spe
cific
C
over
ed In
form
atio
n.
2.a.
Insp
ecte
d th
e ag
greg
ate
data
req
uest
logs
for
201
5 th
at w
ere
rece
ived
and
pro
cess
ed b
y th
e A
dvan
ced
Tech
nolo
gies
tea
m a
nd f
or a
sel
ecte
d sa
mpl
e pr
ojec
t it
was
not
ed :
Info
rmat
ion
rega
rdin
g en
ergy
con
sum
ed a
t th
e su
bsta
tion
leve
l was
pub
lishe
d fo
r th
e E
lect
ric P
ower
R
esea
rch
Inst
itute
(EP
RI).
How
ever
, rat
her
than
giv
e an
y sp
ecifi
c in
form
atio
n at
a g
ranu
lar
leve
l, th
e da
ta g
iven
was
at
the
subs
tatio
n le
vel a
nd t
here
was
no
dire
ct c
orre
latio
n to
any
spe
cific
cus
tom
er
met
ers.
2.b.
Met
with
Man
ager
, Loa
d R
esea
rch,
and
was
info
rmed
tha
t re
ques
ts f
or a
ggre
gate
bill
ing
data
in
clud
e va
rious
pre
caut
ions
to
prot
ect
the
iden
tity
of in
divi
dual
cus
tom
ers:
—id
entif
iabl
e in
form
atio
n is
rem
oved
fro
m a
ny d
ata
feed
—la
rge
cust
omer
dat
a is
agg
rega
ted
by r
ate
code
and
zip
cod
e
—fo
r zi
p co
des
with
few
er t
han
100
cust
omer
s, th
e cu
stom
er d
ata
is c
ombi
ned
with
ano
ther
zi
p co
de
2.c.
Met
with
Man
ager
, Adv
ance
d Te
chno
logi
es (T
rans
mis
sion
& D
istr
ibut
ion)
and
was
info
rmed
tha
t A
dvan
ced
Tech
nolo
gy w
ill t
ypic
ally
onl
y di
strib
ute
anon
ymiz
ed/a
ggre
gate
dat
a in
res
pons
e to
re
ques
ts f
rom
Aca
dem
ics
unle
ss t
here
is a
spe
cific
rea
son
not
to. T
he M
anag
er w
ill w
ork
with
the
Le
ader
, Priv
acy
Com
plia
nce
Pro
gram
to
valid
ate
the
requ
est
and
ensu
re t
he a
ppro
pria
te c
onse
nt
form
s ar
e co
mpl
eted
prio
r to
dis
trib
utio
n.
– 56
–
© 2
016
KP
MG
LLP
, a D
elaw
are
limite
d lia
bilit
y pa
rtne
rshi
p an
d th
e U
.S. m
embe
r fir
m o
f th
e K
PM
G n
etw
ork
of in
depe
nden
t m
embe
r fir
ms
affil
iate
d w
ith K
PM
G In
tern
atio
nal C
oope
rativ
e (“
KP
MG
Inte
rnat
iona
l”),
a S
wis
s en
tity.
All
right
s re
serv
ed. N
DP
PS
576
245
The
KP
MG
nam
e an
d lo
go a
re r
egis
tere
d tr
adem
arks
or
trad
emar
ks o
f K
PM
G In
tern
atio
nal.
CP
UC
RU
LE 7
Dat
a q
ual
ity
and
inte
gri
ty
Ove
rall
Co
ncl
usi
on
N
o e
xcep
tio
ns
no
ted
.
CP
UC
R
ule
7
Ru
le d
escr
ipti
on
C
over
ed e
ntiti
es s
hall
ensu
re t
hat
cove
red
info
rmat
ion
they
col
lect
, sto
re, u
se, a
nd d
iscl
ose
is r
easo
nabl
y ac
cura
te a
nd
com
plet
e or
oth
erw
ise
com
plia
nt w
ith a
pplic
able
rul
es a
nd t
ariff
s re
gard
ing
the
qual
ity o
f en
ergy
usa
ge d
ata.
Ass
essm
ent
pro
ced
ure
s A
sses
smen
t re
sult
s E
xcep
tio
ns
1. D
eter
min
e w
heth
er S
CE
’s
priv
acy
polic
ies
addr
ess
the
qual
ity o
f C
over
ed In
form
atio
n an
d ot
her
cust
omer
PII.
1.a.
Rev
iew
ed S
CE
Em
ploy
ee C
ode
of C
ondu
ct a
nd n
oted
SC
E e
mpl
oyee
s m
ust
alw
ays
com
plet
e an
d do
cum
ent
thei
r w
ork
accu
rate
ly a
nd in
acc
orda
nce
with
all
inte
rnal
con
trol
s an
d pr
oces
ses
as a
pa
rt o
f S
CE
’s c
omm
itmen
t to
the
pub
lic. .
1.b.
Rev
iew
ed S
CE
Priv
acy
Pro
gram
Com
plia
nce
Pro
gram
Man
ual a
nd n
oted
tha
t O
Us
are
requ
ired
to p
erio
dica
lly v
alid
ate
and
mak
e en
hanc
emen
ts f
or t
he p
rote
ctio
n, in
tegr
ity, a
nd a
vaila
bilit
y of
all
reco
rds.
1.c.
Rev
iew
ed S
CE
Sup
plie
r C
ode
of C
ondu
ct a
nd n
oted
tha
t su
pplie
rs a
re r
equi
red
to m
aint
ain
"acc
urat
e re
cord
s an
d pr
otec
t P
erso
nal I
nfor
mat
ion”
. It
indi
cate
tha
t “I
n ad
ditio
n, S
CE
req
uire
s su
pplie
rs t
o (1
) Mai
ntai
n ac
cura
te f
inan
cial
and
ope
ratio
nal r
ecor
ds, (
2) M
aint
ain,
ret
ain,
and
dis
pose
of
bus
ines
s re
cord
s as
soci
ated
with
sup
plie
r w
ork
for
SC
E in
acc
orda
nce
with
all
appl
icab
le le
gal a
nd
cont
ract
ual o
blig
atio
ns, a
nd (3
) not
ify S
CE
imm
edia
tely
reg
ardi
ng a
ny r
eque
st f
rom
a T
hird
Par
ty f
or
Edi
son
info
rmat
ion,
unl
ess
proh
ibite
d by
law
”.
1.d.
Rev
iew
ed P
rote
ctin
g P
erso
nal I
nfor
mat
ion
Pro
cedu
re p
olic
y av
aila
ble
to e
mpl
oyee
s on
the
in
tran
et a
nd n
oted
tha
t in
form
atio
n us
ed b
y em
ploy
ees
for
supp
liers
mus
t be
acc
urat
e an
d S
CE
sha
ll pr
ovid
e on
ly t
he P
erso
nal I
nfor
mat
ion
reas
onab
ly n
eces
sary
for
sup
plie
rs t
o co
mpl
ete
thei
r w
ork.
In
addi
tion,
the
doc
umen
t in
dica
tes
Per
sona
l Inf
orm
atio
n m
ust
be p
rote
cted
fro
m u
naut
horiz
ed a
cces
s,
loss
and
mis
use.
1.e.
Rev
iew
ed R
ecor
ds M
anag
emen
t P
olic
y an
d no
ted
that
the
re is
a s
peci
fic s
ectio
n de
dica
ted
to
reco
rds
qual
ity. I
t st
ates
“re
cord
s sh
all b
e co
mpl
ete,
up
to d
ate
and
accu
rate
so
that
the
y ca
n be
re
lied
on t
o su
ppor
t bu
sine
ss a
ctiv
ities
and
dec
isio
ns.”
2. In
spec
t sa
mpl
e co
mm
unic
atio
n to
cus
tom
ers
to e
nsur
e w
heth
er
SC
E p
olic
ies
incl
ude
cust
omer
da
ta in
tegr
ity.
2.a.
Rev
iew
ed S
CE
Not
ice
of A
cces
sing
, Col
lect
ing,
Sto
ring,
Usi
ng a
nd D
iscl
osin
g E
nerg
y U
sage
In
form
atio
n an
d no
ted
that
in o
rder
to
use
SC
E.c
om M
y A
ccou
nt f
eatu
res,
cus
tom
ers
are
requ
ired
to
volu
ntar
ily p
rovi
de a
nd m
aint
ain
thei
r P
erso
nal I
nfor
mat
ion
with
SC
E. T
he d
ocum
ent
also
pro
mpt
s cu
stom
ers
to c
onta
ct S
CE
sho
uld
ther
e be
any
cha
nges
and
upd
ates
to
thei
r in
form
atio
n at
:
—Te
leph
one:
180
065
545
55 (R
esid
entia
l) or
180
099
077
88
– 57
–
© 2
016
KP
MG
LLP
, a D
elaw
are
limite
d lia
bilit
y pa
rtne
rshi
p an
d th
e U
.S. m
embe
r fir
m o
f th
e K
PM
G n
etw
ork
of in
depe
nden
t m
embe
r fir
ms
affil
iate
d w
ith K
PM
G In
tern
atio
nal C
oope
rativ
e (“
KP
MG
Inte
rnat
iona
l”),
a S
wis
s en
tity.
All
right
s re
serv
ed. N
DP
PS
576
245
The
KP
MG
nam
e an
d lo
go a
re r
egis
tere
d tr
adem
arks
or
trad
emar
ks o
f K
PM
G In
tern
atio
nal.
—W
eb: w
ww
.sce
.com
/con
tact
us
—M
ail:
Sou
ther
n C
alifo
rnia
Edi
son
Att
n: C
hief
Eth
ics
and
Com
plia
nce
Off
icer
Pos
t O
ffic
e B
ox 8
00
Ros
emea
d, C
A 9
1770
2.b
Rev
iew
ed t
he M
y A
ccou
nt O
nlin
e S
ervi
ces
Term
s an
d C
ondi
tions
, ava
ilabl
e pu
blic
ly o
n S
CE
.com
, an
d no
ted
that
the
doc
umen
t st
ates
it is
the
cus
tom
er’s
res
pons
ibili
ty t
o en
sure
tha
t th
eir
cont
act
info
and
oth
er r
equi
red
info
rmat
ion
is c
urre
nt, a
ccur
ate,
and
upd
ated
pro
mpt
ly.
2.c
Rev
iew
ed t
he S
etup
Pro
cess
for
Lin
king
My
Acc
ount
Dat
a to
CS
S d
ocum
ent
and
note
d th
at
cust
omer
s ar
e m
anda
ted
to p
rovi
de a
ccur
ate,
mat
chin
g in
form
atio
n th
at c
orre
spon
d to
exi
stin
g da
ta
on f
ile in
CS
S s
yste
m in
ord
er t
o lin
k th
eir
SC
E.c
om M
y A
ccou
nt t
o th
eir
CS
S r
ecor
d. D
urin
g se
tup,
cu
stom
ers
mus
t ac
cept
the
My
Acc
ount
Onl
ine
Ser
vice
s Te
rms
and
Con
ditio
ns t
hat
stat
es t
hat
it is
th
e cu
stom
er’s
res
pons
ibili
ty t
o en
sure
the
ir in
form
atio
n is
cur
rent
, acc
urat
e, a
nd u
pdat
ed p
rom
ptly
. To
com
plet
e th
e se
tup
proc
ess,
a c
onfir
mat
ion
emai
l is
sent
to
the
cust
omer
’s in
box
to v
alid
ate
corr
ect
data
ent
ry o
f em
ail a
ddre
ss.
2.d.
Lis
tene
d to
sam
ple
cust
omer
cal
ls a
t th
e S
CE
Cus
tom
er C
onta
ct C
ente
r in
Irw
inda
le, C
A, a
nd
note
d th
at C
usto
mer
Ser
vice
Rep
rese
ntat
ives
pro
mpt
ed E
diso
n cu
stom
ers
to v
alid
ate
and
/ or
com
plet
e th
eir
user
info
rmat
ion
that
is o
n re
cord
with
SC
E.
3. D
eter
min
e w
heth
er p
roce
dure
s ar
e in
pla
ce t
hat:
—ed
it an
d va
lidat
e P
erso
nal I
nfor
mat
ion
as
it is
col
lect
ed, c
reat
ed,
mai
ntai
ned,
and
up
date
d.
—sp
ecify
whe
n th
e P
erso
nal I
nfor
mat
ion
is
no lo
nger
val
id.
3.a.
Rev
iew
ed P
rivac
y C
ompl
ianc
e P
rogr
am M
anua
l and
not
ed S
CE
OU
s ar
e in
stru
cted
to
only
co
llect
, sto
re, u
se, o
r di
sclo
se o
nly
as m
uch
cust
omer
Per
sona
l Inf
orm
atio
n as
is n
eces
sary
and
re
leva
nt t
o th
e pr
ojec
t or
sys
tem
.
3.b.
Rev
iew
ed R
ecor
ds M
anag
emen
t P
olic
y av
aila
ble
to a
ll em
ploy
ees
via
the
intr
anet
and
not
ed t
hat
empl
oyee
s ar
e in
stru
cted
to
reta
in r
ecor
ds a
s lo
ng a
s ne
cess
ary
for
lega
l, re
gula
tory
and
ope
ratio
nal
purp
oses
. The
pol
icy
also
indi
cate
s to
dis
pose
rec
ords
in a
ccor
danc
e w
ith a
pplic
able
ret
entio
n sc
hedu
les.
3.c.
Met
with
Man
ager
, Cus
tom
er C
onta
ct C
ente
r, a
nd li
sten
ed in
on
sam
ple
calls
, and
not
ed t
hat
CS
Rs
auth
entic
ated
cus
tom
ers
durin
g th
e ca
ll in
take
pro
cess
. The
pro
cess
incl
uded
val
idat
ion
of
cust
omer
acc
ount
info
rmat
ion
on f
ile, s
uch
as n
ame,
pho
ne n
umbe
r an
d ad
dres
s am
ong
othe
rs.
Cus
tom
ers
are
prom
pted
to
edit
and
upda
te t
heir
info
rmat
ion
on f
ile d
urin
g th
eir
calls
to
the
Con
tact
C
ente
r. C
usto
mer
s ar
e al
so in
stru
cted
tha
t th
ey c
an m
ake
edits
onl
ine
usin
g th
e M
y A
ccou
nt p
orta
l.
3.d.
Rev
iew
ed C
usto
mer
Con
tact
Cen
ter
Aut
hent
icat
ion
Pro
cess
for
Cal
l Cen
ter
Rep
rese
ntat
ives
and
no
ted
Cus
tom
er S
ervi
ce R
epre
sent
ativ
es m
ust
auth
entic
ate
cust
omer
s du
ring
the
call
inta
ke
proc
ess.
Thi
s pr
oces
s in
clud
es a
uthe
ntic
atio
n of
cus
tom
er a
ccou
nt in
form
atio
n, s
uch
as n
ame,
se
rvic
e ad
dres
s, la
st f
our
digi
ts o
f S
SN
, or D
L #,
prio
r to
rel
ease
of
acco
unt
info
rmat
ion.
– 58
–
© 2
016
KP
MG
LLP
, a D
elaw
are
limite
d lia
bilit
y pa
rtne
rshi
p an
d th
e U
.S. m
embe
r fir
m o
f th
e K
PM
G n
etw
ork
of in
depe
nden
t m
embe
r fir
ms
affil
iate
d w
ith K
PM
G In
tern
atio
nal C
oope
rativ
e (“
KP
MG
Inte
rnat
iona
l”),
a S
wis
s en
tity.
All
right
s re
serv
ed. N
DP
PS
576
245
The
KP
MG
nam
e an
d lo
go a
re r
egis
tere
d tr
adem
arks
or
trad
emar
ks o
f K
PM
G In
tern
atio
nal.
3.e.
Met
with
Man
ager
, Cre
dit
Ope
ratio
ns, a
nd c
ondu
cted
a w
alk
thro
ugh
of t
he B
ill P
aym
ent
and
Cre
dit
Ops
Cen
ter.
Not
ed t
hat
the
depa
rtm
ent
has
data
min
imiz
atio
n po
licie
s an
d pr
oced
ures
for
di
spos
al o
f co
nfid
entia
l cus
tom
er in
form
atio
n an
d its
des
truc
tion
whe
n th
e in
form
atio
n is
no
long
er
valid
. Pol
icie
s an
d pr
oced
ures
incl
ude:
—O
nly
Cre
dit
Ope
ratio
ns a
nd B
ill P
aym
ent
staf
f ha
ve a
cces
s to
the
off
ice.
Acc
ess
to t
he
park
ing
lot
and
build
ing
is c
ontr
olle
d vi
a em
ploy
ee k
ey c
ard
and
mon
itore
d w
ith s
ecur
ity
cam
eras
.
—N
ight
ly w
alkt
hrou
ghs
are
perf
orm
ed p
rior
to t
he c
losi
ng o
f th
e fa
cilit
y to
val
idat
e no
P
erso
nal I
nfor
mat
ion
is le
ft o
n de
sks
or p
rinte
rs.
—N
ot d
ispl
ayin
g, p
rintin
g, o
r ot
herw
ise
acce
ssin
g an
y P
erso
nal I
nfor
mat
ion
that
is n
ot
esse
ntia
l in
orde
r to
per
form
ing
a bu
sine
ssre
late
d ta
sk o
r jo
b fu
nctio
n.
—A
ll P
erso
nal I
nfor
mat
ion
that
is n
ot in
imm
edia
te u
se is
sto
red
in lo
cked
file
cab
inet
s. W
hen
disp
osin
g of
Per
sona
l Inf
orm
atio
n, d
ocum
ents
are
eith
er s
hred
ded
imm
edia
tely
or
plac
ed in
a
lock
ed s
hred
bin
. Tw
o sh
redd
ers
are
loca
ted
in t
he f
acili
ty a
s w
ell a
s sh
red
bins
for
larg
er
files
.
—O
ffic
e pr
inte
r an
d fa
x m
achi
ne is
dis
able
d ov
erni
ght.
Any
prin
t jo
bs o
r fa
xes
rece
ived
aft
er
busi
ness
hou
rs a
re s
tore
d in
mem
ory
and
acce
ssed
onl
y in
the
mor
ning
by
staf
f, w
ho in
put
a P
IN t
o ac
cess
the
prin
ter
mem
ory.
3.f.
Met
with
Man
ager
, Int
erna
l Aud
it, a
nd n
oted
tha
t cu
stom
er d
ata
priv
acy
and
secu
rity
is o
ne o
f th
e ar
eas
asse
ssed
and
con
side
red
in S
CE
’s y
early
inte
rnal
ann
ual r
isk
asse
ssm
ent.
Exc
eptio
ns
iden
tifie
d ar
e ad
dres
sed
by S
CE
thr
ough
ong
oing
enh
ance
men
t of
its
Priv
acy
Com
plia
nce
grou
p
3.g.
Rev
iew
ed L
ogic
al S
ecur
ity o
n S
CE
.com
Aud
it re
port
per
form
ed b
y A
udit
Ser
vice
s du
ring
the
cove
red
perio
d an
d no
ted
that
Aud
it S
ervi
ces
conc
lude
d th
e au
dit
as “
satis
fact
ory
with
exc
eptio
ns.”
