Administrative & General (A&G) Volume 1 – Ethics and ......Sep 01, 2016 · Volume 1 – Ethics and Compliance Before the Public Utilities Commission of the State of California

Application No.: A.16-09- Exhibit No.: SCE-08, Vol. 1 Witnesses: J. Pespisa

J P Shotwell

(U 338-E)

2018 General Rate Case

Administrative & General (A&G) Volume 1 – Ethics and Compliance

Before the

Public Utilities Commission of the State of California

Rosemead, California

September 1, 2016

A2

ERRATA

SCE-08: Administrative & General (A&G)Volume 1 – Ethics & Compliance

Table Of Contents (Continued)Section Page Witness

v

(1) Labor ................................................................44

(2) Non-Labor........................................................45

b) Forecast ........................................................................45

(1) Labor ................................................................45

(2) Non-Labor........................................................45

Appendix A Southern California Edison 2015 Smart Grid Annual Data Privacy Report...............................................................................................................46

Appendix B Southern California Edison 2010-2011 Affiliate Transaction Rules Audit Report.......................................................................................................2

Appendix C Southern California Edison Response to 2010-2011 Affiliate Transaction Rules Audit Report........................................................................2

CPUC Smart Grid Data Privacy and Security Practices AssessmentReport

13

relies upon a combined effort between CP&I and individual compliance areas to manage compliance 1

activities within a reasonable cost to customers, and provide independent compliance oversight. 2

Below, we address the three Compliance programs that CP&I directly manages: the 3

Privacy Compliance Program; the Disability Rights Compliance Program and the Information4

Governance Compliance Program.5

a) Privacy Compliance Program6

The Privacy Compliance Program is responsible for Company-wide privacy 7

governance and oversight, while the respective operating units have responsibility for implementing 8

reasonable controls to meet privacy obligations. These efforts are necessary to comply with legal and 9

regulatory privacy requirements, including state and federal privacy laws and the CPUC Smart Grid 10

Data Privacy Decision (D.11-07-056).15 That decision requires that SCE conduct an independent third-11

party assessment of its data privacy and security practices. As a result, KPMG performed an 12

independent assessment of our data privacy and security practices, as required by Rule 9(d) of the Rules 13

Regarding Privacy and Security Protection for Energy Usage Data.16 KPMG found that “SCE has 14

designed and implemented Data Privacy and Security policies and supporting procedures to address the 15

Privacy Decisions’ requirements, as measured against KPMG’s Assessment Framework developed to 16

test controls around Covered Information identified in the rules.”1717

b) Disability Rights Compliance Program18

The Disability Rights Compliance Program is responsible for implementing 19

controls and monitoring accessibility activities to comply with federal regulations (e.g., the Americans 20

with Disabilities Act, Sections 504 and 508 of The Rehabilitation Act) and state regulations (e.g., the 21

Unruh Civil Rights Act, Sections 54 through 55.2 of the California Civil Code, and Title 24 of 22

California’s Building Standards Code). In addition, this program works with other operating units within 23

SCE to provide reasonable assurance that all requirements set forth in the joint testimony adopted by the 24

Commission in the 2015 GRC are met, as referenced in exhibit SCE-11 (Joint Testimony with Center 25

for Accessible Technology).26

15 Refer to D.11-07-056, Attachment D.16 Refer to D.11-07-056, Attachment D.17 Refer to Southern California Edison 2015 Smart Grid Annual Data Privacy Report in Appendix A.

CPUC Smart Grid Data Privacy and SecurityPractices Assessment Report

Appendix A

Southern California Edison 2015 Smart Grid Annual Data Privacy Report

CPUC Smart Grid Data Privacy and SecurityPractices Assessment Report

James P. Scott ShotwellDirector, Compliance, Policies &

Information Governance [email protected]

April 29, 2016

Tim SullivanExecutive DirectorCalifornia Public Utilities Commission505 Van Ness Avenue San Francisco, CA 94102

Re: D.11-07-056 Rules Regarding Privacy and Security Protections for Energy Data Usage

Dear Mr. Sullivan:

Southern California Edison Company submits the attached Annual Privacy Report to you as required by Ordering Paragraph No. 3 of D.11-07-056. In accordance with D.11-07-056, this report notifies the Commission of:

The number of demands received for disclosure of customer data pursuant to legal process or pursuant to situations of imminent threat to life or property (Rule 4(c)(6))

The number of customers whose records were disclosed (related to demands received for disclosure of customer data pursuant to situations of imminent threat to life or property) (Rule 4(c)(6))

Summary of reported privacy breaches affecting 1,000 or more customers (Rule 8(b))

Annual report of all breaches within the calendar year affecting Covered Information, whether by the covered electrical corporation or by a third party (Rule 8(c))

The number of authorized third parties accessing Covered Information (Rule 9(e)(1))

The number of non-compliances with the Privacy Rules or with contractual provisions required by the Privacy Rules which become known to SCE through its daily operations (Rule 9(e)(2))

The number of customers affected by each non-compliance (Rule 9(e)(2))

Detailed description of each non-compliance (Rule 9(e)(2))

Should you have any questions regarding this report, please contact James P. Scott Shotwell at 626-302-2038.

Best regards,

/s/ J.P. Shotwell____________ James P. Scott Shotwell

Director, Compliance, Policies & Information Governance

JPSS: kcpEnclosure

Privacy Report of SCE – 2015

SOUTHERN CALIFORNIA EDISONANNUAL PRIVACY REPORT

2015

APRIL 29, 2016

SMART GRID TECHNOLOGIES

ORDER INSTITUTING RULEMAKING 08-12-009

CALIFORNIA PUBLIC UTILITIES COMMISSION

SCE ANNUAL PRIVACY REPORT – 2015

iiPrivacy Report of SCE – 2015

SCE Annual Privacy Report Table of Contents

ContentsI. Introduction ............................................................................................................................. 1

II. Privacy Report Requirements of D.11-07-056 ........................................................................ 3

III. 2015 Annual Privacy Report Results ...................................................................................... 5


1Privacy Report of SCE – 2015

I. Introduction

On July 29, 2011, the California Public Utilities Commission (“Commission”) issued Decision

(D.) 11-07-056, Decision Adopting Rules to Protect the Privacy and Security of the Electricity

Usage Data of the Customers of Pacific Gas and Electric Company, Southern California Edison

Company and San Diego Gas & Electric Company, which requires the submission of an annual

privacy report regarding Covered Information for electrical corporations. As clarified in Decision

(D.) 14-12-004, issued on December 12, 2014, Ordering Paragraph (OP) 3 states: “Pacific Gas

and Electric Company, Southern California Edison Company, and San Diego Gas & Electric

Company must each submit annual privacy reports to the Executive Director, commencing with

calendar year 2012, no later than 120 days after the end of the calendar year. These annual

reports must contain the information required to be reported annually by Rule 8(c) of the Rules

Regarding Privacy and Security Protections for Energy Usage Data in Attachment D of this

decision.”

On August 31, 2012, the Commission issued D.12-08-045, Decision Extending Privacy

Protections to Customers of Gas Corporations and Community Choice Aggregators, and to

Residential and Small Commercial Customers of Electric Service Providers, which does not

apply to Southern California Edison.

Definitions:

“Covered Entity” is (1) any electrical corporation, or any third party that provides

services to an electrical corporation under contract, (2) any third party who accesses,

collects, stores, uses or discloses covered information pursuant to an order of the

Commission, unless specifically exempted, who obtains this information from an

electrical corporation, or (3) any third party, when authorized by the customer, that

accesses, collects, stores, uses, or discloses covered information relating to 11 or more

customers who obtains this information from an electrical corporation.