3.h.
Rev
iew
ed t
he D
ata
Priv
acy
Gov
erna
nce
Aud
it re
port
per
form
ed b
y A
udit
Ser
vice
s du
ring
the
cove
red
perio
d an
d no
ted
that
Aud
it S
ervi
ces
dete
rmin
ed t
hat
the
prog
ram
is w
ell d
esig
ned
and
impl
emen
ted
and
conc
lude
d th
e au
dit
as “
satis
fact
ory
with
exc
eptio
ns.”
3.i.
Rev
iew
ed t
he C
usto
mer
Ser
vice
– D
ata
Pro
cess
ing
Sec
urity
Aud
it re
port
per
form
ed b
y A
udit
Ser
vice
s du
ring
the
cove
red
perio
d an
d no
ted
that
Aud
it S
ervi
ces
conc
lude
d th
e au
dit
as
“sat
isfa
ctor
y w
ith e
xcep
tions
.”
In a
dditi
on, w
e no
ted
that
SC
E’s
Inte
rnal
Aud
it te
am h
as c
ondu
cted
a n
umbe
r of
aud
its r
elat
ed t
o cu
stom
er p
rivac
y an
d IT
, with
con
tent
rel
ated
to
priv
acy
and
secu
rity.
The
Inte
rnal
Aud
it te
am
mon
itors
and
tra
cks
corr
ectiv
e ac
tions
to
rem
edy
the
findi
ngs
iden
tifie
d by
man
agem
ent
on a
pe
riodi
c ba
sis.
In c
ases
whe
re t
he b
usin
ess
fails
to
com
ply
with
the
Act
ion
Pla
n, a
lert
s ar
e se
nt t
o se
nior
exe
cutiv
es w
ithin
the
bus
ines
s un
it to
esc
alat
e an
d no
tify
them
of
the
cont
inue
d ex
istin
g ga
ps.
– 59
–
© 2
016
KP
MG
LLP
, a D
elaw
are
limite
d lia
bilit
y pa
rtne
rshi
p an
d th
e U
.S. m
embe
r fir
m o
f th
e K
PM
G n
etw
ork
of in
depe
nden
t m
embe
r fir
ms
affil
iate
d w
ith K
PM
G In
tern
atio
nal C
oope
rativ
e (“
KP
MG
Inte
rnat
iona
l”),
a S
wis
s en
tity.
All
right
s re
serv
ed. N
DP
PS
576
245
The
KP
MG
nam
e an
d lo
go a
re r
egis
tere
d tr
adem
arks
or
trad
emar
ks o
f K
PM
G In
tern
atio
nal.
4. In
spec
t sa
mpl
e ev
iden
ce t
o en
sure
tha
t pr
oced
ures
are
in
plac
e th
at h
elp
ensu
re P
erso
nal
Info
rmat
ion
is s
uffic
ient
ly r
elev
ant
for
the
purp
oses
for
whi
ch it
is t
o be
use
d an
d to
min
imiz
e th
e po
ssib
ility
tha
t in
appr
opria
te
info
rmat
ion
is u
sed
to m
ake
busi
ness
dec
isio
ns a
bout
the
in
divi
dual
.
4.a.
Rev
iew
ed P
rivac
y C
ompl
ianc
e P
rogr
am M
anua
l and
not
ed S
CE
info
rms
its e
mpl
oyee
s to
lim
it th
e am
ount
of
Per
sona
l Inf
orm
atio
n to
the
leas
t am
ount
nec
essa
ry t
o co
nduc
t an
OU
’s w
ork,
and
th
at if
the
OU
doe
s no
t ne
ed t
he d
ata,
it m
ust
not
be c
olle
cted
. Thi
s is
bot
h a
risk
redu
ctio
n st
rate
gy
as w
ell a
s an
ope
ratio
ns c
onsi
dera
tion.
The
doc
umen
t no
tes
that
if p
revi
ousl
y co
llect
ed P
erso
nal
Info
rmat
ion
serv
es n
o cu
rren
t bu
sine
ss p
urpo
se, t
hen
the
Per
sona
l Inf
orm
atio
n sh
all n
o lo
nger
be
colle
cted
and
a d
ispo
sitio
n st
rate
gy m
ust
be a
sses
sed
with
the
Priv
acy
Com
plia
nce
Pro
gram
Lea
der.
4.b.
Rev
iew
ed R
ecor
ds M
anag
emen
t an
d P
rote
ctin
g P
erso
nal I
nfor
mat
ion
proc
edur
es a
vaila
ble
to
empl
oyee
s on
the
intr
anet
and
not
ed t
hat
empl
oyee
s w
ith a
cces
s to
Cov
ered
Info
rmat
ion
are
inst
ruct
ed t
hat
docu
men
ts c
onta
inin
g P
erso
nal I
nfor
mat
ion
mus
t be
sec
urel
y st
ored
and
des
troy
ed.
The
docu
men
ts n
oted
tha
t P
erso
nal I
nfor
mat
ion
is n
ot t
o be
use
d fo
r IT
sys
tem
s te
stin
g. B
oth
docu
men
ts s
tate
tha
t vi
olat
ions
of
the
proc
edur
e m
ay r
esul
t in
dis
cipl
inar
y ac
tion,
up
to a
nd in
clud
ing
term
inat
ion
of e
mpl
oym
ent
and
civi
l or
crim
inal
liab
ility
.
4.c.
Met
with
Man
ager
, Adv
ance
d Te
chno
logi
es –
Tra
nsm
issi
ons
& D
istr
ibut
ion,
Man
ager
, Rev
enue
S
ervi
ces,
and
Man
ager
, Loa
d R
esea
rch,
and
not
ed t
hat
whe
n w
orki
ng w
ith o
r pr
ovid
ing
Cov
ered
In
form
atio
n ei
ther
inte
rnal
ly a
t S
CE
and
in r
espo
ndin
g to
dat
a re
ques
ts, d
ata
anal
ysts
rev
iew
the
dat
a re
ques
t fo
r re
ason
able
ness
, and
red
act
all u
nnec
essa
ry in
form
atio
n. T
he d
ata
prov
ided
is r
evie
wed
by
man
ager
s in
ord
er t
o en
sure
the
info
rmat
ion
is b
oth
rele
vant
to
the
requ
est
and
all o
ther
in
form
atio
n is
app
ropr
iate
ly r
edac
ted.
– 60
–
© 2
016
KP
MG
LLP
, a D
elaw
are
limite
d lia
bilit
y pa
rtne
rshi
p an
d th
e U
.S. m
embe
r fir
m o
f th
e K
PM
G n
etw
ork
of in
depe
nden
t m
embe
r fir
ms
affil
iate
d w
ith K
PM
G In
tern
atio
nal C
oope
rativ
e (“
KP
MG
Inte
rnat
iona
l”),
a S
wis
s en
tity.
All
right
s re
serv
ed. N
DP
PS
576
245
The
KP
MG
nam
e an
d lo
go a
re r
egis
tere
d tr
adem
arks
or
trad
emar
ks o
f K
PM
G In
tern
atio
nal.
CP
UC
RU
LE 8
Dat
a se
curi
ty
Ove
rall
Co
ncl
usi
on
N
o e
xcep
tio
ns
no
ted
.
CP
UC
R
ule
8
Ru
le d
escr
ipti
on
G
ener
ally
Cov
ered
ent
ities
sha
ll im
plem
ent
reas
onab
le a
dmin
istr
ativ
e, t
echn
ical
, and
phy
sica
l saf
egua
rds
to p
rote
ct c
over
ed
info
rmat
ion
from
una
utho
rized
acc
ess,
des
truc
tion,
use
, mod
ifica
tion,
or
disc
losu
re.
a Ass
essm
ent
pro
ced
ure
s A
sses
smen
t re
sult
s E
xcep
tio
ns
1. D
eter
min
e w
heth
er S
CE
has
do
cum
ente
d po
licie
s ad
dres
sing
se
curit
y pr
ovis
ions
for
Cov
ered
In
form
atio
n in
clud
ing:
—R
isk
asse
ssm
ent
and
trea
tmen
t
—S
ecur
ity p
olic
y
—O
rgan
izat
ion
of
info
rmat
ion
Sec
urity
—A
sset
man
agem
ent
—H
uman
res
ourc
es
secu
rity
—P
hysi
cal a
nd
envi
ronm
enta
l sec
urity
—C
omm
unic
atio
ns a
nd
oper
atio
ns m
anag
emen
t
—A
cces
s co
ntro
l
—In
form
atio
n sy
stem
s ac
quis
ition
, de
velo
pmen
t, a
nd
mai
nten
ance
—In
form
atio
n se
curit
y in
cide
nt m
anag
emen
t
1.a.
Per
inqu
iry o
f re
leva
nt s
take
hold
ers
and
insp
ectio
n of
doc
umen
tatio
n pr
ovid
ed it
was
not
ed t
hat
the
follo
win
g cy
bers
ecur
ity p
olic
ies/
proc
edur
es/s
tand
ards
/gui
delin
es a
re in
pla
ce t
o ad
dres
s se
curit
y pr
ovis
ions
for
SC
E, i
nclu
ding
Cov
ered
Info
rmat
ion:
—R
isk
Ass
essm
ent
and
Trea
tmen
t c
ontin
uous
thr
eat
and
vuln
erab
ility
iden
tific
atio
n an
d re
med
iatio
n is
per
form
ed b
y th
e C
yber
secu
rity
and
IT C
ompl
ianc
e gr
oup.
The
thr
eat
and
vuln
erab
ility
pro
cess
is f
orm
ally
doc
umen
ted.
Cyb
erse
curit
y an
d IT
Com
plia
nce
publ
ish
mon
thly
com
plia
nce
repo
rts
for
each
ope
ratin
g un
it de
scrib
ing
prog
ress
tow
ards
re
med
iatio
n.
—S
ecur
ity P
olic
y A
Phy
sica
l Sec
urity
and
Cyb
erse
curit
y P
olic
y is
in p
lace
and
acc
essi
ble
to
all S
CE
em
ploy
ees.
Add
ition
al s
uppo
rtin
g in
form
atio
n se
curit
y po
licie
s (e
.g. a
ccep
tabl
e us
e po
licy)
, sta
ndar
ds, p
roce
dure
s, a
nd g
uide
lines
are
als
o av
aila
ble.
—O
rgan
izat
ion
of In
form
atio
n S
ecur
ity
A f
orm
al C
yber
secu
rity
and
IT C
ompl
ianc
e gr
oup,
he
aded
by
the
Sr.
Man
ager
, Cyb
erse
curit
y, p
erfo
rms
gove
rnan
ce a
ctiv
ities
and
adh
eres
to
stan
dard
s; p
erfo
rms
risk
asse
ssm
ents
to
help
mai
ntai
n th
e ris
k re
gist
er; p
rovi
des
gove
rnan
ce o
ver
the
Vul
nera
bilit
y A
sses
smen
t pr
ogra
m; a
nd p
erfo
rms
inqu
iries
with
va
rious
par
ts o
f th
e bu
sine
ss t
o ve
t co
mpl
ianc
e w
ith s
tand
ards
; and
per
form
s a
stan
dard
s ex
cept
ion
proc
ess.
—A
sset
Man
agem
ent
Per
insp
ectio
n of
the
IT H
ardw
are
Ass
et M
anag
emen
t P
roce
ss
Doc
umen
t it
was
not
ed t
hat
all i
nfor
mat
ion
asse
ts m
ust
be a
ssig
ned
an o
wne
r, w
hich
is
trac
ked
by t
he IT
Ass
et a
nd C
onfig
urat
ion
Man
agem
ent
Team
. Ass
et o
wne
rs a
re
resp
onsi
ble
for
impl
emen
ting
and
mon
itorin
g se
curit
y an
d m
aint
enan
ce c
ontr
ols
arou
nd
thei
r as
sign
ed a
sset
s. A
ll as
sets
mus
t be
insp
ecte
d by
the
IT A
sset
and
Con
figur
atio
n M
anag
emen
t Te
am b
efor
e be
ing
disp
osed
of.
—H
uman
Res
ourc
es S
ecur
ity
The
requ
irem
ent
of b
ackg
roun
d ch
ecks
bef
ore
exte
rnal
ca
ndid
ates
can
be
hire
d by
SC
E is
a p
olic
y fo
r th
e H
R D
epar
tmen
t.
– 61
–
© 2
016
KP
MG
LLP
, a D
elaw
are
limite
d lia
bilit
y pa
rtne
rshi
p an
d th
e U
.S. m
embe
r fir
m o
f th
e K
PM
G n
etw
ork
of in
depe
nden
t m
embe
r fir
ms
affil
iate
d w
ith K
PM
G In
tern
atio
nal C
oope
rativ
e (“
KP
MG
Inte
rnat
iona
l”),
a S
wis
s en
tity.
All
right
s re
serv
ed. N
DP
PS
576
245
The
KP
MG
nam
e an
d lo
go a
re r
egis
tere
d tr
adem
arks
or
trad
emar
ks o
f K
PM
G In
tern
atio
nal.
—B
usin
ess
cont
inui
ty
man
agem
ent
—C
ompl
ianc
e
—P
hysi
cal a
nd E
nviro
nmen
tal S
ecur
ity
Phy
sica
l sec
urity
req
uire
men
t ar
e fo
rmal
ly
docu
men
ted
in t
he P
hysi
cal S
ecur
ity a
nd C
yber
secu
rity
Pol
icy
and
envi
ronm
enta
l sa
fegu
ards
wer
e co
nfirm
ed d
urin
g th
e si
te w
alkt
hrou
ghs.
—C
omm
unic
atio
ns a
nd O
pera
tions
Man
agem
ent
Enc
rypt
ion
requ
irem
ents
are
for
mal
ly
docu
men
ted
in t
he S
yste
ms
and
Com
mun
icat
ions
Pro
tect
ion
stan
dard
. Net
wor
k se
curit
y re
quire
men
ts a
re f
orm
ally
doc
umen
ted
in t
he C
ontr
ol S
yste
m N
etw
ork
Sta
ndar
d. R
emot
e ac
cess
req
uire
men
ts a
re f
orm
ally
doc
umen
ted
in t
he A
cces
s C
ontr
ol Id
entif
icat
ion
and
Aut
hent
icat
ion
Sta
ndar
d.
—A
cces
s C
ontr
ol
Acc
ess
Con
trol
req
uire
men
ts a
re f
orm
ally
doc
umen
ted
in t
he A
cces
s C
ontr
ol Id
entif
icat
ion
and
Aut
hent
icat
ion
Sta
ndar
d, a
s w
ell a
s B
usin
ess
Req
uire
men
ts f
or
Acc
ess
Con
trol
.
—In
form
atio
n S
yste
ms
Acq
uisi
tion,
Dev
elop
men
t, a
nd M
aint
enan
ce (S
DLC
) In
form
atio
n S
yste
m A
cqui
sitio
n, D
evel
opm
ent,
and
Mai
nten
ance
has
bee
n fo
rmal
ly d
ocum
ente
d in
the
S
yste
m a
nd S
ervi
ces
Acq
uisi
tion
Sta
ndar
d.
—In
form
atio
n S
ecur
ity In
cide
nt M
anag
emen
t In
form
atio
n S
ecur
ity In
cide
nt M
anag
emen
t ha
s be
en f
orm
ally
doc
umen
ted
in t
he C
yber
secu
rity
Inci
dent
Res
pons
e S
tand
ard
and
the
Phy
sica
l Sec
urity
and
Cyb
erse
curit
y P
olic
y.
—B
usin
ess
Con
tinui
ty M
anag
emen
t B
usin
ess
Con
tinui
ty M
anag
emen
t ha
s be
en f
orm
ally
do
cum
ente
d in
the
Dis
aste
r R
ecov
ery
Sta
ndar
d
—C
ompl
ianc
e T
he r
equi
rem
ent
for
com
plia
nce
with
app
licab
le p
rivac
y le
gisl
atio
n an
d re
gula
tions
has
bee
n fo
rmal
ly d
ocum
ente
d in
the
Priv
acy
Pol
icy.
2. D
eter
min
e w
heth
er S
CE
’s
priv
acy
polic
ies
and
proc
edur
es
cove
r pr
otec
tion
of e
lect
roni
c an
d pr
int
med
ia c
onta
inin
g C
over
ed
Info
rmat
ion
from
una
utho
rized
ac
cess
, des
truc
tion,
use
m
odifi
catio
n or
dis
clos
ure.
2.a.
Per
inqu
iry w
ith r
elev
ant
stak
ehol
ders
and
insp
ectio
n of
doc
umen
tatio
n re
ceiv
ed it
was
not
ed
that
the
re a
re p
olic
ies
and
proc
edur
es in
pla
ce t
o he
lp e
nsur
e pr
otec
tion
of e
lect
roni
c an
d pr
int
med
ia c
onta
inin
g C
over
ed In
form
atio
n fr
om u
naut
horiz
ed a
cces
s, d
estr
uctio
n, u
se m
odifi
catio
n or
di
sclo
sure
.
2.b.
Rev
iew
ed t
he C
lass
ifica
tion
and
Acc
ess
Pro
cedu
re s
tand
ard
and
note
d th
at t
he C
over
ed
Info
rmat
ion
clas
sific
atio
n is
labe
led
as C
onfid
entia
l.
2.c.
Rev
iew
ed t
he A
cces
s C
ontr
ol Id
entif
icat
ion
and
Aut
hent
icat
ion
stan
dard
, and
not
ed t
hat
ther
e ar
e fo
rmal
pol
icie
s ar
ound
acc
essi
ng, u
sing
, mod
ifyin
g, a
nd d
iscl
osin
g pr
int
and
elec
tron
ic d
ata.
3. D
eter
min
e w
heth
er a
m
anag
emen
t pr
oced
ure
exis
ts t
o m
onito
r co
mpl
ianc
e w
ith t
he
secu
rity
prov
isio
ns in
the
pol
icy
and
inst
ance
s of
non
com
plia
nce
are
iden
tifie
d an
d re
med
iate
d.
3.a.
Per
inqu
iry w
ith r
elev
ant
stak
ehol
ders
and
insp
ectio
n of
doc
umen
tatio
n re
ceiv
ed it
was
not
ed
that
a m
anag
emen
t pr
oced
ure
exis
ts t
o m
onito
r co
mpl
ianc
e w
ith t
he s
ecur
ity p
rovi
sion
s in
the
po
licy
and
inst
ance
s of
non
com
plia
nce
are
iden
tifie
d an
d re
med
iate
d.
3.b.
Met
with
Sr.
Man
ager
, Cyb
erse
curit
y, a
nd n
oted
tha
t th
ere
are
tech
nica
l con
trol
s an
d pr
oced
ures
in p
lace
to
mon
itor
atte
mpt
ed e
xfilt
ratio
n of
Cov
ered
Info
rmat
ion,
as
wel
l as
proc
edur
es
for
how
to
rem
edia
te id
entif
ied
inst
ance
s of
non
com
plia
nce.