“Covered Information” is any usage information obtained through the use of the

capabilities of Advanced Metering Infrastructure (interval usage dataa) when associated

with any information that can reasonably be used to identify an individual, family,

household, residence, or non-residential customer. Covered Information does not include

usage information from which identifying information has been removed such that an

individual, family, household or residence, or non-residential customer cannot reasonably

be identified or re-identified and does not include information provided to the

Commission pursuant to its oversight responsibilities.b

The scope of this report includes Covered Information only. “Customer Data” referenced

in Rule 4(c)(6) is defined as “covered information” for the purposes of the Annual

Privacy Report.

“Primary Purposes” The “primary purposes” for the collection, storage, use or disclosure

of covered information are to—

(1) provide or bill for electrical power,

(2) provide for system, grid, or operational needs,

(3) provide services as required by state or federal law or as specifically

authorized by an order of the Commission, or

(4) plan, implement, or evaluate demand response, energy management, or energy

efficiency programs under contract with an electrical corporation, under contract

with the Commission , or as part of a Commission authorized program conducted

by a governmental entity under the supervision of the Commission.

“Secondary Purposes” “Secondary purpose” means any purpose that is not a primary

purpose.

Pursuant to OP 3 of D.11-07-056, Southern California Edison (SCE) hereby submits its annual

privacy report.

a Electrical usage data obtained through the Advanced Metering Infrastructure listed in less than monthly increments (e.g. 15-minute or hourly).

b See D.11-07-056, Conclusions of Law 9, pp. 150-151, and Attachment D, p. 1.



II. Privacy Report Requirements of D.11-07-056 Attachment D of D.11-07-056, Rules Regarding Privacy and Security Protections for Energy

Usage Data (“Privacy Rules”), sets forth the following rules, which are relevant to SCE’s annual

privacy report:

4(c)(6) On an annual basis, covered entities shall report to the Commission the number of

demands received for disclosure of customer datac pursuant to legal process or pursuant

to situations of imminent threat to life or property and the number of customers whose

records were disclosed. Upon request of the Commission, covered entities shall report

additional information to the Commission on such disclosures. The Commission may

make such reports publicly available without identifying the affected customers, unless

making such reports public is prohibited by state or federal law or by order of the

Commission.

8(b) Notification of Breach. A covered third party shall notify the covered electrical

corporation that is the source of the covered data within one week of the detection of a

breach. Upon a breach affecting 1,000 or more customers, whether by a covered electrical

corporation or by a covered third party, the covered electrical corporation shall notify the

Commission’s Executive Director of security breaches of Covered Information within

two weeks of the detection of a breach or within one week of notification by a covered

third party of such a breach. Upon request by the Commission, electrical corporations

shall notify the Commission’s Executive Director of security breaches of Covered

Information.

8(c) Annual Report of Breaches. In addition, electrical corporations shall file an annual

report with the Commission’s Executive Director, commencing with the calendar year

2012, that is due within 120 days of the end of the calendar year and notifies the

Commission of all security breaches within the calendar year affecting Covered

Information, whether by the covered electrical corporation or by a third party.

c For the purposes of this Annual Privacy Report, the IOUs define “customer data” as “covered information.”



9(e) Reporting Requirements. On an annual basis, each electrical corporation shall

disclose to the Commission as part of an annual report required by Rule 8.c, the

following information:

(1) the number of authorized third parties accessing Covered Information,d

(2) the number of non-compliances with this rule or with contractual provisions

required by this rule experienced by the utility, and the number of customers

affected by each non-compliance and a detailed description of each non-

compliance.

This report addresses each of these rules, as described below.

d SCE includes requests for covered information authorized under the “Energy Data Center” decision, D.14-05-016, which is also reported previously in quarterly reports required by Paragraph 9 D.14-05-016.