– 62
–
© 2
016
KP
MG
LLP
, a D
elaw
are
limite
d lia
bilit
y pa
rtne
rshi
p an
d th
e U
.S. m
embe
r fir
m o
f th
e K
PM
G n
etw
ork
of in
depe
nden
t m
embe
r fir
ms
affil
iate
d w
ith K
PM
G In
tern
atio
nal C
oope
rativ
e (“
KP
MG
Inte
rnat
iona
l”),
a S
wis
s en
tity.
All
right
s re
serv
ed. N
DP
PS
576
245
The
KP
MG
nam
e an
d lo
go a
re r
egis
tere
d tr
adem
arks
or
trad
emar
ks o
f K
PM
G In
tern
atio
nal.
3.c.
Rev
iew
ed t
he R
isk
Ass
essm
ent
stan
dard
and
not
ed t
hat
it pr
ovid
es g
uide
lines
for
mon
itorin
g co
mpl
ianc
e of
sec
urity
pro
visi
ons
thro
ugh
inqu
iries
with
bus
ines
s un
its, r
isk
asse
ssm
ents
, and
vu
lner
abili
ty s
cann
ing.
4. R
evie
w e
vide
nce
of S
CE
pr
ovid
ing
cust
omer
s w
ith n
otic
e on
the
sec
urity
mec
hani
sms
used
by
the
Com
pany
to
prot
ect
thei
r C
over
ed In
form
atio
n.
4.a.
Per
inqu
iry o
f re
leva
nt s
take
hold
ers
and
insp
ectio
n of
doc
umen
tatio
n pr
ovid
ed it
was
not
ed t
hat
the
follo
win
g pr
oced
ures
are
in p
lace
to
addr
ess
prov
idin
g cu
stom
ers
with
not
ice
on t
he s
ecur
ity
mec
hani
sms
used
to
prot
ect
thei
r C
over
ed In
form
atio
n:
4.b.
Rev
iew
ed t
he S
CE
Web
site
Priv
acy
Not
ice
and
note
d th
at it
add
ress
es t
he s
ecur
ity
mec
hani
sms
used
by
SC
E t
o pr
otec
t C
over
ed In
form
atio
n.
4.c.
Rev
iew
ed t
he n
ew C
usto
mer
Wel
com
e M
aile
r an
d th
e N
ew C
usto
mer
Em
ail a
nd n
oted
tha
t cu
stom
ers
will
rec
eive
bot
h an
em
ail o
r w
elco
me
mai
ler
that
ref
eren
ces
the
Priv
acy
Not
ice
and
secu
rity
mea
sure
s to
pro
tect
the
ir da
ta.
5. R
evie
w e
vide
nce
that
SC
E’s
po
licie
s on
Dat
a S
ecur
ity a
re
com
mun
icat
ed t
o in
tern
al
empl
oyee
s an
d co
ntra
ctor
s w
ho
have
acc
ess
to C
over
ed
Info
rmat
ion.
5.a.
Per
insp
ectio
n of
the
sup
port
ing
docu
men
tatio
n re
late
d to
the
com
mun
icat
ion
of d
ata
secu
rity
polic
ies
to t
hose
who
hav
e ac
cess
to
Cov
ered
Info
rmat
ion
it w
as n
oted
tha
t th
e fo
llow
ing
notic
es
has
been
iden
tifie
d an
d fo
rmal
ly d
ocum
ente
d:
5.b.
Rev
iew
ed t
he P
hysi
cal S
ecur
ity a
nd C
yber
secu
rity
Pol
icy
and
the
Dat
a P
rote
ctio
n S
tand
ard
and
note
d th
at it
is p
ublis
hed
on t
he S
CE
intr
anet
site
, whi
ch is
acc
essi
ble
by a
ll S
CE
em
ploy
ees,
and
th
at it
pro
vide
s em
ploy
ees
with
gui
danc
e on
the
dat
a pr
ivac
y po
licy
for
SC
E.
5.c.
Rev
iew
ed t
he P
orta
l Pag
e S
cree
nsho
ts, w
hich
sho
w li
nks
to t
he P
rivac
y an
d C
yber
secu
rity
tabs
an
d as
soci
ated
pol
icie
s/st
anda
rds.
5.d.
Met
with
Priv
acy
Com
plia
nce
Pro
gram
Lea
der,
and
per
form
ed a
Sha
reP
oint
wal
kthr
ough
tha
t w
alke
d th
roug
h w
here
all
of t
he P
rivac
y an
d C
yber
secu
rity
Pol
icie
s ar
e lo
cate
d.
6. D
eter
min
e w
heth
er a
m
anag
emen
t pr
oced
ure
is in
pl
ace
to m
onito
r w
heth
er t
he
Com
pany
man
ages
its
secu
rity
prog
ram
to
help
ens
ure
the
prot
ectio
n of
Cov
ered
In
form
atio
n.
6.a.
Per
inqu
iry o
f re
leva
nt s
take
hold
ers
and
insp
ectio
n of
doc
umen
tatio
n pr
ovid
ed it
was
not
ed t
hat
the
follo
win
g pr
oced
ures
are
in p
lace
to
addr
ess
secu
rity
inco
rpor
atio
n in
the
SD
LC f
or S
CE
:
6.b.
Rev
iew
ed t
he A
pplic
atio
n S
ecur
ity S
tand
ards
, and
not
ed t
hat
all p
roje
cts/
appl
icat
ion
mus
t co
mpl
y w
ith S
ecur
e D
evel
opm
ent
stan
dard
s, a
nd a
ll of
the
Cyb
erse
curit
y P
olic
ies
and
stan
dard
s.
The
App
licat
ion
secu
rity
stan
dard
s pr
ovid
e gu
idan
ce f
or s
ecur
e co
ding
and
dev
elop
men
t, a
pplic
atio
n pa
rtiti
onin
g, a
pplic
atio
n se
curit
y te
stin
g, a
nd s
ecur
ity f
unct
ion
isol
atio
n.
6.c.
Met
with
Pro
gram
Ana
lyst
, IT
and
Cyb
erse
curit
y R
isk
Man
agem
ent,
and
not
ed t
hat
Pro
gram
m
anag
ers
may
con
tact
Cyb
erse
curit
y R
isk
Man
agem
ent
at t
he b
egin
ning
of
the
proj
ect
for
a ris
k as
sess
men
t. C
yber
secu
rity
Ris
k M
anag
emen
t w
orks
to
see
wha
t ty
pe o
f da
ta is
invo
lved
(Dat
a cr
itica
lity)
bas
ed o
n th
e se
curit
y re
quire
men
ts t
o en
sure
the
pro
ject
adh
eres
to
the
Com
pany
’s
Cyb
erse
curit
y S
tand
ards
. Tes
ting
is p
erfo
rmed
to
ensu
re c
yber
secu
rity
stan
dard
s ar
e m
et. F
or
repo
rted
non
com
plia
nce
item
s, a
ny u
nre
med
iate
d ris
ks m
ust
be a
ppro
ved
and
acce
pted
by
seni
or
man
agem
ent
and
IT.
– 63
–
© 2
016
KP
MG
LLP
, a D
elaw
are
limite
d lia
bilit
y pa
rtne
rshi
p an
d th
e U
.S. m
embe
r fir
m o
f th
e K
PM
G n
etw
ork
of in
depe
nden
t m
embe
r fir
ms
affil
iate
d w
ith K
PM
G In
tern
atio
nal C
oope
rativ
e (“
KP
MG
Inte
rnat
iona
l”),
a S
wis
s en
tity.
All
right
s re
serv
ed. N
DP
PS
576
245
The
KP
MG
nam
e an
d lo
go a
re r
egis
tere
d tr
adem
arks
or
trad
emar
ks o
f K
PM
G In
tern
atio
nal.
7. R
evie
w S
CE
’s r
elev
ant
polic
ies
to d
eter
min
e if
Com
pany
in
corp
orat
es s
ecur
ity in
to t
heir
SD
LC.
7.a.
Per
inqu
iry o
f re
leva
nt s
take
hold
ers
and
insp
ectio
n of
doc
umen
tatio
n pr
ovid
ed it
was
not
ed t
hat
the
follo
win
g pr
oced
ures
are
in p
lace
to
addr
ess
secu
rity
inco
rpor
atio
n in
the
SD
LC f
or S
CE
:
7.b.
Rev
iew
ed t
he A
pplic
atio
n S
ecur
ity S
tand
ards
, and
not
ed t
hat
all p
roje
cts/
appl
icat
ion
mus
t co
mpl
y w
ith S
ecur
e D
evel
opm
ent
stan
dard
s, a
nd a
ll of
the
Cyb
erse
curit
y P
olic
ies
and
stan
dard
s.
The
App
licat
ion
secu
rity
stan
dard
s pr
ovid
e gu
idan
ce f
or s
ecur
e co
ding
and
dev
elop
men
t, a
pplic
atio
n pa
rtiti
onin
g, a
pplic
atio
n se
curit
y te
stin
g, a
nd s
ecur
ity f
unct
ion
isol
atio
n.
7.c.
See
CP
UC
Rul
e 8a
Ass
essm
ent
Test
Res
ult
6.c.
for
det
ails
.
8. D
eter
min
e w
heth
er S
CE
use
s ap
prop
riate
fac
ility
ent
ry c
ontr
ols
to li
mit
and
mon
itor
phys
ical
ac
cess
to
syst
ems
and
loca
tions
w
here
Cov
ered
Info
rmat
ion
is
proc
esse
d an
d st
ored
.
8. P
er o
bser
vatio
n du
ring
site
wal
kthr
ough
s an
d in
quiry
with
rel
evan
t st
akeh
olde
rs it
was
not
ed t
hat
the
follo
win
g st
anda
rd is
in p
lace
to
addr
ess
phys
ical
con
trol
s fo
r C
over
ed In
form
atio
n fo
r S
CE
:
8.b.
Per
form
ed a
wal
kthr
ough
of
a D
ata
Cen
ter,
a C
usto
mer
Con
tact
Cen
ter,
Bill
Sup
port
Cre
dit
Col
lect
ions
Cen
ter,
a C
usto
mer
Ser
vice
Cen
ter,
and
the
Thi
rd P
arty
CIS
R d
esk
and
note
d th
at
phys
ical
acc
ess
cont
rols
diff
er f
rom
a r
estr
icte
d ar
ea v
s. n
onre
stric
ted
area
s, s
peci
fical
ly in
the
fo
llow
ing
way
s:
—A
cces
s is
con
trol
led
by b
adge
acc
ess
read
ers
to r
estr
icte
d ar
eas
—C
over
ed In
form
atio
n is
lock
ed in
to c
abin
ets
whe
n no
t in
use
or
at t
he e
nd o
f sh
ifts
—A
ll lo
catio
ns d
eplo
y a
man
tra
p an
d ha
ve s
ecur
ity g
uard
s at
ent
ry p
oint
s, a
nd u
se v
isito
r lo
g in
she
ets
at t
he lo
bby
to r
egis
ter
the
gues
ts c
omin
g in
to t
he f
acili
ty
8.c.
Obs
erve
d du
ring
the
Dat
a C
ente
r, a
Cus
tom
er C
onta
ct C
ente
r, B
ill S
uppo
rt C
redi
t C
olle
ctio
ns
Cen
ter,
a C
usto
mer
Ser
vice
Cen
ter,
and
a T
hird
Par
ty C
ISR
des
k W
alkt
hrou
ghs
the
follo
win
g ph
ysic
al c
ontr
ols
arou
nd P
erso
nal I
nfor
mat
ion:
—A
cces
s C
ontr
ol r
eade
rs a
t fr
ont
entr
ance
and
res
tric
ted
area
s
—V
isito
r Lo
g
—E
scor
ted
Acc
ess
to R
estr
icte
d A
reas
—V
ideo
Mon
itorin
g
—C
lean
Des
k/C
lear
Scr
een
Pol
icy
—M
aske
d In
form
atio
n on
Com
pute
rs
Wor
ksta
tion
Scr
een
Lock
s ar
e in
pla
ce w
hen
empl
oyee
s st
ep a
way
fro
m t
heir
desk
s.
9. D
eter
min
e w
heth
er S
CE
has
im
plem
ente
d pr
oced
ures
for
pr
otec
ting
Cov
ered
Info
rmat
ion
incl
udin
g co
ntro
ls f
or p
hysi
cally
se
curin
g al
l med
ia.
Rev
iew
ed t
he P
rote
ctin
g P
erso
nal I
nfor
mat
ion
proc
edur
e it
was
not
ed t
hat
ther
e ar
e pr
oced
ures
in
plac
e fo
r pr
otec
ting
Cov
ered
Info
rmat
ion,
incl
udin
g co
ntro
ls f
or p
hysi
cally
sec
urin
g al
l med
ia,
spec
ifica
lly a
t th
eir
desk
s an
d pr
inte
rs w
hen
away
.
– 64
–
© 2
016
KP
MG
LLP
, a D
elaw
are
limite
d lia
bilit
y pa
rtne
rshi
p an
d th
e U
.S. m
embe
r fir
m o
f th
e K
PM
G n
etw
ork
of in
depe
nden
t m
embe
r fir
ms
affil
iate
d w
ith K
PM
G In
tern
atio
nal C
oope
rativ
e (“
KP
MG
Inte
rnat
iona
l”),
a S
wis
s en
tity.
All
right
s re
serv
ed. N
DP
PS
576
245
The
KP
MG
nam
e an
d lo
go a
re r
egis
tere
d tr
adem
arks
or
trad
emar
ks o
f K
PM
G In
tern
atio
nal.
10. I
nspe
ct w
heth
er p
hysi
cal
reco
rds
cont
aini
ng C
over
ed
Info
rmat
ion
are
stor
ed in
lock
ed
cabi
nets
or
room
s re
stric
ting
unau
thor
ized
acc
ess.
10. P
er in
spec
tion
of t
he p
hysi
cal c
ontr
ols
used
to
prot
ect
phys
ical
rec
ords
con
tain
ing
Per
sona
l In
form
atio
n du
ring
the
site
wal
kthr
ough
it w
as n
oted
tha
t th
e fo
llow
ing
phys
ical
con
trol
s ar
e in
pla
ce
like
acce
ss c
ontr
olle
d fe
nce,
gua
rds
and
badg
e ac
cess
rea
ders
.
11. I
nqui
re o
f S
CE
’s p
erso
nnel
to
gain
an
unde
rsta
ndin
g of
the
lo
gica
l con
trol
pro
cedu
res
in p
lace
to
pre
vent
una
utho
rized
acc
ess
to
Cov
ered
Info
rmat
ion.
11.a
. Rev
iew
ed t
he A
cces
s C
ontr
ols
Sta
ndar
d an
d no
ted
that
for
mal
pro
cedu
res
to h
elp
ensu
re
auth
oriz
ed a
cces
s an
d pr
even
t un
auth
oriz
ed a
cces
s ar
e in
pla
ce a
nd d
ocum
ente
d.
11.b
. Rev
iew
ed t
he S
afeg
uard
Con
fiden
tial I
nfor
mat
ion
Whe
n P
rintin
g Jo
b A
id a
nd n
oted
tha
t sa
fegu
ards
are
doc
umen
ted
and
in p
lace
to
prot
ect
the
secu
rity
of P
erso
nal I
nfor
mat
ion
whe
n pr
intin
g.
11.c
. Rev
iew
ed t
he U
ser
Acc
ess
Man
agem
ent
Sta
ndar
d an
d no
ted
that
it r
equi
res
that
for
mal
pr
oced
ures
are
in p
lace
to
help
ens
ure
auth
oriz
ed a
cces
s an
d pr
even
t un
auth
oriz
ed a
cces
s.
11.d
. Inq
uire
d of
SC
E s
yste
m o
wne
rs o
f th
e sy
stem
s ha
ndlin
g C
over
ed In
form
atio
n an
d w
as
info
rmed
tha
t ac
cess
con
trol
s, p
roce
sses
to
gran
t ac
cess
, per
iodi
c re
view
s of
gra
nted
acc
ess
and
term
inat
ion
of a
cces
s pr
oces
s ex
ist
for
all i
nsc
ope
syst
ems.
12. I
nspe
ct e
vide
nce
that
logi
cal
cont
rols
are
in p
lace
to
prev
ent
unau
thor
ized
acc
ess
to C
over
ed
Info
rmat
ion
incl
udin
g us
er a
cces
s pr
ovis
ioni
ng a
nd d
epro
visi
onin
g.
Rev
iew
ed lo
gica
l con
trol
sam
ples
for
2 o
f th
e 14
insc
ope
syst
ems
and
note
d th
e fo
llow
ing:
—S
yste
m A
dmin
istr
ator
s w
ill o
nly
gran
t us
er a
cces
s af
ter
appr
opria
te m
anag
emen
t ap
prov
al.
—U
ser
acco
unt
acce
ss c
ompl
y w
ith s
ecur
ity c
ontr
ols
regu
late
d by
the
Com
pany
in a
dditi
on t
o ha
ving
app
rove
d ac
cess
to
spec
ifica
lly s
ecur
ed m
embe
rshi
p gr
oups
.
—U
ser
acco
unt
acce
ss w
as r
evie
wed
qua
rter
ly.
13. R
evie
w S
CE
’s r
elev
ant
polic
ies
to d
eter
min
e if
phys
ical
co
ntro
ls a
re in
pla
ce p
rote
ctin
g C
over
ed In
form
atio
n.
13.a
. Per
insp
ectio
n of
the
sup
port
ing
docu
men
tatio
n re
late
d to
the
phy
sica
l con
trol
s th
at p
rote
ct
Cov
ered
Info
rmat
ion
it w
as n
oted
tha
t th
e fo
llow
ing
man
agem
ent
proc
edur
e ha
s be
en id
entif
ied
and
form
ally
doc
umen
ted:
13.b
. Rev
iew
ed t
he P
hysi
cal S
ecur
ity a
nd C
yber
secu
rity
Pol
icy
and
note
d th
at t
here
are
con
trol
s in
pl
ace
arou
nd t
he p
hysi
cal p
rote
ctio
n of
Cov
ered
Info
rmat
ion
and
arou
nd v
isito
rs e
nter
ing
area
s w
here
Cov
ered
Info
rmat
ion
is s
tore
d.
13.c
. Val
idat
ed t
hrou
gh o
nsite
wal
kthr
ough
tha
t th
ese
phys
ical
acc
ess
cont
rols
in p
olic
y ar
e in
pla
ce.
14. I
nqui
re o
f S
CE
’s p
erso
nnel
to
gain
an
unde
rsta
ndin
g of
the
co
ntro
ls p
rote
ctin
g ph
ysic
al
acce
ss t
o sy
stem
s st
orin
g C
over
ed In
form
atio
n.
14.a
. Per
inqu
iry o
f th
e re
leva
nt s
take
hold
ers
and
insp
ectio
n of
the
phy
sica
l con
trol
s us
ed t
o pr
otec
t ph
ysic
al r
ecor
ds c
onta
inin
g C
over
ed In
form
atio
n du
ring
the
site
wal
kthr
ough
it w
as n
oted
tha
t th
e fo
llow
ing
phys
ical
con
trol
s ar
e in
pla
ce.
14.b
. Ins
pect
ed S
yste
m P
rofil
e Q
uest
ionn
aire
s fo
r sy
stem
s st
orin
g C
over
ed In
form
atio
n an
d no
ted
that
phy
sica
l con
trol
s ar
e in
pla
ce r
estr
ictin
g ac
cess
to
thes
e sy
stem
s.
14.c
. See
CP
UC
Rul
e 8a
10
Ass
essm
ent
Test
Res
ults
for
det
ails
– 65
–
© 2
016
KP
MG
LLP
, a D
elaw
are
limite
d lia
bilit
y pa
rtne
rshi
p an
d th
e U
.S. m
embe
r fir
m o
f th
e K
PM
G n
etw
ork
of in
depe
nden
t m
embe
r fir
ms
affil
iate
d w
ith K
PM
G In
tern
atio
nal C
oope
rativ
e (“
KP
MG
Inte
rnat
iona
l”),
a S
wis
s en
tity.
All
right
s re
serv
ed. N
DP
PS
576
245
The
KP
MG
nam
e an
d lo
go a
re r
egis
tere
d tr
adem
arks
or
trad
emar
ks o
f K
PM
G In
tern
atio
nal.
15. I
nspe
ct e
vide
nce
that
phy
sica
l ac
cess
to
site
s an
d sy
stem
s st
orin
g C
over
ed In
form
atio
n is
m
onito
red
and
rest
ricte
d.
15. P
er in
quiry
dur
ing
the
Dat
a C
ente
r si
te w
alkt
hrou
gh o
f th
e D
ata
Cen
ter
obse
rved
sev
eral
phy
sica
l se
curit
y ac
cess
con
trol
s lim
iting
acc
ess
to t
he f
acili
ty a
nd C
over
ed In
form
atio
n sy
stem
s.
16. R
evie
w S
CE
’s r
elev
ant
polic
ies
to d
eter
min
e if
envi
ronm
enta
l con
trol
s ar
e in
pl
ace.
16. S
ee C
PU
C R
ule
8 a
(1) A
sses
smen
t Te
st R
esul
ts.
17. I
nqui
re o
f S
CE
’s p
erso
nnel
to
gain
an
unde
rsta
ndin
g of
the
en
viro
nmen
tal c
ontr
ols
to p
rote
ct
syst
ems
stor
ing
Cov
ered
In
form
atio
n fr
om n
atur
al d
isas
ters
an
d en
viro
nmen
tal d
isas
ters
(suc
h as
fire
or
flood
ing)
.
17. P
er in
quiry
dur
ing
the
Dat
a C
ente
r si
te w
alkt
hrou
ghs
obse
rved
sev
eral
env
ironm
enta
l con
trol
s to
pr
otec
t sy
stem
s st
orin
g C
over
ed In
form
atio
n fr
om n
atur
al d
isas
ters
and
env
ironm
enta
l dis
aste
rs
such
as
fire
or f
lood
ing
18. I
nspe
ct w
heth
er S
CE
has
the
ab
ility
to
send
larg
e fil
es t
o 3r
d pa
rtie
s us
ing
Sec
ure
FTP
. File
s sh
ould
be
chec
ked
for
conf
iden
tial
data
prio
r to
be
tran
sfer
red.
18.a
. Rev
iew
ed t
he S
yste
m P
rofil
e Q
uest
ionn
aire
s an
d m
ost
appl
icat
ions
do
not
send
Cov
ered
In
form
atio
n to
thi
rd p
artie
s.
18.b
. Obs
erve
d em
ails
sen
t fr
om t
he T
hird
Par
ty C
ISR
des
k an
d no
ted
that
em
ails
con
tain
ing
Cov
ered
Info
rmat
ion
are
sent
via
enc
rypt
ed m
ail.
18.c
. Rev
iew
ed t
he P
rote
ctin
g P
erso
nal I
nfor
mat
ion
proc
edur
e an
d no
ted
that
the
re a
re g
uide
lines
fo
r se
ndin
g co
nfid
entia
l inf
orm
atio
n to
sup
plie
rs o
r th
ird p
artie
s. "E
mai
ls c
onta
inin
g P
erso
nal
Info
rmat
ion,
per
mitt
ed t
o be
sen
t ou
tsid
e th
e C
ompa
ny’s
em
ail s
yste
m, s
hall
be c
lass
ified
as
“con
fiden
tial”
and
pro
tect
ed u
sing
Com
pany
app
rove
d en
cryp
tion
tech
nolo
gy o
r an
othe
r se
cure
d m
etho
d."
19. I
nspe
ct w
heth
er S
CE
has
de
ploy
ed a
n au
tom
ated
too
l on
netw
ork
perim
eter
s th
at m
onito
rs
for
Cus
tom
er P
II, k
eyw
ords
, and
ot
her
docu
men
t ch
arac
teris
tics
to
disc
over
una
utho
rized
att
empt
s to
ex
filtr
ate
data
acr
oss
netw
ork
boun
darie
s an
d bl
ock
such
tr
ansf
ers
whi
le a
lert
ing
info
rmat
ion
secu
rity
pers
onne
l
19. a
. Per
inqu
iry o
f re
leva
nt s
take
hold
ers
it w
as n
oted
tha
t th
e fo
llow
ing
stan
dard
s ar
e in
pla
ce t
o ad
dres
s au
tom
ated
too
ls u
sed
to d
etec
t un
auth
oriz
ed d
ata
exfil
trat
ion
acro
ss n
etw
ork
boun
darie
s fo
r S
CE
: —D
ata
Loss
Pre
vent
ion
(DLP
) too
l is
depl
oyed
on
the
SC
E n
etw
ork
and
endp
oint
s, a
nd is
co
nfig
ured
to
mon
itor
all d
ata
cros
sing
the
net
wor
k bo
unda
ry.
—Th
e to
ol is
con
figur
ed t
o m
onito
r th
e co
nten
ts o
f al
l em
ails
and
file
s se
nt a
cros
s th
e ne
twor
k, in
clud
ing
all e
mai
l att
achm
ents
usi
ng c
usto
m m
ade
polic
ies
whi
ch s
earc
h fo
r sp
ecifi
c ty
pes
of s
ensi
tive
data
—Th
e to
ol is
con
figur
ed t
o de
tect
and
log
data
exf
iltra
tion
atte
mpt
s. T
he D
LP t
ool c
an
how
ever
not
blo
ck d
ata
exfil
trat
ion
but
does
sen
d no
tific
atio
ns.
– 66
–
© 2
016
KP
MG
LLP
, a D
elaw
are
limite
d lia
bilit
y pa
rtne
rshi
p an
d th
e U
.S. m
embe
r fir
m o
f th
e K
PM
G n
etw
ork
of in
depe
nden
t m
embe
r fir
ms
affil
iate
d w
ith K
PM
G In
tern
atio
nal C
oope
rativ
e (“
KP
MG
Inte
rnat
iona
l”),
a S
wis
s en
tity.
All
right
s re
serv
ed. N
DP
PS
576
245
The
KP
MG
nam
e an
d lo
go a
re r
egis
tere
d tr
adem
arks
or
trad
emar
ks o
f K
PM
G In
tern
atio
nal.
—A
ll da
ta e
xfilt
ratio
n at
tem
pts
are
logg
ed in
the
DLP
too
l log
ging
dat
abas
e.
20. I
nspe
ct w
heth
er S
CE
has
de
ploy
ed a
n au
tom
ated
too
l on
wor
ksta
tions
tha
t m
onito
rs f
or
Cus
tom
er P
II, k
eyw
ords
, and
ot
her
docu
men
t ch
arac
teris
tics
to
disc
over
una
utho
rized
att
empt
s to
ex
filtr
ate
data
to
rem
ovab
le m
edia
an
d bl
ock
such
tra
nsfe
rs w
hile
al
ertin
g in
form
atio
n se
curit
y pe
rson
nel
20. P
er in
quiry
of
rele
vant
sta
keho
lder
s it
was
not
ed t
hat
the
follo
win
g st
anda
rds
are
in p
lace
to
addr
ess
auto
mat
ed t
ools
on
wor
ksta
tions
whi
ch m
onito
rs f
or C
usto
mer
PII,
key
wor
ds, a
nd o
ther
do
cum
ent
char
acte
ristic
s to
dis
cove
r un
auth
oriz
ed a
ttem
pts
to e
xfilt
rate
dat
a to
rem
ovab
le m
edia
:
—Th
e D
LP t
ool i
s de
ploy
ed o
n al
l SC
E w
orks
tatio
ns, a
nd is
con
figur
ed t
o m
onito
r al
l dat
a be
ing
save
d on
rem
ovab
le m
edia
dev
ices
.
—P
oten
tial d
ata
exfil
trat
ion
even
ts a
re lo
gged
in t
he D
LP t
ool l
og a
nd r
evie
wed
by
the
Info
rmat
ion
Sec
urity
tea
m d
aily
. Inc
iden
ts a
re f
ollo
wed
up
on b
y th
e In
form
atio
n S
ecur
ity
mon
itorin
g te
am a
nd t
rack
ed in
the
tic
ketin
g sy
stem
if it
is a
tru
e po
sitiv
e in
cide
nt u
ntil
reso
lved
.
21. D
eter
min
e w
heth
er t
he
Com
pany
und
erst
ands
the
cur
rent
th
reat
land
scap
e an
d po
tent
ial
thre
ats
to t
he o
rgan
izat
ion
by
leve
ragi
ng m
ultip
le t
hrea
t fe
eds.
21. P
er in
quiry
of
rele
vant
sta
keho
lder
s it
was
not
ed t
hat
the
follo
win
g po
licie
s ar
e in
pla
ce t
o ad
dres
s th
e th
reat
land
scap
e fo
r S
CE
:
—P
er in
quiry
of
Sr.
Man
ager
, Cyb
erse
curit
y, it
was
not
ed t
hat
thre
at m
anag
emen
t is
a
cont
inuo
us p
roce
ss t
hat
is p
erfo
rmed
usi
ng a
com
bina
tion
of t
ools
and
pro
cedu
res.
Leg
acy
vend
or r
elat
ions
hips
rel
y on
a t
hrea
t la
ndsc
ape
that
is d
ated
. The
Cyb
erse
curit
y te
am w
orks
w
ith s
olut
ion
arch
itect
s an
d pu
ts t
hem
thr
ough
the
exc
eptio
n pr
oces
s. T
hey
have
to
acce
pt
risk
on b
ehal
f of
bus
ines
s. T
hey
use
the
met
hodo
logy
of
risk
asse
ssm
ents
(Low
, Med
ium
, an
d H
igh)
to
dete
rmin
e ap
prop
riate
leve
l of
man
agem
ent.
—C
ontin
uous
vul
nera
bilit
y sc
ans
are
perf
orm
ed o
n al
l ass
ets.
Hig
h le
vel v
ulne
rabi
lity
scan
re
sults
are
rep
orte
d to
the
CIO
.
22 In
spec
t w
heth
er t
he C
ompa
ny
scan
s so
urce
cod
e fo
r bu
gs a
nd
vuln
erab
ilitie
s be
fore
mov
ing
it in
to p
rodu
ctio
n
22. P
er in
quiry
of
rele
vant
sta
keho
lder
s an
d in
spec
tion
of d
ocum
ents
pro
vide
d it
was
not
ed t
hat
the
follo
win
g po
licie
s ar
e in
pla
ce t
o ad
dres
s th
e sy
stem
s de
velo
pmen
t lif
e cy
cle
for
SC
E.
—R
evie
wed
the
App
licat
ion
Sec
urity
Sta
ndar
d an
d de
term
ined
tha
t vu
lner
abili
ty s
cans
mus
t be
per
form
ed o
n al
l Com
pany
Com
putin
g S
yste
ms
prio
r to
dep
loym
ent
for
prod
uctio
n op
erat
ions
. “V
ery
Hig
h”, “
Hig
h”, o
r “M
oder
ate”
impa
ct v
ulne
rabi
litie
s di
scov
ered
dur
ing
the
afor
emen
tione
d sc
an m
ust
be m
itiga
ted
prio
r to
dep
loym
ent
of t
he s
yste
m f
or
prod
uctio
n op
erat
ions
. Low
or
Info
rmat
iona
l im
pact
vul
nera
bilit
ies
disc
over
ed m
ust
have
m
itiga
tion
plan
s de
velo
ped
prio
r to
pro
duct
ion
depl
oym
ent.
—M
et w
ith M
anag
er, C
yber
secu
rity,
and
was
not
ed t
hat
test
ing
is p
erfo
rmed
to
ensu
re t
hey
are
in c
ompl
ianc
e w
ith c
yber
secu
rity
stan
dard
s an
d a
form
al r
isk
acce
ptan
ce is
gra
nted
be
fore
any
sys
tem
is m
oved
into
pro
duct
ion.
23. I
nspe
ct w
heth
er S
CE
’s
deve
lopm
ent/
test
env
ironm
ents
ar
e se
para
te f
rom
the
pro
duct
ion
23. P
er r
evie
w o
f do
cum
ente
d po
licy
it w
as n
oted
tha
t th
e fo
llow
ing
polic
ies
are
in p
lace
to
addr
ess
the
syst
ems
deve
lopm
ent
life
cycl
e.
– 67
–
© 2
016
KP
MG
LLP
, a D
elaw
are
limite
d lia
bilit
y pa
rtne
rshi
p an
d th
e U
.S. m
embe
r fir
m o
f th
e K
PM
G n
etw
ork
of in
depe
nden
t m
embe
r fir
ms
affil
iate
d w
ith K
PM
G In
tern
atio
nal C
oope
rativ
e (“
KP
MG
Inte
rnat
iona
l”),
a S
wis
s en
tity.
All
right
s re
serv
ed. N
DP
PS
576
245
The
KP
MG
nam
e an
d lo
go a
re r
egis
tere
d tr
adem
arks
or
trad
emar
ks o
f K
PM
G In
tern
atio
nal.
envi
ronm
ent,
with
acc
ess
cont
rol
in p
lace
to
enfo
rce
the
sepa
ratio
n.
—R
evie
wed
the
App
licat
ion
Sec
urity
Sta
ndar
d an
d no
ted
that
pro
duct
ion
envi
ronm
ents
mus
t be
isol
ated
fro
m o
ther
env
ironm
ents
(e.g
. dev
elop
men
t, s
tagi
ng o
r te
stin
g en
viro
nmen
ts)
for
all a
pplic
atio
ns. A
lso,
not
ed t
hat
acce
ss t
o ap
plic
atio
n so
urce
cod
e is
res
tric
ted
to o
nly
indi
vidu
als
that
are
aut
horiz
ed.
24. D
eter
min
e w
heth
er S
CE
doe
s no
t us
e P
rodu
ctio
n C
over
ed
Info
rmat
ion
for
test
ing
or
deve
lopm
ent.
Tes
t da
ta a
nd
acco
unts
are
rem
oved
bef
ore
a pr
oduc
tion
syst
em b
ecom
es
activ
e.
24. R
evie
wed
the
App
licat
ion
Sec
urity
Sta
ndar
d an
d no
ted
that
pro
duct
ion
data
can
not
be c
opie
d in
to t
est
or s
tage
env
ironm
ents
with
out
adeq
uate
pro
tect
ion
of c
onfid
entia
l inf
orm
atio
n as
def
ined
by
the
Com
pany
’s R
ecor
ds M
anag
emen
t P
olic
y.
25. I
nspe
ct w
heth
er S
CE
util
izes
a
Dat
a M
aski
ng t
ool t
o lim
it ac
cess
to
and
pro
tect
Cov
ered
In
form
atio
n an
d ot
her
PII.
25. O
bser
ved
at t
he C
usto
mer
Con
tact
Cen
ter
and
at t
he C
usto
mer
Ser
vice
cen
ter
that
Soc
ial
Sec
urity
num
bers
and
Ban
k N
umbe
rs a
re m
aske
d on
the
scr
eens
.
26. I
nspe
ct w
heth
er S
CE
’s w
eb
appl
icat
ions
sho
uld
use
encr
yptio
n w
hen
tran
smitt
ing
sens
itive
dat
a ac
ross
the
net
wor
k.
26.a
. Rev
iew
ed t
he D
ata
Pro
tect
ion
Sta
ndar
d, w
hich
out
lines
the
enc
rypt
ion
for
diff
eren
t cl
assi
ficat
ions
of
data
at
rest
and
in t
rans
it.
26.b
. Rev
iew
ed t
he P
erso
nal C
ompu
ting
Dev
ice
Sta
ndar
d, w
hich
req
uire
s al
l per
sona
l com
putin
g de
vice
s to
ena
ble
encr
yptio
n of
SC
E d
ata
in t
rans
it an
d at
res
t.
26.c
. Rev
iew
ed t
he S
yste
m a
nd C
omm
unic
atio
ns P
rote
ctio
n S
tand
ard,
whi
ch o
utlin
es S
ecur
e S
ocke
t La
yer
(SS
L) V
irtua
l Priv
ate
Net
wor
k (V
PN
) con
nect
ions
to
SC
E n
etw
orks
and
the
re
quire
men
ts.
26.d
. Obs
erve
d em
ails
sen
t fr
om t
he T
hird
Par
ty C
ISR
des
k an
d no
ted
that
em
ails
con
tain
ing
Cov
ered
Info
rmat
ion
are
sent
via
enc
rypt
ed m
ail
27. D
eter
min
e w
heth
er S
CE
has
im
plem
ente
d an
Intr
usio
n D
etec
tion
syst
em w
ithin
the
en
viro
nmen
t to
det
ect
and
gene
rate
log
mes
sage
s de
taili
ng
even
ts.
27. M
et w
ith M
anag
er, C
yber
secu
rity,
and
con
firm
ed t
hat
SC
E h
as a
IDS
/IPS
whi
ch f
eeds
into
the
S
IEM
too
l for
logg
ing
and
mon
itorin
g.
280.
Det
erm
ine
whe
ther
SC
E h
as
impl
emen
ted
an In
trus
ion
Pre
vent
ion
syst
em w
ithin
the
28. M
et w
ith M
anag
er, C
yber
secu
rity,
and
con
firm
ed t
hat
SC
E h
as a
IDS
/IPS
whi
ch f
eeds
into
the
S
IEM
too
l for
logg
ing
and
mon
itorin
g.
– 68
–
© 2
016
KP
MG
LLP
, a D
elaw
are
limite
d lia
bilit
y pa
rtne
rshi
p an
d th
e U
.S. m
embe
r fir
m o
f th
e K
PM
G n
etw
ork
of in
depe
nden
t m
embe
r fir
ms
affil
iate
d w
ith K
PM
G In
tern
atio
nal C
oope
rativ
e (“
KP
MG
Inte
rnat
iona
l”),
a S
wis
s en
tity.