III. 2015 Annual Privacy Report Results

Table 1. SCE's Annual Privacy Report for 2015

Rule Description Response

Rule 4(c)(6)

The number of demands received for disclosure of customer data pursuant to legal process The number of customers whose records were disclosed because of such demands received pursuant to legal process

Demands Received: 1e

Number of customers affected: 1

Rule 4(c)(6)

The number of demands received for disclosure of customer data pursuant to situations of imminent threat to life or property The number of customers whose records were disclosed because of such demands received pursuant to situations of imminent threat to life or property

Demands Received: 0Number of customers affected: 0

Rule 8(b) Summary of reported privacy breaches affecting1,000 or more customers

0

Rule 8(c)Annual report of all breaches within the calendar year affecting Covered Information, whether by the covered electrical corporation or by a third party

1 breach affecting 11customer accounts

Rule 9(e)(1)

The number of authorized third parties accessing Covered Information(Includes suppliers/contractors/vendors under contract with IOU, customer-authorized researchers or governmental requests, and customer-authorized third parties. Count does include customer-authorized transactions, such as CISR requests.)

Customer Authorized:147f

Vendors Under Contract: 16Energy Data Center: 1g

Rule 9(e)(2)The number of non-compliances with the Privacy Rules or with contractual provisions required by the Privacy Rules which become known to SCE through its daily operations

0

Rule 9(e)(2) The number of customers affected by each non-compliance

0

Rule 9(e)(2) Detailed description of each non-compliance Not Applicable

e SCE received one warrant for covered information on one customer account.f Represents the total number of unique customer authorized third parties receiving Covered Information from Option 5 on the CISR form.g Requests for covered information authorized under the “Energy Data Center” decision, D.14-05-016, which was also reported previously in quarterly reports required by Paragraph 9 D.14-05-016.

`

June 24, 2016

kpmg.com

Southern California Edison Company

CPUC smart grid data privacy and security practices assessment report

Contents Document structure ............................................................................................................................ 3

Executive summary ............................................................................................................................. 4

Project approach and methodology ..................................................................................................... 8

Southern California Edison Company’s response to assessment report ............................................ 9

Rule assessment results, exceptions and recommendations .......................................................... 12

Detailed compliance testing and conclusions ................................................................................... 21

CPUC RULE 2 - Transparency (notice) ........................................................................................ 21

CPUC RULE 3 - Purpose specification ........................................................................................ 26

CPUC RULE 4 Individual participation (access and control)........................................................ 30

CPUC RULE 5 Data minimization ............................................................................................... 37

CPUC RULE 6 Use and disclosure limitation .............................................................................. 45

CPUC RULE 7 Data quality and integrity .................................................................................... 56

CPUC RULE 8 Data security ....................................................................................................... 60

CPUC RULE 9 Accountability and auditing ................................................................................. 72

Appendix 1 Abbreviations used in this report ................................................................................... 80

Appendix 2 Stakeholders interviewed ............................................................................................... 82

© 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 576245

The KPMG name and logo are registered trademarks or trademarks of KPMG International.

– 3 –



Document structure

This report consists of the following sections:

Executive summary contains an overview of the project including background, scope, and KPMG’s overall results and noted exceptions and recommendations where necessary for each Rule comprising the California Public Utility Commission Privacy Decision.

Project approach and methodology contains an overview of key project phases and activities performed by KPMG throughout the course of the assessment.

Rule assessment results, exceptions and recommendations provides a summary of the nine (9) Rules of the CPUC Privacy Decisions including KPMG’s interviews and document reviews (e.g., test work), overall results, detailed exceptions, and improvement recommendations associated with each Exception.

Southern California Edison Company’s management response to CPUC Covered Information Privacy and Security Assessment Report contains SCE’s Management response to the CPUC Covered Information Privacy and Security Assessment Report dated June 24, 2016.

Appendix 1: Abbreviations used in this report provides a list of abbreviations used throughout the report.

Appendix 2: Stakeholders Interviewed provides an overview of SCE personnel interviewed as part of KPMG’s assessment.

– 4 –



Executive summary

Through Southern California Edison Company’s (hereinafter SCE or Company) SmartMeter operations, managed via Advanced Metering Infrastructure and Real Time Energy Management systems, the Company collects, processes, stores, and where authorized, discloses Covered Information.

Background On July 29, 2011, the California Public Utilities Commission (CPUC) issued Decision D.11-07-056 “Rules Regarding Privacy and Security Protections for Energy Usage Data” and Decision D.14-12-004 “Decision Extending Privacy Protections to Customers of Gas Corporations and Community Choice Aggregators and to Residential and Small Commercial Customers of Electric Service Providers (hereinafter the “Privacy Decision”). The Privacy Decision requires SCE to undergo an independent assessment of its Covered Information privacy and security practices. Covered Information is defined in the Privacy Decisions as Customer Energy Usage Data (CEUD)1 obtained via Advanced Metering Infrastructure (AMI) and Real Time Energy Management systems when combined with other information that could reasonably be used to identify a residential customer, family, household, residence, or nonresidential customer. Covered Information does not include information provided to the California Public Utilities Commission pursuant to its oversight responsibilities.

SCE engaged KPMG to conduct an objective assessment of its Covered Information privacy and security processes, controls, and practices in conjunction with general rate case proceedings.2 This report represents the results of KPMG’s assessment.

Scope The scope of the assessment was limited to systems and organizational units (OUs) processing Covered Information associated with information that could reasonably be used to identify a residential customer, family, household, residence, or nonresidential customer; KPMG did not review separate safeguards for SCE employee, contractor, and other Personally Identifiable Information (PII) other than Covered Information.

1 Customer Energy Usage Data is any interval (60-minutes or less) consumption information for a customer service account obtained through its AMI and Real Time Energy Management systems.

2 Objective privacy and security practices assessment is not intended to be an audit, examination, attestation, special report oragreed-upon procedures engagement as those services are defined in American Institute of Certified Public Accountants (AICPA) literature applicable to such engagements. Accordingly, these services will not result in the issuance of a written communication to third parties by KPMG directly reporting on financial data or internal control or expressing a conclusion, an opinion, or any other form of assurance.

– 5 –



To perform the review, KPMG used an Assessment Framework comprised of multiple criteria based on various industry-leading standards. We mapped the Assessment Framework criteria to the nine (9) Rules in the Privacy Decisions and used the framework to perform our assessment of SCE’s privacy and security practices and procedures.

— The Covered Information Privacy and Security Practices Assessment was based on KPMG’s review and understanding of the controls and processes in place from January 1, 2015 through December 31, 2015.3

— The exceptions and recommendations were based on our review of policy/procedure documents, stakeholder interviews, inspection of sample communications to customers and third parties, Covered Information access reports, system security profiles, and site walkthroughs.

— KPMG conducted interviews with personnel from Audit Services, Customer Service, Ethics and Compliance, Information Technology, Human Resources, Government Affairs, Law Department, Regulatory Affairs, Transmission & Distribution, Energy Procurement & Management, and Power Supply & Operational Services.

— KPMG assessed the design and implementation of privacy and security controls followed by an assessment of the operating effectiveness of key implemented controls.

The nine (9) Rules noted in the Privacy Decision are listed below.

Rule 1 Definitions

Rule 2 Transparency (Notice)

Rule 3 Purpose Specification

Rule 4 Individual Participation (Access and Choice)

Rule 5 Data Minimization

Rule 6 Use and Disclosure Limitation

Rule 7 Data Quality and Integrity

Rule 8 Data Security

Rule 9 Accountability and Auditing

3 KPMG used the following key drivers to determine the assessment period: (1) The CPUC Privacy Decision does not define the assessment period and (2) Professional guidance provides flexibility in the period covered as long as the assessment period allows for sufficient time to assess Operating Effectiveness.