All
right
s re
serv
ed. N
DP
PS
576
245
The
KP
MG
nam
e an
d lo
go a
re r
egis
tere
d tr
adem
arks
or
trad
emar
ks o
f K
PM
G In
tern
atio
nal.
envi
ronm
ent
to d
etec
t ev
ents
and
re
ject
pac
kets
.
29. I
nspe
ct w
heth
er S
CE
onl
y al
low
s lim
ited
acce
ss t
o ne
twor
k re
sour
ce t
o ve
ndor
s an
d 3r
d pa
rtie
s.
29. R
evie
wed
the
Thi
rd P
arty
Pro
vide
r S
tand
ard
and
note
d th
at a
cces
s to
SC
E s
yste
ms
and
netw
orks
by
third
par
ties
or c
ontr
acto
rs m
ust
go t
hrou
gh f
ull m
anag
emen
t re
view
. Als
o no
ted
the
follo
win
g:
—A
cces
s to
the
Com
pany
Com
putin
g S
yste
ms
mus
t us
e S
CE
’s s
ecur
e vi
rtua
l clie
nt.
—P
erso
nnel
with
acc
ess
to S
CE
’s C
ompa
ny C
ompu
ting
Sys
tem
s m
ust
not
shar
e ac
coun
ts o
r pa
ssw
ords
use
d to
acc
ess
the
SC
E’s
Com
pany
Com
putin
g S
yste
ms.
—S
CE
use
r ac
coun
ts p
rovi
ded
to S
ervi
ce P
rovi
der
pers
onne
l mus
t in
divi
dual
ly id
entif
y th
e pe
rson
with
acc
ess
to e
nsur
e no
nrep
udia
tion
of a
ll us
er a
ccou
nt a
ctiv
ity.
—U
pon
pers
onne
l ter
min
atio
n, lo
gica
l acc
ess
to S
CE
Com
pany
Com
putin
g S
yste
ms
mus
t be
re
voke
d w
ithin
24
hour
s of
the
ter
min
atio
n ac
tion.
—N
onS
CE
dev
ices
con
nect
ed t
o S
CE
Com
pany
Com
putin
g S
yste
ms
shal
l con
nect
fro
m a
n is
olat
ed n
etw
ork
encl
ave
that
onl
y pe
rmits
con
nect
ions
via
the
sec
ure
virt
ual d
eskt
op.
—C
onne
ctio
ns o
rigin
atin
g fr
om o
utsi
de S
CE
con
trol
led
netw
orks
req
uire
tw
ofa
ctor
au
then
ticat
ion.
30. D
eter
min
e w
heth
er S
CE
has
a
form
al p
roce
ss f
or a
ppro
ving
and
te
stin
g al
l net
wor
k co
nnec
tions
an
d ch
ange
s to
the
fire
wal
l and
ro
uter
con
figur
atio
ns
30. S
CE
has
a f
orm
al c
hang
e m
anag
emen
t pr
oces
s th
roug
h w
hich
net
wor
k an
d fir
ewal
l cha
nges
are
m
onito
red
and
appr
oved
.
31. I
nspe
ct w
heth
er S
CE
has
im
plem
ente
d a
DM
Z to
lim
it in
boun
d tr
affic
to
only
sys
tem
co
mpo
nent
s th
at p
rovi
de
auth
oriz
ed p
ublic
ly a
cces
sibl
e se
rvic
es, p
roto
cols
, and
por
ts.
31. P
er r
evie
w o
f th
e C
ontr
ol S
yste
m N
etw
ork
and
Sys
tem
and
Com
mun
icat
ions
Pro
tect
ion
stan
dard
s, it
was
not
ed t
hat
a D
MZ
is in
pla
ce t
o lim
it in
boun
d tr
affic
to
only
sys
tem
com
pone
nts
that
pro
vide
aut
horiz
ed p
ublic
ally
acc
essi
ble
serv
ices
, pro
toco
ls, a
nd p
orts
.
– 69
–
© 2
016
KP
MG
LLP
, a D
elaw
are
limite
d lia
bilit
y pa
rtne
rshi
p an
d th
e U
.S. m
embe
r fir
m o
f th
e K
PM
G n
etw
ork
of in
depe
nden
t m
embe
r fir
ms
affil
iate
d w
ith K
PM
G In
tern
atio
nal C
oope
rativ
e (“
KP
MG
Inte
rnat
iona
l”),
a S
wis
s en
tity.
All
right
s re
serv
ed. N
DP
PS
576
245
The
KP
MG
nam
e an
d lo
go a
re r
egis
tere
d tr
adem
arks
or
trad
emar
ks o
f K
PM
G In
tern
atio
nal.
CP
UC
R
ule
8
Ru
le d
escr
ipti
on
N
oti
fica
tio
n o
f B
reac
h:
A c
over
ed T
hird
Par
ty s
hall
notif
y th
e co
vere
d el
ectr
ical
/gas
cor
pora
tion
that
is t
he s
ourc
e of
the
cov
ered
dat
a w
ithin
one
w
eek
of t
he d
etec
tion
of a
bre
ach.
Upo
n a
brea
ch a
ffec
ting
1,00
0 or
mor
e cu
stom
ers,
whe
ther
by
a co
vere
d el
ectr
ical
/gas
co
rpor
atio
n or
by
a co
vere
d Th
ird P
arty
, the
cov
ered
ele
ctric
al/g
as c
orpo
ratio
n sh
all n
otify
the
Com
mis
sion
’s E
xecu
tive
Dire
ctor
of
secu
rity
brea
ches
of
cove
red
info
rmat
ion
with
in t
wo
wee
ks o
f th
e de
tect
ion
of a
bre
ach
or w
ithin
one
wee
k of
no
tific
atio
n by
a c
over
ed T
hird
Par
ty o
f su
ch a
bre
ach.
Upo
n re
ques
t by
the
Com
mis
sion
, ele
ctric
al/g
as c
orpo
ratio
ns s
hall
notif
y th
e C
omm
issi
on’s
Exe
cutiv
e D
irect
or o
f se
curit
y br
each
es o
f co
vere
d in
form
atio
n.
b
Ass
essm
ent
pro
ced
ure
s A
sses
smen
t re
sult
s E
xcep
tio
ns
1. D
eter
min
e w
heth
er S
CE
has
do
cum
ente
d in
cide
nt r
espo
nse
and
brea
ch m
anag
emen
t pr
oced
ures
in p
lace
incl
udin
g ro
les
and
resp
onsi
bilit
ies,
tes
ting
and
trai
ning
, inc
iden
t cl
assi
ficat
ion
and
logg
ing,
re
med
iatio
n, a
nd p
rogr
am
upda
tes.
1.a.
Rev
iew
ed t
he P
rivac
y B
reac
h N
otifi
catio
n pr
oced
ure
and
note
d th
at it
cov
ers
the
pote
ntia
l no
tific
atio
n in
the
eve
nt o
f a
brea
ch in
clud
ing
the
affe
cted
par
ties,
lang
uage
, and
met
hods
of
notif
icat
ion.
1.b.
Rev
iew
ed t
he P
rivac
y In
cide
nt R
espo
nse
Che
cklis
t an
d no
ted
that
it in
clud
es a
def
initi
on o
f P
II da
ta e
lem
ents
and
the
rel
evan
t st
eps
of a
n in
cide
nt r
espo
nse
and
the
resp
onsi
ble
part
y:
—In
cide
nt d
escr
iptio
n
—In
cide
nt e
valu
atio
n
—In
tern
al s
take
hold
er n
otifi
catio
n
—E
xter
nal s
take
hold
er n
otifi
catio
n
—B
reac
h no
tific
atio
n as
sess
men
t
—M
itiga
tion/
Follo
wup
1.c.
Rev
iew
ed t
he P
rivac
y In
cide
nt R
espo
nse
proc
ess
flow
and
not
ed t
hat
it pr
ovid
es s
teps
fro
m t
he
initi
al id
entif
icat
ion
of a
pot
entia
l inc
iden
t th
roug
h th
e in
take
and
tra
ckin
g, a
sses
smen
t, e
xter
nal
notif
icat
ion,
rem
edia
tion,
and
clo
sure
pro
cess
and
iden
tifie
s th
e re
leva
nt d
epar
tmen
ts t
hrou
ghou
t th
e C
ompa
ny r
espo
nsib
le f
or e
ach
activ
ity.
1.d.
Rev
iew
ed t
he Id
entit
y Th
eft
Pre
vent
ion
proc
edur
e an
d no
ted
that
it a
ddre
sses
pot
entia
l red
fla
gs t
hat
may
indi
cate
a s
uspe
cted
dat
a in
cide
nt a
nd t
he a
ppro
pria
te s
teps
to
resp
ond.
1.e.
Obs
erve
d th
roug
h an
ove
rth
esh
ould
er o
f th
e S
CE
Sha
reP
oint
and
not
ed t
hat
it in
clud
es
info
rmat
ion
rela
ted
to t
he H
elpL
ine.
Em
ploy
ees
are
inst
ruct
ed t
o ca
ll th
e H
elpL
ine
if th
ey s
uspe
ct a
da
ta in
cide
nt.
1.f.
Rev
iew
ed e
vide
nce
of a
cyb
er t
able
top
exer
cise
per
form
ed in
Oct
ober
201
5 th
at in
volv
ed t
he
unau
thor
ized
acc
ess
of C
over
ed In
form
atio
n th
roug
h a
com
prom
ise
of e
mpl
oyee
cre
dent
ials
se
para
te p
hish
ing
and
key
logg
ing
activ
ities
. Doc
umen
ts r
evie
wed
incl
ude
the
scop
e of
the
bre
ach
and
actio
ns t
aken
by
the
Com
pany
to
addr
ess
the
inci
dent
.
1.g.
Rev
iew
ed s
cree
nsho
ts o
f th
e C
yber
secu
rity
depa
rtm
ent’
s in
cide
nt t
icke
t sy
stem
use
d to
tra
ck
deta
ils s
uppo
rtin
g th
e in
vest
igat
ion
of a
dat
a in
cide
nt.
– 70
–
© 2
016
KP
MG
LLP
, a D
elaw
are
limite
d lia
bilit
y pa
rtne
rshi
p an
d th
e U
.S. m
embe
r fir
m o
f th
e K
PM
G n
etw
ork
of in
depe
nden
t m
embe
r fir
ms
affil
iate
d w
ith K
PM
G In
tern
atio
nal C
oope
rativ
e (“
KP
MG
Inte
rnat
iona
l”),
a S
wis
s en
tity.
All
right
s re
serv
ed. N
DP
PS
576
245
The
KP
MG
nam
e an
d lo
go a
re r
egis
tere
d tr
adem
arks
or
trad
emar
ks o
f K
PM
G In
tern
atio
nal.
1.h.
Met
with
Priv
acy
Com
plia
nce
Pro
gram
Lea
der,
and
was
info
rmed
tha
t S
CE
wor
ked
with
an
exte
rnal
ser
vice
pro
vide
r to
dev
elop
inci
dent
res
pons
e ch
eckl
ists
dur
ing
the
cove
red
perio
d th
at
iden
tify
role
s an
d re
spon
sibi
litie
s in
res
pond
ing
to a
sus
pect
ed d
ata
inci
dent
.
1.i.
Met
with
Sr.
Att
orne
y, L
aw D
epar
tmen
t, a
nd w
as in
form
ed t
hat
the
Law
Dep
artm
ent
will
hel
p in
th
e in
cide
nt r
espo
nse
proc
ess
to d
eter
min
e w
heth
er b
reac
h no
tific
atio
n is
req
uire
d an
d w
heth
er t
he
resp
onse
sho
uld
be h
andl
ed u
nder
AC
priv
ilege
.
1.j.
Met
with
Pro
gram
Man
ager
, Cyb
erse
curit
y In
cide
nt R
espo
nse,
and
was
info
rmed
tha
t th
e C
ompa
ny u
ses
a va
riety
of
tool
s to
det
ect
thre
ats
and
pote
ntia
l inc
iden
ts w
ithin
the
env
ironm
ent
incl
udin
g D
LP a
nd a
SIE
M. I
n th
e ev
ent
of a
sus
pect
ed b
reac
h, t
he C
yber
secu
rity
Inci
dent
Res
pons
e Te
am w
ill p
rovi
de E
thic
s an
d C
ompl
ianc
e an
d th
e La
w D
epar
tmen
t w
ith in
form
atio
n to
hel
p de
term
ine
sour
ces
of e
xfilt
ratio
n an
d vo
lum
e of
rec
ords
or
tota
l am
ount
of
data
.
2. D
eter
min
e w
heth
er t
he
Com
pany
’s m
anag
emen
t ha
s ad
equa
tely
rev
iew
ed t
he in
cide
nt
revi
ew p
roce
ss in
pla
ce.
2.a.
Rev
iew
ed t
he P
rivac
y In
cide
nt R
espo
nse
proc
edur
e (2
016)
and
not
ed t
hat
the
Com
pany
in
trod
uced
a n
ew p
olic
y in
Jan
uary
201
6 th
at s
uper
sede
s th
e ex
istin
g po
licy
that
was
in e
ffec
t th
roug
hout
the
cov
ered
per
iod.
The
pub
lishi
ng o
ffic
e w
as E
thic
s an
d C
ompl
ianc
e.
2.b.
Rev
iew
ed C
PU
C S
mar
t G
rid D
ata
Priv
acy
Dec
isio
n R
equi
rem
ents
Tra
ckin
g sh
eet
and
note
d th
at
the
Lead
er, P
rivac
y C
ompl
ianc
e P
rogr
am is
res
pons
ible
for
impl
emen
ting
cont
rols
ass
ocia
ted
with
da
ta in
cide
nts
invo
lvin
g cu
stom
er C
over
ed In
form
atio
n an
d ta
king
app
ropr
iate
ste
ps in
the
eve
nt o
f a
data
bre
ach.
The
con
trol
wen
t in
to e
ffec
t st
artin
g 7/
29/2
011.
3. D
eter
min
e w
heth
er t
he
Com
pany
can
per
form
for
ensi
c an
alys
is in
the
inst
ance
of
a C
usto
mer
PII
brea
ch.
3. S
CE
has
a r
etai
ner
with
an
outs
ide
com
pany
to
prov
ide
fore
nsic
ana
lysi
s se
rvic
es a
s ne
eded
.
4. In
spec
t sa
mpl
e ev
iden
ce o
f br
each
inci
dent
s fo
r th
e la
st 1
2 m
onth
s.
4.a.
Rev
iew
ed li
st o
f 20
15 P
rivac
y In
cide
nts
and
note
d th
e in
cide
nt d
escr
iptio
n, in
volv
ed p
artie
s, a
nd
ultim
ate
reso
lutio
n.
4.b.
Rev
iew
ed t
he 2
015
Priv
acy
Com
plia
nce
Pos
ture
rep
ort
and
note
d th
at t
he C
ompa
ny t
rack
s in
cide
nts
and
thos
e re
quiri
ng b
reac
h no
tific
atio
n.
4.c.
Rev
iew
ed c
orre
spon
denc
e pr
ovid
ed t
o cu
stom
ers
in S
epte
mbe
r 20
15 in
form
ing
them
of
an
inci
dent
invo
lvin
g po
tent
ial u
naut
horiz
ed d
ata
disc
losu
re a
nd t
he s
teps
tak
en t
o pr
otec
t th
eir
acco
unt
info
rmat
ion.
The
inte
rnal
inve
stig
atio
n de
term
ined
tha
t di
sclo
sed
info
rmat
ion
did
not
rise
to t
he le
vel
of a
bre
ach
requ
iring
not
ifica
tion
unde
r C
alifo
rnia
law
but
did
rep
rese
nt a
bre
ach
unde
r th
e C
PU
C
Priv
acy
Dec
isio
n. T
he in
cide
nt w
as in
clud
ed in
the
Com
pany
’s 2
015
Ann
ual P
rivac
y R
epor
t.
– 71
–
© 2
016
KP
MG
LLP
, a D
elaw
are
limite
d lia
bilit
y pa
rtne
rshi
p an
d th
e U
.S. m
embe
r fir
m o
f th
e K
PM
G n
etw
ork
of in
depe
nden
t m
embe
r fir
ms
affil
iate
d w
ith K
PM
G In
tern
atio
nal C
oope
rativ
e (“
KP
MG
Inte
rnat
iona
l”),
a S
wis
s en
tity.
All
right
s re
serv
ed. N
DP
PS
576
245
The
KP
MG
nam
e an
d lo
go a
re r
egis
tere
d tr
adem
arks
or
trad
emar
ks o
f K
PM
G In
tern
atio
nal.
CP
UC
R
ule
8
Ru
le d
escr
ipti
on
A
nn
ual
Rep
ort
of
Bre
ach
es:
In a
dditi
on, e
lect
rical
cor
pora
tions
sha
ll fil
e an
ann
ual r
epor
t w
ith t
he C
omm
issi
on’s
Exe
cutiv
e D
irect
or, c
omm
enci
ng w
ith
the
cale
ndar
yea
r 20
12, t
hat
is d
ue w
ithin
120
day
s of
the
end
of
the
cale
ndar
yea
r an
d no
tifie
s th
e C
omm
issi
on o
f al
l se
curit
y br
each
es w
ithin
the
cal
enda
r ye
ar a
ffec
ting
cove
red
info
rmat
ion,
whe
ther
by
the
cove
red
elec
tric
al c
orpo
ratio
n or
by
a Th
ird P
arty
.
c Ass
essm
ent
pro
ced
ure
s A
sses
smen
t re
sult
s E
xcep
tio
ns
1. D
eter
min
e w
heth
er S
CE
tra
cks
the
repo
rtin
g re
quire
men
t an
d as
sign
s co
mpl
ianc
e to
the
ap
prop
riate
dep
artm
ent.
1.a.
Met
with
Priv
acy
Com
plia
nce
Pro
gram
Lea
der,
and
Sr.
Att
orne
y, L
aw D
epar
tmen
t, a
nd w
as
info
rmed
tha
t as
par
t of
the
Priv
acy
Com
plia
nce
Pro
gram
, the
Priv
acy
Com
plia
nce
and
the
Law
D
epar
tmen
t te
ams
are
invo
lved
in m
onito
ring
com
plia
nce
requ
irem
ents
fro
m t
he C
PU
C t
hrou
gh
dire
ct c
onta
ct f
rom
the
CP
UC
, ind
ustr
y tr
ade
grou
ps, a
nd in
tera
ctio
n w
ith o
ther
util
ities
. Com
plia
nce
and
repo
rtin
g re
quire
men
ts a
re in
putt
ed b
y th
e Le
ader
of
Priv
acy
Com
plia
nce
Pro
gram
and
ver
ified
by
the
Law
Dep
artm
ent
via
the
EC
MS
sys
tem
, whi
ch a
ssig
ns a
uni
que
proc
ess
owne
r an
d id
entif
ies
rele
vant
con
trol
s in
ord
er t
o en
sure
com
plia
nce.
1.b.
Rev
iew
ed In
tern
al U
sage
Bre
ach
Det
ails
for
201
5 an
d no
ted
that
SC
E t
rack
s th
e de
tails
of
each
in
cide
nt in
clud
ing
date
s, a
sum
mar
y de
scrip
tion,
and
whe
ther
it is
a r
epor
tabl
e pr
ivac
y in
cide
nt in
ac
cord
ance
with
bot
h th
e C
A B
reac
h La
ws
and
CP
UC
Sm
art
Grid
dec
isio
n. N
oted
tha
t th
ere
was
on
e pr
ivac
y br
each
in 2
015
affe
ctin
g el
even
SC
E c
usto
mer
acc
ount
s on
Aug
ust
28, 2
015.
2. D
eter
min
e w
heth
er S
CE
file
d its
Ann
ual R
epor
t to
the
CP
UC
as
requ
ired
by t
he P
rivac
y D
ecis
ion.
1) R
evie
wed
the
Com
pany
’s 2
015
Ann
ual P
rivac
y R
epor
t an
d no
ted
that
it w
as s
ubm
itted
to
the
CP
UC
on
Apr
il 28
, 201
6 by
SC
E’s
Dep
uty
Eth
ics
and
Com
plia
nce
Off
icer
. The
rep
ort
iden
tifie
d:
—N
o re
port
ed p
rivac
y br
each
es a
ffec
ting
1,00
0 or
mor
e cu
stom
ers.
—O
ne r
epor
t of
bre
ach
with
in t
he 2
015
cale
ndar
yea
r af
fect
ing
Cov
ered
Info
rmat
ion
on 1
1 C
usto
mer
Acc
ount
s.
– 72
–
© 2
016
KP
MG
LLP
, a D
elaw
are
limite
d lia
bilit
y pa
rtne
rshi
p an
d th
e U
.S. m
embe
r fir
m o
f th
e K
PM
G n
etw
ork
of in
depe
nden
t m
embe
r fir
ms
affil
iate
d w
ith K
PM
G In
tern
atio
nal C
oope
rativ
e (“
KP
MG
Inte
rnat
iona
l”),
a S
wis
s en
tity.
All
right
s re
serv
ed. N
DP
PS
576
245
The
KP
MG
nam
e an
d lo
go a
re r
egis
tere
d tr
adem
arks
or
trad
emar
ks o
f K
PM
G In
tern
atio
nal.
CP
UC
RU
LE 9
Acc
ou
nta
bili
ty a
nd
au
dit
ing
Ove
rall
Co
ncl
usi
on
O
ne
exce
pti
on
no
ted
:
(c) T
rain
ing.
Cov
ered
ent
ities
sha
ll pr
ovid
e re
ason
able
tra
inin
g to
all
empl
oyee
s an
d co
ntra
ctor
s w
ho u
se, s
tore
or
proc
ess
cove
red
info
rmat
ion.
Inte
rnal
Dat
a P
riva
cy T
rain
ing
:
SC
E d
oes
not
prov
ide
CE
UD
rela
ted
trai
ning
nor
rec
eive
aff
irmat
ions
fro
m c
ontr
acto
rs a
nd t
hird
par
ties
rega
rdin
g th
e pe
rfor
man
ce o
f re
quire
d P
rivac
y Tr
aini
ng.
CP
UC
R
ule
9
Ru
le d
escr
ipti
on
A
vaila
bili
ty:
Cov
ered
ent
ities
sha
ll be
acc
ount
able
for
com
plyi
ng w
ith t
he r
equi
rem
ents
her
ein,
and
mus
t m
ake
avai
labl
e to
the
C
omm
issi
on u
pon
requ
est
or a
udit:
(1) t
he p
rivac
y no
tices
tha
t th
ey p
rovi
de t
o cu
stom
ers,
(2) t
heir
inte
rnal
priv
acy
and
data
sec
urity
pol
icie
s,
(3) t
he c
ateg
orie
s of
age
nts,
con
trac
tors
and
oth
er t
hird
par
ties
to w
hich
the
y di
sclo
se c
over
ed in
form
atio
n fo
r a
prim
ary
purp
ose,
the
iden
titie
s of
age
nts,
con
trac
tors
and
oth
er t
hird
par
ties
to w
hich
the
y di
sclo
se c
over
ed in
form
atio
n fo
r a
seco
ndar
y pu
rpos
e, t
he p
urpo
ses
for
whi
ch a
ll su
ch in
form
atio
n is
dis
clos
ed, i
ndic
atin
g fo
r ea
ch c
ateg
ory
of d
iscl
osur
e w
heth
er it
is f
or a
prim
ary
purp
ose
or a
sec
onda
ry p
urpo
se. (
A c
over
ed e
ntity
sha
ll re
tain
and
mak
e av
aila
ble
to t
he
Com
mis
sion
upo
n re
ques
t in
form
atio
n co
ncer
ning
who
has
rec
eive
d co
vere
d in
form
atio
n fr
om t
he c
over
ed e
ntity
.), a
nd
(4) c
opie
s of
any
sec
onda
ryus
e au
thor
izat
ion
form
s by
whi
ch t
he c
over
ed p
arty
sec
ures
cus
tom
er a
utho
rizat
ion
for
seco
ndar
y us
es o
f co
vere
d da
ta.
a Ass
essm
ent
pro
ced
ure
s A
sses
smen
t re
sult
s E
xcep
tio
ns
1. D
eter
min
e w
heth
er S
CE
has
a
proc
ess
in p
lace
to
prov
ide
the
Com
mis
sion
with
the
ann
ual
Priv
acy
Rep
ort
or a
ny o
ther
re
ques
ted
docu
men
tatio
n:
1.a.
Rev
iew
ed t
he C
PU
C S
mar
t G
rid D
ata
Priv
acy
Dec
isio
n R
equi
rem
ents
Tra
ckin
g sh
eet
and
note
d th
at t
he P
rivac
y C
ompl
ianc
e P
rogr
am is
res
pons
ible
for
wor
king
with
the
app
ropr
iate
org
aniz
atio
nal
units
to
com
plet
e th
e A
nnua
l Priv
acy
Rep
ort
and
subm
it it
on t
ime
to t
he C
PU
C.
1.b.
Met
with
Priv
acy
Com
plia
nce
Pro
gram
Lea
der,
and
was
info
rmed
tha
t th
e A
nnua
l Priv
acy
Rep
ort
cove
ring
the
prio
r ye
ar is
dra
fted
in M
arch
and
fin
aliz
ed b
y th
e A
pril
30 s
ubm
issi
on d
eadl
ine.
1.c.
Obs
erve
d ev
iden
ce o
f th
e C
ompa
ny’s
fili
ng o
f th
e 20
15 A
nnua
l Priv
acy
Rep
ort
for
the
cove
red
perio
d.
– 73
–
© 2
016
KP
MG
LLP
, a D
elaw
are
limite
d lia
bilit
y pa
rtne
rshi
p an
d th
e U
.S. m
embe
r fir
m o
f th
e K
PM
G n
etw
ork
of in
depe
nden
t m
embe
r fir
ms
affil
iate
d w
ith K
PM
G In
tern
atio
nal C
oope
rativ
e (“
KP
MG
Inte
rnat
iona
l”),
a S
wis
s en
tity.
All
right
s re
serv
ed. N
DP
PS
576
245
The
KP
MG
nam
e an
d lo
go a
re r
egis
tere
d tr
adem
arks
or
trad
emar
ks o
f K
PM
G In
tern
atio
nal.
CP
UC
R
ule
9
Ru
le d
escr
ipti
on
C
ust
om
er C
om
pla
ints
:
Cov
ered
ent
ities
sha
ll pr
ovid
e cu
stom
ers
with
a p
roce
ss f
or r
easo
nabl
e ac
cess
to
cove
red
info
rmat
ion,
for
cor
rect
ion
of
inac
cura
te c
over
ed in
form
atio
n, a
nd f
or a
ddre
ssin
g cu
stom
er c
ompl
aint
s re
gard
ing
cove
red
info
rmat
ion
unde
r th
ese
rule
s.
b
Ass
essm
ent
pro
ced
ure
s A
sses
smen
t re
sult
s E
xcep
tio
ns
1. A
sses
s w
heth
er S
CE
pro
vide
s no
tice
to it
s cu
stom
ers
on h
ow
they
cus
tom
ers
can
cont
act
the
Com
pany
for
inqu
iries
, com
plai
nts
or d
ispu
tes
rela
ted
to t
heir
Per
sona
l Inf
orm
atio
n.
1. R
evie
wed
the
Not
ice
of A
cces
sing
, Col
lect
ing,
Sto
ring,
Usi
ng a
nd D
iscl
osin
g E
nerg
y U
sage
In
form
atio
n an
d no
ted
that
it in
clud
es a
tel
epho
ne n
umbe
r, w
eb m
ail U
RL,
and
pos
tal a
ddre
ss f
or
cust
omer
s to
con
tact
the
Com
pany
or
disp
ute
thei
r C
over
ed In
form
atio
n.
2. A
sses
s w
heth
er S
CE
has
a
docu
men
ted
proc
ess
to r
ecei
ve
cust
omer
dis
pute
s, c
ompl
aint
s,
and
inqu
iries
, add
ress
es a
nd
reso
lve
com
plai
nts,
and
co
mm
unic
ate
reso
lutio
n ba
ck t
o th
e cu
stom
er in
a t
imel
y an
d sa
tisfa
ctor
y m
anne
r.
2.a.
Rev
iew
ed t
he C
onsu
mer
Aff
airs
– C
ompl
aint
Res
olut
ion
- Con
fiden
tial T
reat
men
t of
Rec
ords
P
olic
y an
d no
ted
that
a p
olic
y is
in p
lace
gov
erni
ng t
he r
ecei
pt a
nd s
afeg
uard
ing
of in
form
atio
n re
late
d to
a c
usto
mer
com
plai
nt t
hrou
ghou
t th
e re
solu
tion
proc
ess.
2.b.
Met
with
Man
ager
, Con
sum
er A
ffai
rs, a
nd w
as in
form
ed t
hat
Con
sum
er A
ffai
rs r
ecei
ves
cust
omer
com
plai
nts
via
the
CP
UC
thr
ough
tw
o m
eans
: (1)
Cus
tom
ers
file
a fo
rmal
com
plai
nt w
ith
the
CP
UC
’s C
AB
Off
ice
whi
ch t
hen
sets
up
a co
nfer
ence
incl
udin
g th
e C
PU
CS
CE
Cus
tom
er t
o di
scus
s th
e cu
stom
er’s
com
plai
nt, a
nd (2
) Cus
tom
ers
file
info
rmal
com
plai
nts
usin
g th
e C
PU
C C
IM
syst
em w
here
a S
CE
Con
sum
er A
ffai
rs r
epre
sent
ativ
e pr
oces
ses
com
plai
nts
by lo
ggin
g in
to t
he
CIM
.
2.c.
Met
with
Man
ager
, Org
aniz
atio
nal P
erfo
rman
ce, a
nd w
as in
form
ed t
hat
durin
g th
e co
vere
d pe
riod,
ano
ther
med
ium
for
rec
eivi
ng c
ompl
aint
s w
as t
he L
ocal
Pub
lic A
ffai
rs (L
PA
) dep
artm
ent.
The
gr
oup
inte
rfac
es w
ith g
over
nmen
t an
d co
mm
unity
off
icia
ls w
ho m
ay b
ring
the
com
plai
nt t
o S
CE
on
beha
lf of
a c
usto
mer
. The
LP
A d
epar
tmen
t w
ould
per
form
inta
ke a
nd t
rans
fer
the
cust
omer
to
the
appr
opria
te in
tern
al d
epar
tmen
t w
ithin
Cus
tom
er S
ervi
ce t
o pr
oces
s an
d re
spon
d to
the
com
plai
nt.
2.d.
Met
with
Man
ager
, Ext
erna
l Rel
atio
ns
Reg
ulat
ory
Ope
ratio
ns, a
nd w
as in
form
ed t
hat
cust
omer
s ca
n al
so b
ring
com
plai
nts
to S
CE
thr
ough
the
CP
UC
. For
mal
Com
plai
nts
go d
irect
ly t
o th
e La
w D
epar
tmen
t fo
r re
spon
se. I
nfor
mal
Com
plai
nts
are
hand
led
thro
ugh
Con
sum
er A
ffai
rs, a
nd t
he
Com
pany
has
20
days
to
resp
ond.
The
rel
evan
t V
P w
ill s
ign
off
on a
n in
form
al c
ompl
aint
and
the
n th
e La
w D
epar
tmen
t w
ill o
ffic
ially
file
with
the
CP
UC
.
– 74
–
© 2
016
KP
MG
LLP
, a D
elaw
are
limite
d lia
bilit
y pa
rtne
rshi
p an
d th
e U
.S. m
embe
r fir
m o
f th
e K
PM
G n
etw
ork
of in
depe
nden
t m
embe
r fir
ms
affil
iate
d w
ith K
PM
G In
tern
atio
nal C
oope
rativ
e (“
KP
MG
Inte
rnat
iona
l”),
a S
wis
s en
tity.
All
right
s re
serv
ed. N
DP
PS
576
245
The
KP
MG
nam
e an
d lo
go a
re r
egis
tere
d tr
adem
arks
or
trad
emar
ks o
f K
PM
G In
tern
atio
nal.
3. A
sses
s w
heth
er S
CE
has
a
proc
ess
to e
scal
ate
disp
utes
, co
mpl
aint
s, a
nd in
quiri
es t
o he
lp
ensu
res
reso
lutio
n w
ithin
a t
imel
y m
anne
r.
3.a.
Rev
iew
ed t
he R
esid
entia
l Cus
tom
er C
all H
andl
ing
Pro
cess
for
the
Loc
al P
ublic
Aff
airs
de
part
men
t (L
PA
) and
not
ed t
hat
with
in L
PA
the
re is
a p
roce
ss is
in p
lace
to
esca
late
res
iden
tial
cust
omer
cal
ls t
o C
onsu
mer
Aff
airs
. A f
eedb
ack
proc
ess
is in
pla
ce w
here
Con
sum
er A
ffai
rs w
ill
repo
rt c
usto
mer
res
olut
ion
resu
lts t
o LP
A a
nd L
PA
will
info
rm L
ocal
gov
ernm
ent
offic
ials
who
no
tifie
d S
CE
of
the
com
plai
nt.
3.b.
Met
with
Man
ager
, Con
sum
er A
ffai
rs, a
nd w
as in
form
ed t
hat
Con
sum
er A
ffai
rs u
ses
a C
ompl
aint
s Tr
acki
ng S
yste
m f
or c
ompl
aint
inta
ke a
nd t
o tr
ack
com
plai
nt s
tatu
s in
clud
ing
(1)
Cus
tom
er N
ame
/ Num
ber,
(2) C
ompl
aint
Num
ber,
(3) C
ompl
aint
Sou
rce,
(4) C
ompl
aint
Cla
ss,
Cat
egor
y, a
nd P
riorit
y, a
nd (5
) Roo
t C
ause
.
4. In
spec
t ev
iden
ce t
hat
SC
E t
rack
s an
d re
solv
es c
usto
mer
com
plai
nts
cons
iste
nt w
ith S
CE
’s p
olic
ies.
4.a.
Rev
iew
ed a
sam
ple
cust
omer
com
plai
nt r
ecei
ved
thro
ugh
the
Edi
son
Hel
pLin
e re
late
d to
a s
olar
co
mpa
ny a
ctin
g on
beh
alf
of S
CE
and
pro
vidi
ng t
he C
ompa
ny w
ith t
he c
usto
mer
’s p
hone
num
ber.
Th
e co
mpl
aint
was
ass
igne
d to
a C
onsu
mer
Aff
airs
man
ager
who
res
pond
ed t
o th
e cu
stom
er w
ithin
fo
ur d
ays
and
clos
ed t
he c
ompl
aint
.
4.b.
Rev
iew
ed a
sam
ple
cust
omer
inqu
iry r
ecei
ved
in J
uly
30, 2
015
and
cont
inui
ng t
hrou
gh O
ctob
er
2015
. The
cus
tom
er a
nd S
CE
fai
led
to r
each
an
agre
emen
t, b
ut S
CE
act
ed in
com
plia
nce
with
its
tarif
fs.
4.c.
Rev
iew
ed f
our
sam
ple
Con
sum
er A
ffai
rs D
ashb
oard
s fr
om t
he c
over
ed p
erio
d an
d ob
serv
ed
that
sta
tistic
s re
late
d to
com
plai
nts
and
inqu
iries
(lik
e vo
lum
e, t
ype,
sou
rce,
tre
nds)
wer
e tr
acke
d an
d re
port
ed t
o m
anag
emen
t.
4.d.
Rev
iew
ed f
our
sam
ple
Con
sum
er A
ffai
rs D
aily
Rep
orts
tha
t id
entif
ies
pend
ing
com
plai
nts
with
th
e as
sign
ed r
esou
rce
and
the
resp
onse
sta
tus
of e
ach
com
plai
nt.
4.e.
Rev
iew
ed lo
g of
201
5 fo
rmal
cus
tom
er c
ompl
aint
s fil
ed w
ith t
he C
PU
C a
nd n
oted
tha
t th
e da
te,
com
plai
nant
, rea
son,
SC
E r
ep, a
nd d
ecis
ion
num
ber
wer
e tr
acke
d.
– 75
–
© 2
016
KP
MG
LLP
, a D
elaw
are
limite
d lia
bilit
y pa
rtne
rshi
p an
d th
e U
.S. m
embe
r fir
m o
f th
e K
PM
G n
etw
ork
of in
depe
nden
t m
embe
r fir
ms
affil
iate
d w
ith K
PM
G In
tern
atio
nal C
oope
rativ
e (“
KP
MG
Inte
rnat
iona
l”),
a S
wis
s en
tity.
All
right
s re
serv
ed. N
DP
PS
576
245
The
KP
MG
nam
e an
d lo
go a
re r
egis
tere
d tr
adem
arks
or
trad
emar
ks o
f K
PM
G In
tern
atio
nal.
CP
UC
R
ule
9
Ru
le d
escr
ipti
on
T
rain
ing
:
Cov
ered
ent
ities
sha
ll pr
ovid
e re
ason
able
tra
inin
g to
all
empl
oyee
s an
d co
ntra
ctor
s w
ho u
se, s
tore
or
proc
ess
cove
red
info
rmat
ion.
c A
sses
smen
t p
roce
du
res
Ass
essm
ent
resu
lts
Exc
eptio
ns
1. R
evie
w S
CE
’s d
ocum
ente
d pr
ivac
y aw
aren
ess
prog
ram
m
ater
ials
to
iden
tify
pers
onne
l w
ho h
andl
e an
d st
ore
acce
ss t
o C
EU
D.
1.a.