– 6 –



Summary of results and exceptions Based on this assessment, KPMG noted that SCE has designed and implemented Data Privacy and Security policies and supporting procedures to address the Privacy Decisions’ requirements, as measured against KPMG’s Assessment Framework developed to test controls around Covered Information identified in the rules. For seven (7) of the nine (9) rules in the Privacy Decisions, KPMG did not identify any exceptions; however, KPMG did identify exceptions with the remaining two (2) rules. Overall, KPMG has noted 2 exceptions (exceptions are areas where SCE’s program is not yet fully prepared to meet compliance with the Privacy Decisions as measured against KPMG’s Assessment Framework). The exceptions are shown below along with the recommendations associated with each exception. There was 1 Medium-Risk Exception and 1 Low-Risk Exception. KPMG noted No High-Risk Exceptions. The risk rating methodology is based on the following definitions:

Risk level Description

High Issue poses a significant risk of data breach of Covered Information and/or a significant deviation from the CPUC Privacy Decisions.

Medium Inconsistent implementation of policies and procedures that may impact the ability of SCE to protect Covered Information and/or achieve adequate alignment with the CPUC Privacy Decisions.

Low Undefined or undocumented policies and procedures supporting the protection of Covered Information and alignment with the CPUC Privacy Decisions.

For more details associated with each Rule, see the Rule assessment results, exceptions, and recommendations and detailed compliance and testing conclusions sections below.

– 7 –



CPUC rule number

Risk level

Exceptions noted KPMG recommendations

CPUC Rule 1

Definitions

- - N/A

CPUC Rule 2

Transparency (Notice)

- - N/A

CPUC Rule 3

Purpose Specification

- - N/A

CPUC Rule 4

Individual Participation (Access and Choice)

- - N/A

CPUC Rule 5

Data Minimization

- - N/A

CPUC Rule 6

Use and Disclosure Limitation

Medium A formal process does not exist to enforce or track compliance of Third Party / Vendor contracts around the safeguarding of Covered Information.

SCE should consider implementing a tracking mechanism to enforce Third Party / Vendor compliance and have reoccurring assessments of whether Third Parties / Vendors have sufficient safeguards in place no less protective than those of SCE to protect Covered Information.

CPUC Rule 7

Data Quality and Integrity

- - N/A

CPUC Rule 8

Data Security

- - N/A

CPUC Rule 9

Accountability and Auditing

Low SCE does not provide CEUD-related training nor receive affirmations from contractors and third parties regarding the performance of required Privacy Training.

High-level guidance is provided for vendors and contractors through the Supplier Code of Conduct.

SCE should consider implementing procedures that require contractors and third parties to confirm their understanding of requirements addressing the safeguarding of Covered Information.

– 8 –



Project approach and methodology

KPMG approached the Assessment in four (4) phases: Initiate, Assess, Validate, and Report.

— Initiate – KPMG developed an Assessment Framework to review SCE’s privacy and security practices based on the nine (9) Rules comprising the Privacy Decisions. KPMG identified controls for each Rule’s requirements and performed procedures to assess the Design and Implementation and Operating Effectiveness of program policies and procedures, and to identify any noted exceptions to those controls. Given the similarity of the Generally Accepted Privacy Principles (GAPP) framework promulgated by the American Institute of Certified Public Accountants (AICPA) and CPA Canada, KPMG leveraged GAPP as a baseline to develop our assessment procedures. KPMG worked with the SCE Ethics and Compliance, Audit Services, and Law organizational units (Project Team) to identify relevant stakeholders, reviewed the organizational structure to identify business groups where Covered Information may reside, and reviewed the current IT landscape to identify systems and applications that collect, store, or process Covered Information, such as Advanced Meter Systems, Customer Information Systems applications and databases, Back-end systems, Middleware, Development/Test environments, and Customer Portals.