Rev
iew
ed S
CE
Org
aniz
atio
nal U
nits
with
Acc
ess
to C
EU
D d
ated
Jan
uary
19,
201
6 an
d va
lidat
ed
by O
U c
onta
cts,
and
not
ed t
hat
the
Aud
it S
ervi
ces,
Cus
tom
er S
ervi
ce, F
inan
cial
& O
pera
tions
S
ervi
ces,
Info
rmat
ion
Tech
nolo
gy, L
egal
, Pow
er S
uppl
y, R
egul
ator
y A
ffai
rs (L
oad
Res
earc
h), a
nd
Tran
smis
sion
& D
istr
ibut
ion
OU
s ha
ve a
cces
s to
Cov
ered
Info
rmat
ion.
1.b
Rev
iew
ed a
list
of
16 c
ontr
acto
rs w
ith a
cces
s to
Cov
ered
Info
rmat
ion
durin
g 20
15.
1.c.
Met
with
Priv
acy
Com
plia
nce
Pro
gram
Lea
der,
Rev
enue
Ser
vice
Ope
ratio
ns; M
anag
er,
Cus
tom
er C
onta
ct C
ente
r; M
anag
er, A
dvan
ced
Tech
nolo
gies
(Tra
nsm
issi
on &
Dis
trib
utio
n);
Man
ager
, Inf
orm
atio
n G
over
nanc
e, M
anag
er, L
ocal
Pub
lic A
ffai
rs, M
anag
er, L
oad
Res
earc
h,
Man
ager
; Pow
er a
nd S
uppl
y; M
anag
er, B
usin
ess
Cus
tom
er D
ivis
ion;
Man
ager
, Cre
dit
Ope
ratio
ns;
and
Man
ager
, Cus
tom
er C
hoic
e S
ervi
ces
and
note
d th
at e
mpl
oyee
acc
ess
to s
yste
ms
cont
aini
ng
Cov
ered
Info
rmat
ion
is a
utom
atic
ally
pro
vide
d or
rev
oked
via
SA
P w
hen
an e
mpl
oyee
join
s or
leav
es
a ne
w d
epar
tmen
t, a
s w
ell a
s m
anua
lly r
evie
wed
on
an a
nnua
l bas
is t
o va
lidat
e a
busi
ness
nee
d an
d re
voke
unn
eces
sary
acc
ess
to s
yste
ms.
1.d.
Met
with
Man
ager
, Acq
uisi
tion
Pla
nnin
g &
Pro
cure
men
t an
d M
anag
er, C
yber
secu
rity,
and
not
ed
that
dur
ing
the
supp
lier
onbo
ardi
ng p
roce
ss, t
he n
eed
for
a co
ntra
ctor
to
acce
ss P
erso
nal
Info
rmat
ion
is id
entif
ied
as a
par
amet
er f
or e
valu
atin
g th
e ris
k of
tha
t co
ntra
ct. O
U P
rocu
rem
ent
man
ager
s ha
ve t
he o
ptio
n to
con
tact
SC
E’s
Cyb
erse
curit
y de
part
men
t in
ord
er t
o pe
rfor
m a
cy
bers
ecur
ity r
isk
asse
ssm
ent
as a
par
t of
thi
s pr
oces
s.
SC
E d
oes
not
prov
ide
CE
UD
rela
ted
trai
ning
no
r re
ceiv
e af
firm
atio
ns f
rom
co
ntra
ctor
s an
d th
ird
part
ies
rega
rdin
g th
e pe
rfor
man
ce o
f re
quire
d P
rivac
y Tr
aini
ng.
Hig
hle
vel g
uida
nce
is
prov
ided
for
ven
dors
an
d co
ntra
ctor
s th
roug
h th
e S
uppl
ier
Cod
e of
Con
duct
.
2. U
nder
stan
d th
e aw
aren
ess
mat
eria
l and
com
mun
icat
ions
to
SC
E p
erso
nnel
to
dete
rmin
e ho
w
inte
rnal
priv
acy
polic
ies
are
com
mun
icat
ed t
o as
soci
ates
.
2.a.
Rev
iew
ed S
CE
’s t
rain
ings
, aw
aren
ess
prog
ram
s an
d co
mm
unic
atio
ns s
ent
to e
mpl
oyee
s w
ith
cust
omer
priv
acy
cont
ent
and
note
d th
at d
urin
g th
e co
vere
d pe
riod,
inte
rnal
priv
acy
polic
ies
wer
e co
mm
unic
ated
thr
ough
the
Em
ploy
ee P
rivac
y Tr
aini
ng, w
hich
is r
equi
red
from
all
SC
E e
mpl
oyee
s w
ho a
cces
s P
erso
nal I
nfor
mat
ion.
In a
dditi
on, t
here
wer
e m
ultip
le c
omm
unic
atio
n ef
fort
s to
SC
E’s
pe
rson
nel r
egar
ding
cus
tom
er p
rivac
y, in
clud
ing
the
follo
win
g:
2.a.
i In
tern
al C
omm
unic
atio
ns:
—P
orta
l Art
icle
s, a
n in
tern
al w
ebpa
ge w
hich
hos
ts p
erio
dic
artic
les
conc
erni
ng r
elev
ant
priv
acy
issu
es a
nd t
rain
ing.
In 2
015,
tw
o ar
ticle
s ap
pear
ed c
once
rnin
g “D
ata
Min
imiz
atio
n”
as w
ell a
s a
rem
inde
r fo
r “I
nfor
mat
ion
Sha
ring
Inte
rnal
ly”.
2.a.
ii E
vent
s an
d P
rogr
ams:
– 76
–
© 2
016
KP
MG
LLP
, a D
elaw
are
limite
d lia
bilit
y pa
rtne
rshi
p an
d th
e U
.S. m
embe
r fir
m o
f th
e K
PM
G n
etw
ork
of in
depe
nden
t m
embe
r fir
ms
affil
iate
d w
ith K
PM
G In
tern
atio
nal C
oope
rativ
e (“
KP
MG
Inte
rnat
iona
l”),
a S
wis
s en
tity.
All
right
s re
serv
ed. N
DP
PS
576
245
The
KP
MG
nam
e an
d lo
go a
re r
egis
tere
d tr
adem
arks
or
trad
emar
ks o
f K
PM
G In
tern
atio
nal.
—R
evie
wed
201
5 P
rivac
y C
omm
unic
atio
ns a
nd O
utre
ach
trac
king
log
whi
ch d
etai
led
over
40
indi
vidu
al p
rivac
y m
eetin
gs, p
rese
ntat
ions
, or
open
invi
te e
vent
s to
pro
vide
info
rmat
ion
and
awar
enes
s co
ncer
ning
priv
acy.
2.b.
Met
with
Vic
e P
resi
dent
, Eth
ics
and
Com
plia
nce,
and
dis
cuss
ed t
rain
ing
cont
ent,
req
uire
men
ts,
and
freq
uenc
y. N
oted
tha
t fo
r 20
15, t
he E
mpl
oyee
Priv
acy
Trai
ning
was
onl
y re
quire
d fo
r em
ploy
ees
who
acc
esse
d P
erso
nal I
nfor
mat
ion,
but
SC
E w
ill b
e m
akin
g th
is m
anda
tory
acr
oss
the
entir
e or
gani
zatio
n du
ring
the
next
tra
inin
g cy
cle.
Not
ed t
hat
data
priv
acy
and
prot
ectio
n w
as a
key
are
a of
fo
cus
in b
oth
2015
and
201
6, a
nd t
hrou
gh t
rain
ing,
roa
d sh
ows,
and
reg
ular
dai
ly in
tera
ctio
ns w
ith
empl
oyee
s, S
CE
man
ager
s ke
ep a
hig
h de
gree
of
focu
s on
dat
a pr
ivac
y.
2.c.
Rev
iew
ed S
CE
’s P
orta
l int
rane
t w
ebpa
ge a
nd n
oted
tha
t it
prov
ides
em
ploy
ees
with
mea
ns t
o ai
d in
mai
ntai
ning
info
rmat
ion
secu
red
and
cust
omer
dat
a pr
ivac
y th
roug
h a
varie
ty o
f lin
ks. T
he
web
site
incl
udes
the
fol
low
ing:
—P
rivac
y C
ompl
ianc
e W
ebpa
ge: C
onta
ins
both
inte
rnal
and
ext
erna
l lin
ks a
nd in
form
atio
n re
gard
ing
appl
icab
le p
olic
ies,
pro
cedu
res,
and
reg
ulat
ions
SC
E e
mpl
oyee
s ar
e su
bjec
t to
. in
tern
al li
nks
prov
ide
acce
ss t
o in
form
atio
n or
res
ourc
es t
o as
sist
SC
E e
mpl
oyee
s in
un
ders
tand
ing
wha
t co
nstit
utes
Per
sona
l Inf
orm
atio
n; t
ips
for
secu
ring
Per
sona
l In
form
atio
n; C
PU
C R
ule
25 (C
PU
C S
mar
t G
rid D
ata
Priv
acy
Rul
ing)
; and
rel
evan
t S
CE
po
licie
s co
ncer
ning
priv
acy,
whi
ch in
clud
e th
e fo
llow
ing
docu
men
ts:
Priv
acy
Pol
icy
Iden
tity
Thef
t P
rote
ctio
n P
olic
y
Priv
acy
Inci
dent
Res
pons
e P
olic
y
Pro
tect
ing
Per
sona
l Inf
orm
atio
n P
olic
y
Priv
acy
FAQ
s
—O
ur P
olic
ies
Land
ing
Pag
e: C
onta
ins
rele
vant
SC
E e
mpl
oyee
pol
icie
s, in
clud
ing
the
Em
ploy
ee C
ode
of C
ondu
ct a
nd C
ore
Pol
icy
Ref
eren
ce G
uide
. We
note
d th
at b
oth
Priv
acy
and
Phy
sica
l Sec
urity
and
Cyb
erse
curit
y ar
e de
fined
as
Cor
e P
olic
ies.
—N
oted
the
Edi
son
Hel
pLin
e lin
k av
aila
ble
thro
ugho
ut S
CE
’s in
tran
et a
nd d
ispl
ayed
pr
omin
ently
on
the
Por
tal l
andi
ng p
age.
Not
ed S
CE
em
ploy
ees
are
enco
urag
ed t
o “s
eek
advi
ce a
nd r
epor
t co
ncer
ns”
by c
onta
ctin
g 1
800
877
7069
and
may
cho
ose
to d
iscl
ose
or
not
disc
lose
the
ir id
entit
y.
—Tr
aini
ng &
Qua
lific
atio
ns la
ndin
g pa
ge, a
cces
sed
thro
ugh
the
men
u ba
r un
der
the
“Abo
ut
Me”
sec
tion,
whi
ch p
rovi
des
empl
oyee
s a
pers
onal
ized
“M
y Tr
aini
ng”
sum
mar
y of
co
mpl
eted
, out
stan
ding
, and
ava
ilabl
e tr
aini
ng a
vaila
ble
to e
mpl
oyee
s an
d di
rect
rep
orts
ba
sed
on t
heir
SA
Pde
sign
ated
job
func
tion.
– 77
–
© 2
016
KP
MG
LLP
, a D
elaw
are
limite
d lia
bilit
y pa
rtne
rshi
p an
d th
e U
.S. m
embe
r fir
m o
f th
e K
PM
G n
etw
ork
of in
depe
nden
t m
embe
r fir
ms
affil
iate
d w
ith K
PM
G In
tern
atio
nal C
oope
rativ
e (“
KP
MG
Inte
rnat
iona
l”),
a S
wis
s en
tity.
All
right
s re
serv
ed. N
DP
PS
576
245
The
KP
MG
nam
e an
d lo
go a
re r
egis
tere
d tr
adem
arks
or
trad
emar
ks o
f K
PM
G In
tern
atio
nal.
2.d.
Met
with
Priv
acy
Com
plia
nce
Pro
gram
Lea
der,
and
obs
erve
d a
wal
kth
roug
h of
SC
E’s
intr
anet
pa
ge f
or P
rivac
y, a
cces
sibl
e to
all
SC
E e
mpl
oyee
s, a
nd n
oted
doc
umen
tatio
n av
aila
ble
for
view
ing
incl
uded
Per
sona
l Inf
orm
atio
nre
late
d po
licie
s an
d pr
oced
ures
for
: (1)
Priv
acy
Pol
icy,
(2) I
dent
ity
Thef
t P
reve
ntio
n, (3
) Priv
acy
Inci
dent
Res
pons
e, (4
) Pro
tect
ing
Per
sona
l Inf
orm
atio
n, a
nd (5
) Priv
acy
FAQ
s. T
hese
doc
umen
ts w
ere
avai
labl
e to
be
acce
ssed
eith
er t
hrou
gh t
he In
tran
et P
olic
y se
ctio
n,
Priv
acy
Com
plia
nce
Pro
gram
hom
epag
e, o
r vi
a do
cum
ent
sear
ch, a
nd n
ote
spec
ific
proc
edur
es f
or
prot
ectin
g, d
iscl
osin
g, o
r us
ing
Cov
ered
Info
rmat
ion.
3. U
nder
stan
d S
CE
’s s
peci
fic
trai
ning
mat
eria
ls t
o as
sess
w
heth
er t
hey
adeq
uate
ly
com
mun
icat
e/tr
ain
empl
oyee
s on
ho
w t
o ha
ndle
Cov
ered
In
form
atio
n.
3.a.
Rev
iew
ed a
nd v
iew
ed t
he C
ompa
ny’s
Em
ploy
ee P
rivac
y Tr
aini
ng a
nd n
oted
tha
t it
is a
n en
terp
rise
wid
e tr
aini
ng w
hich
is m
anda
tory
for
all
SC
E m
anag
emen
t an
d em
ploy
ees
with
acc
ess
to
Cov
ered
Info
rmat
ion.
Thi
s tr
aini
ng is
trig
gere
d au
tom
atic
ally
by
SC
E’s
com
plia
nce
syst
em f
or t
hese
em
ploy
ees.
SC
E in
clud
es C
EU
D in
its
defin
ition
of
Edi
son
Per
sona
l Inf
orm
atio
n (E
PI).
Man
ager
s ar
e no
tifie
d if
thei
r di
rect
rep
orts
had
not
com
plet
ed t
he t
rain
ing
wee
ks p
rior
to d
ue d
ate.
The
tra
inin
g in
clud
es t
arge
ted
guid
ance
cov
erin
g to
pics
suc
h as
:
—Th
e ty
pes
of d
ata
that
con
stitu
te E
PI;
—H
ow E
PI s
houl
d be
han
dled
, sto
red,
and
des
troy
ed;
—P
oten
tial c
onse
quen
ces
for
faili
ng t
o ke
ep E
PI s
ecur
e;
—R
efer
ence
s to
SC
E P
olic
ies
and
Res
ourc
es t
hat
gove
rn P
rivac
y an
d C
ompl
ianc
e in
reg
ards
to
EP
I.
—S
peci
fic r
efer
ence
to
CE
UD
, inc
ludi
ng w
hat
type
s of
dat
a co
nstit
ute
CE
UD
, and
wha
t S
CE
’s
oblig
atio
ns a
re p
er C
PU
C R
egul
atio
ns.
3.b.
Met
with
Priv
acy
Com
plia
nce
Pro
gram
Lea
der,
and
Vic
e P
resi
dent
, Eth
ics
and
Com
plia
nce,
and
no
ted
that
in a
dditi
on t
o C
ompa
nyw
ide
and
targ
eted
priv
acy
trai
ning
s, t
he d
epar
tmen
t al
so c
ondu
cts
priv
acy
awar
enes
s ro
ad s
how
s ac
ross
all
SC
E s
ervi
ce t
errit
orie
s. T
hese
tra
inin
gs a
re t
ailo
red
tow
ards
th
e sp
ecifi
c fu
nctio
ns a
nd a
re in
tend
ed t
o ed
ucat
e th
ese
empl
oyee
s on
mai
ntai
ning
priv
acy
of
Per
sona
l Inf
orm
atio
n.
3.c.
Rev
iew
ed P
rivac
y Tr
aini
ng R
oads
how
tra
inin
g pr
esen
tatio
ns p
rese
nted
at
sate
llite
SC
E o
ffic
es
thro
ugho
ut S
CE
’s s
ervi
ce t
errit
ory
by L
eade
r, P
rivac
y C
ompl
ianc
e P
rogr
am, a
nd V
ice
Pre
side
nt,
Eth
ics
and
Com
plia
nce,
and
not
ed t
arge
ted
trai
ning
and
rem
inde
rs t
o S
CE
em
ploy
ees
rega
rdin
g th
e ac
cess
, use
, pro
cess
ing,
and
dis
posa
l of
Per
sona
l Inf
orm
atio
n, a
s w
ell a
s re
fere
nces
to
rele
vant
SC
E
guid
elin
es, p
olic
ies,
and
pro
cedu
res.
Not
ed t
hat
this
tra
inin
g w
as m
ade
in a
var
iety
of
met
hods
, in
clud
ing
smal
l mee
tings
, lar
ge p
rese
ntat
ions
, and
aw
aren
ess
boot
h pr
esen
tatio
ns.
3.d.
Met
with
Man
ager
, Cus
tom
er C
onta
ct C
ente
r, a
nd r
evie
wed
Cus
tom
er C
onta
ct C
ente
r N
ew
Hire
Tra
inin
g an
d no
ted
that
Cus
tom
er S
ervi
ce R
epre
sent
ativ
es (C
SR
) are
not
allo
wed
to
begi
n pe
rfor
min
g th
eir
job
func
tions
unt
il th
ey h
ave
com
plet
ed t
heir
job
trai
ning
as
wel
l as
pass
ed
back
grou
nd s
cree
ning
. Not
ed C
SR
s ar
e re
quire
d to
tak
e E
mpl
oyee
Priv
acy
Trai
ning
in a
dditi
on t
o C
CC
tra
inin
g. C
CC
Tra
inin
g fo
cuse
s on
aut
hent
icat
ing
cust
omer
s an
d pr
epar
ing
CS
Rs
to a
void
– 78
–
© 2
016
KP
MG
LLP
, a D
elaw
are
limite
d lia
bilit
y pa
rtne
rshi
p an
d th
e U
.S. m
embe
r fir
m o
f th
e K
PM
G n
etw
ork
of in
depe
nden
t m
embe
r fir
ms
affil
iate
d w
ith K
PM
G In
tern
atio
nal C
oope
rativ
e (“
KP
MG
Inte
rnat
iona
l”),
a S
wis
s en
tity.
All
right
s re
serv
ed. N
DP
PS
576
245
The
KP
MG
nam
e an
d lo
go a
re r
egis
tere
d tr
adem
arks
or
trad
emar
ks o
f K
PM
G In
tern
atio
nal.
disc
losi
ng P
II as
soci
ated
with
the
acc
ount
unl
ess
talk
ing
to t
he a
ccou
nt h
olde
r or
aut
horiz
ed
repr
esen
tativ
e.
4. In
spec
t ev
iden
ce t
hat
empl
oyee
s an
d co
ntra
ctor
s ha
ve
com
plet
ed p
rivac
y an
d se
curit
y tr
aini
ng r
equi
rem
ents
(e.g
. tr
aini
ng lo
gs, c
ertif
icat
ions
of
com
plia
nce,
etc
.).
4. M
et w
ith P
rivac
y C
ompl
ianc
e P
rogr
am L
eade
r, a
nd n
oted
tha
t al
l con
trac
tors
who
will
hav
e ac
cess
to
Cov
ered
Info
rmat
ion
are
dele
gate
d in
divi
dual
tra
inin
g re
spon
sibi
litie
s th
roug
h th
e E
diso
n P
erso
nal
Info
rmat
ion
Exh
ibit
whi
ch is
att
ache
d to
eac
h M
SA
whe
n pe
rfor
min
g w
ork.
The
re a
re n
o ad
ditio
nal
proc
esse
s id
entif
ied
for
verif
ying
Thi
rd P
arty
tra
inin
g fo
r pe
rson
nel w
ith a
cces
s to
Cov
ered
In
form
atio
n.
5. U
nder
stan
d th
e pr
ivac
y tr
aini
ng
requ
ired
of t
hird
par
ties
acce
ssin
g C
over
ed In
form
atio
n in
ord
er t
o de
term
ine
whe
ther
the
y ar
e ad
equa
tely
equ
ippe
d to
han
dle
Cov
ered
Info
rmat
ion.
5.a.
Rev
iew
ed t
he E
diso
n P
erso
nal I
nfor
mat
ion
Exh
ibit
3, w
hich
is a
ttac
hed
to c
ontr
acto
r’s
MS
A
whe
n pe
rfor
min
g w
ork
that
req
uire
s P
erso
nal I
nfor
mat
ion.
Not
ed t
hat
the
exhi
bit
requ
ires
"Sec
urity
E
duca
tion"
by
vend
or s
taff
to
be c
ompl
eted
ann
ually
for
pro
tect
ing
Cov
ered
Info
rmat
ion.
5.b.
Rev
iew
ed S
CE
Sup
plie
r C
ode
of C
ondu
ct p
ublic
ly a
vaila
ble
at s
ce.c
om a
nd n
oted
tha
t it
requ
ires
supp
liers
to
safe
guar
d an
d pr
otec
t in
form
atio
n co
vere
d by
priv
acy
law
s an
d/or
res
tric
ted
by E
diso
n’s
polic
ies
and
proc
edur
es. T
he p
olic
y no
tes
seve
ral w
ays
to r
epor
t pr
ivac
y co
ncer
ns v
ia t
he E
diso
n H
elpL
ine
or v
ia r
egul
ar b
usin
ess
chan
nels
thr
ough
em
ploy
ee m
anag
ers.
5.c.
Met
with
Vic
e P
resi
dent
, Eth
ics
and
Com
plia
nce,
and
not
ed t
hat
SC
E d
oes
not
deliv
er p
rivac
yre
late
d tr
aini
ngs
to t
hird
par
ties,
sug
gest
any
priv
acy
rela
ted
trai
ning
s, o
r va
lidat
e w
heth
er T
hird
Par
ty
priv
acy
trai
ning
s to
ok p
lace
. SC
E r
elie
s on
the
con
trac
tual
rel
atio
nshi
p w
ith t
he t
hird
par
ties
to
ensu
re t
hat
Third
Par
ty e
mpl
oyee
s ar
e pr
oper
ty t
rain
ed a
nd e
duca
ted
on h
ow t
o ha
ndle
Cov
ered
In
form
atio
n.
5.d.
Met
with
Priv
acy
Com
plia
nce
Pro
gram
Lea
der,
who
not
ed t
hat
othe
r th
an t
he p
rovi
sion
s pr
esen
t in
the
Edi
son
Per
sona
l Inf
orm
atio
n E
xhib
it 3,
the
re a
re n
o ot
her
cont
rols
or
chec
ks t
o ve
rify
Third
P
arty
tra
inin
g co
mpl
ianc
e.
5.e.
Met
with
Vic
e P
resi
dent
, Eth
ics
and
Com
plia
nce,
and
not
ed t
hat
Third
Par
ty c
ompl
ianc
e is
one
of
the
mai
n ar
eas
of f
ocus
for
SC
E in
bot
h 20
15 a
nd 2
016.
Spe
cific
ally
, SC
E h
as f
ocus
ed o
n fr
ont
end
risk
asse
ssm
ents
, con
trac
t co
mpl
ianc
e, a
nd d
ata
min
imiz
atio
n w
ith c
ontr
acto
rs. F
urth
er, S
CE
is
wor
king
to
deve
lop
and
refin
e a
tiere
dsu
pplie
r sy
stem
to
enco
mpa
ss t
he r
isk
prof
ile o
f co
ntra
ctor
s ba
sed
upon
whe
ther
the
y re
ceiv
e P
erso
nal I
nfor
mat
ion.
5.f.
Insp
ecte
d a
sam
ple
of T
hird
Par
ty c
ontr
acts
and
not
ed t
hat
thes
e do
cum
ents
con
tain
tra
inin
g pr
ovis
ions
as
note
d in
the
MS
A C
ontr
act
Tem
plat
e, w
hich
sta
tes
“Exc
ept
as o
ther
wis
e ex
pres
sly
prov
ided
in t
he A
gree
men
t, C
ontr
acto
r sh
all b
e re
spon
sibl
e fo
r pr
ovid
ing
the
faci
litie
s, p
erso
nnel
, m
ater
ial,
soft
war
e, e
quip
men
t, t
echn
ical
kno
wle
dge,
tra
inin
g, e
xper
tise,
and
all
othe
r re
sour
ces
nece
ssar
y fo
r th
e pr
oper
per
form
ance
and
pro
visi
on o
f th
e S
ervi
ces
and
Del
iver
able
s.”
5.g.
Rev
iew
ed M
SA
Con
trac
t Te
mpl
ate
Exh
ibit
3 an
d no
ted
SC
E in
clud
es s
peci
fic la
ngua
ge r
equi
ring
Con
trac
tors
to
prov
ide
spec
ific
Sec
urity
Edu
catio
n on
the
em
ploy
ee’s
con
fiden
tialit
y an
d no
ndi
sclo
sure
obl
igat
ions
in r
egar
ds t
o th
e us
e an
d op
erat
ion
of S
CE
’s c
ompu
ting
syst
ems
and
Cov
ered
– 79
–
© 2
016
KP
MG
LLP
, a D
elaw
are
limite
d lia
bilit
y pa
rtne
rshi
p an
d th
e U
.S. m
embe
r fir
m o
f th
e K
PM
G n
etw
ork
of in
depe
nden
t m
embe
r fir
ms
affil
iate
d w
ith K
PM
G In
tern
atio
nal C
oope
rativ
e (“
KP
MG
Inte
rnat
iona
l”),
a S
wis
s en
tity.
All
right
s re
serv
ed. N
DP
PS
576
245
The
KP
MG
nam
e an
d lo
go a
re r
egis
tere
d tr
adem
arks
or
trad
emar
ks o
f K
PM
G In
tern
atio
nal.
Info
rmat
ion.
Thi
s tr
aini
ng m
ust
be c
ompl
eted
bef
ore
a ne
w e
mpl
oyee
of
the
Con
trac
tor
or a
ny
Sub
cont
ract
or b
egin
s to
use
Cov
ered
Info
rmat
ion
and
mus
t be
ren
ewed
ann
ually
the
reaf
ter
and
whe
neve
r an
y A
pplic
able
Law
s or
rel
evan
t E
diso
n po
licie
s m
ater
ially
cha
nge.
CP
UC
R
ule
9
Ru
le d
escr
ipti
on
R
epo
rtin
g R
equ
irem
ents
:
On
an a
nnua
l bas
is, e
ach
elec
tric
al/g
as c
orpo
ratio
n sh
all d
iscl
ose
to t
he C
omm
issi
on a
s pa
rt o
f an
ann
ual r
epor
t re
quire
d by
R
ule
8.b,
the
fol
low
ing
info
rmat
ion:
(1) t
he n
umbe
r of
aut
horiz
ed t
hird
par
ties
acce
ssin
g co
vere
d in
form
atio
n,
(2) t
he n
umbe
r of
non
com
plia
nces
with
thi
s ru
le o
r w
ith c
ontr
actu
al p
rovi
sion
s re
quire
d by
thi
s ru
le e
xper
ienc
ed b
y th
e U
tility
, and
the
num
ber
of c
usto
mer
s af
fect
ed b
y ea
ch n
onco
mpl
ianc
e an
d a
deta
iled
desc
riptio
n of
eac
h no
nco
mpl
ianc
e.
e Ass
essm
ent
pro
ced
ure
s A
sses
smen
t re
sult
s E
xcep
tio
ns
1. D
eter
min
e w
heth
er it
tra
cks
the
repo
rtin
g re
quire
men
t an
d as
sign
s co
mpl
ianc
e to
the
ap
prop
riate
dep
artm
ent(
s).
1. S
ee C
PU
C R
ule
8 c
Ass
essm
ent
Test
Res
ults
for
det
ails
2. D
eter
min
e w
heth
er t
he
Com
pany
file
d its
Ann
ual R
epor
t to
the
CP
UC
as
requ
ired
by t
he
Priv
acy
Dec
isio
n.
1.a.
Rev
iew
ed t
he C
ompa
ny’s
201
5 A
nnua
l Priv
acy
Rep
ort
and
note
d th
at it
was
sub
mitt
ed t
o th
e C
PU
C o
n A
pril
28, 2
016
by t
he D
irect
or, C
ompl
ianc
e, P
olic
ies
& In
form
atio
n G
over
nanc
e. T
he r
epor
t in
dica
ted:
—14
7 C
usto
mer
Aut
horiz
ed t
hird
par
ties
acce
ssin
g C
over
ed In
form
atio
n
—16
Ven
dors
und
er c
ontr
act
by S
CE
acc
essi
ng C
over
ed In
form
atio
n
—1
Ene
rgy
Dat
a C
ente
r
—Ze
ro (0
) ins
tanc
es o
f no
nco
mpl
ianc
e w
ith t
he P
rivac
y R
ules
or
with
con
trac
tual
pro
visi
ons
requ
ired
by t
he P
rivac
y R
ules
whi
ch b
ecom
e kn
own
to S
CE
thr
ough
its
daily
ope
ratio
ns a
nd
zero
(0) c
usto
mer
s w
ere
affe
cted
.
– 80
–
© 2
016
KP
MG
LLP
, a D
elaw
are
limite
d lia
bilit
y pa
rtne
rshi
p an
d th
e U
.S. m
embe
r fir
m o
f th
e K
PM
G n
etw
ork
of in
depe
nden
t m
embe
r fir
ms
affil
iate
d w
ith K
PM
G In
tern
atio
nal C
oope
rativ
e (“
KP
MG
Inte
rnat
iona
l”),
a S
wis
s en
tity.
All
right
s re
serv
ed. N
DP
PS
576
245
The
KP
MG
nam
e an
d lo
go a
re r
egis
tere
d tr
adem
arks
or
trad
emar
ks o
f K
PM
G In
tern
atio
nal.
Appe
ndix
1 Abb
revia
tions
use
d in
this
repo
rt
Ab
bre
viat
ion
Fu
ll n
ame
AIC
PA
A
mer
ican
Inst
itute
of
Cer
tifie
d P
ublic
Acc
ount
ants
AM
I A
dvan
ced
Met
erin
g In
fras
truc
ture
CA
B
Con
sum
er A
ffai
rs B
urea
u
CC
A
Com
mun
ity C
hoic
e A
ggre
gato
r
CC
C
Cus
tom
er C
onta
ct C
ente
r
CE
UD
C
usto
mer
Inte
rval
Ene
rgy
Usa
ge D
ata
CIS
R
Cus
tom
er In
form
atio
n S
tand
ardi
zed
Req
uest
CP
UC
C
alifo
rnia
Pub
lic U
tiliti
es C
omm
issi
on
CS
R
Cus
tom
er S
ervi
ce R
epre
sent
ativ
e
CS
S
Cus
tom
er S
ervi
ce S
yste
m
DLP
D
ata
Loss
Pre
vent
ion
EC
MS
E
nter
pris
e C
ompl
ianc
e M
anag
emen
t S
yste
m
ED
I E
lect
roni
c D
ata
Inte
rcha
nge
EP
I E
diso
n P
erso
nal I
nfor
mat
ion
EP
RI
Ele
ctric
Pow
er R
esea
rch
Inst
itute
ES
P
Ele
ctric
Ser
vice
Pro
vide
r
– 81
–
© 2
016
KP
MG
LLP
, a D
elaw
are
limite
d lia
bilit
y pa
rtne
rshi
p an
d th
e U
.S. m
embe
r fir
m o
f th
e K
PM
G n
etw
ork
of in
depe
nden
t m
embe
r fir
ms
affil
iate
d w
ith K
PM
G In
tern
atio
nal C
oope
rativ
e (“
KP
MG
Inte
rnat
iona
l”),
a S
wis
s en
tity.
All
right
s re
serv
ed. N
DP
PS
576
245
The
KP
MG
nam
e an
d lo
go a
re r
egis
tere
d tr
adem
arks
or
trad
emar
ks o
f K
PM
G In
tern
atio
nal.
Ab
bre
viat
ion
Fu
ll n
ame
FIP
P
Fair
Info
rmat
ion
Pra
ctic
e P
rinci
ples
GA
PP
G
ener
ally
Acc
epte
d P
rivac
y P
rinci
ples
IA
Inte
rnal
Aud
it
IG
Info
rmat
ion
Gov
erna
nce
IT
Info
rmat
ion
Tech
nolo
gy
LPA
Lo
cal P
ublic
Aff
airs
MS
A
Mas
ter
Ser
vice
s A
gree
men
t
OU
O
rgan
izat
iona
l Uni
t
PI
Per
sona
l Inf
orm
atio
n
PII
Per
sona
lly Id
entif
iabl
e In
form
atio
n
PP
M
Pro
ject
Por
tfol
io M
anag
emen
t
RM
R
evie
w M
anag
er
RS
O
Rev
enue
Ser
vice
s O
rgan
izat
ion
SC
E
Sou
ther
n C
alifo
rnia
Edi
son
Com
pany
– 82
–
© 2
016
KP
MG
LLP
, a D
elaw
are
limite
d lia
bilit
y pa
rtne
rshi
p an
d th
e U
.S. m
embe
r fir
m o
f th
e K
PM
G n
etw
ork
of in
depe
nden
t m
embe
r fir
ms
affil
iate
d w
ith K
PM
G In
tern
atio
nal C
oope
rativ
e (“
KP
MG
Inte
rnat
iona
l”),
a S
wis
s en
tity.
All
right
s re
serv
ed. N
DP
PS
576
245
The
KP
MG
nam
e an
d lo
go a
re r
egis
tere
d tr
adem
arks
or
trad
emar
ks o
f K
PM
G In
tern
atio
nal.
Appe
ndix
2 St
akeh
older
s int
ervie
wed
# T
itle
D
epar
tmen
t D
ate*
1C
usto
mer
Ser
vice
Rep
rese
ntat
ive
Cus
tom
er S
ervi
ce
3/15
/201
6 2
Prin
cipa
l Man
ager
E
thic
s an
d C
ompl
ianc
e 2/
1/20
16
3P
rogr
am A
naly
st
Info
rmat
ion
Tech
nolo
gy
3/9/
2016
4
Prin
cipa
l Man
ager
P
ower
Sup
ply
& O
pera
tiona
l Ser
vice
s 3/
1/20
16
5Pr
ivac
y C
ompl
ianc
e Pr
ogra
m L
eade
r E
thic
s an
d C
ompl
ianc
e 2/
1/20
16*
6M
anag
er
Cus
tom
er S
ervi
ce
3/21
/201
6 7
Man
ager
R
egul
ator
y A
ffairs
2/
4/20
16
8M
anag
er
Cus
tom
er S
ervi
ce
3/21
/201
6 9
Prin
cipa
l Man
ager
C
usto
mer
Ser
vice
2/
18/2
016*
10
Sr.
Man
ager
In
form
atio
n Te
chno
logy
2/
24/2
016*
11
Dire
ctor
Et
hics
and
Com
plia
nce
4/13
/201
6*
12A
naly
st
Cus
tom
er S
ervi
ce
3/21
/201
6 13
Man
ager
C
usto
mer
Ser
vice
2/
2/20
16
14M
anag
er
Hum
an R
esou
rces
2/
10/2
016
15M
anag
er
Gov
ernm
ent A
ffairs
2/
3/20
16
16M
anag
er
Info
rmat
ion
Tech
nolo
gy
2/25
/201
6*
17In
form
atio
n S
tew
ard
Cus
tom
er S
ervi
ce
2/2/
2016
18
Prin
cipa
l Man
ager
C
usto
mer
Ser
vice
3/
9/20
16
19B
usin
ess
Ana
lyst
C
usto
mer
Ser
vice
2/
18/2
016*
20
Man
ager
C
usto
mer
Ser
vice
2/
25/2
016
– 83
–
© 2
016
KP
MG
LLP
, a D
elaw
are
limite
d lia
bilit
y pa
rtne
rshi
p an
d th
e U
.S. m
embe
r fir
m o
f th
e K
PM
G n
etw
ork
of in
depe
nden
t m
embe
r fir
ms
affil
iate
d w
ith K
PM
G In
tern
atio
nal C
oope
rativ
e (“
KP
MG
Inte
rnat
iona
l”),
a S
wis
s en
tity.
All
right
s re
serv
ed. N
DP
PS
576
245
The
KP
MG
nam
e an
d lo
go a
re r
egis
tere
d tr
adem
arks
or
trad
emar
ks o
f K
PM
G In
tern
atio
nal.
# T
itle
D
epar
tmen
t D
ate*
21V
ice
Pre
side
nt
Eth
ics
and
Com
plia
nce
3/10
/201
6*
22S
r. M
anag
er
Cus
tom
er S
ervi
ce
3/9/
2016
* 23
Sr.
Atto
rney
L
aw D
epar
tmen
t 2/
1/20
16*
24M
anag
er
Reg
ulat
ory
Affa
irs
2/9/
2016
25
Sr.
Pro
gram
Man
ager
In
form
atio
n Te
chno
logy
2/
24/2
016
26M
anag
er
Tran
smis
sion
s &
Dis
tribu
tion
3/1/
2016
* 27
Man
ager
C
usto
mer
Ser
vice
3/
15/2
016
28M
anag
er
Info
rmat
ion
Tech
nolo
gy
2/24
/201
6*
29M
anag
er
Ene
rgy
Pro
cure
men
t & M
anag
emen
t 2/
17/2
016
30M
anag
er
Aud
it S
ervi
ces
3/24
/201
6
Contact us
Doron Rotman Managing Director 408 367 7607 [email protected]
Douglas Farrow Partner 213 955 8389 [email protected]
www.kpmg.com