— Assess – As part of its assessment KPMG performed a variety of interviews with stakeholders representing various lines of business. KPMG interviewed over 30 personnel, reviewed more than 420 documents and 15 system assessments, and performed four (4) site walkthroughs of critical SCE facilities (including Customer Contact Centers, a Production Datacenter, Credit & Collections and Billing Operations) to observe the safeguards in place to protect Covered Information.

— Validate – KPMG validated all observed exceptions throughout the Assessment phases with the SCE Project Team, relevant business and IT stakeholders, and leadership.

— Report – KPMG developed a final report providing exceptions and recommendations, presented the report to SCE Leadership, and incorporated SCE’s Management Response to the noted exceptions.

– 9 –



Southern California Edison

Company’s response to

assessment report

– 10 –



– 11 –



– 12 –



Rule assessment results,

exceptions and recommendations

For each risk identified, KPMG reviewed the risk and assigned a risk rating of High, Medium, or Low to each Exception based on the potential impact the Exception could have as it relates to the protection of Covered Information. The risk rating methodology used the following definitions:

Risk level Description

High Issue poses a significant risk of data breach of Covered Information and/or a significant deviation from the CPUC Privacy Decisions.

Medium Inconsistent implementation of policies and procedures that may impact the ability of SCE to protect Covered Information and/or achieve adequate alignment with the CPUC Privacy Decisions.

Low Undefined or undocumented policies and procedures supporting the protection of Covered Information and alignment with the CPUC Privacy Decisions.

For seven (7) of the nine (9) rules in the Privacy Decisions, KPMG did not identify any exceptions; however, KPMG did identify exceptions for the remaining two (2) rules. Overall, KPMG has noted 2 exceptions, comprised of 1 Medium Risk Exception and 1 Low-Risk Exception. KPMG noted No High-Risk Exceptions. These exceptions identify areas where KPMG believes SCE’s program is not fully prepared to meet requirements under the Privacy Decisions as measured against KPMG’s Assessment Framework.

The following tables provide a summary of the criteria that KPMG applied in the assessment of each of the nine (9) Rules of the Privacy Decisions, the overall assessment results of the set of criteria evaluated, and relevant exceptions (if any) along with level of risk, risk implication and recommendation.

– 13 –



Rule 2: Transparency notice

KPMG assessment procedures

KPMG assessed SCE’s overall customer notice program focusing on:

— Internal and customer-facing Privacy Policies and Notice that address SCE’s practices and procedures related to the collection, processing, storage, and disclosure of their Covered Information;

— Review of methods and frequency for providing customers with notice and an examination of the actual notices;

— Interviews with SCE personnel;

— Performance of site walkthroughs of Customer Service facilities to observe CSRs interacting with customers and discussing their Covered Information.

Results summary SCE provides its external-facing Notice of Accessing, Collecting, Storing, Using and Disclosing Energy Usage Information on its website detailing the manner in which the Company collects, stores, shares, and protects Covered Information and the methods by which customers can access their data. The Privacy Notice includes information on how customers can contact SCE with complaints, inquiries, and disputes regarding their Covered Information and SCE’s privacy policy. SCE also provides its Privacy Notice to newly registered customers as part of a welcome package, and annually thereafter in a bill insert. Customers can also find relevant notices archived on the website Document Library.

Exception No exceptions noted.

Risk level -

Risk implication -

Recommendation -

– 14 –



Rule 3: Purpose specification


KPMG assessed SCE’s specification of the purposes focusing on:

— How SCE specifies the reasons for which it collects, discloses, retains, and provides access to Covered Information;

— Review of the SCE Privacy Notice and other policies and procedures and interviews with stakeholders to understand the determination and specification of information and Third Party categories;

— Examination of whether the Privacy Notice included a description of how customers could access and control their Covered Information collected, processed, stored, and disclosed by SCE.

Results summary SCE has documented policies and procedures outlining the acceptable purposes for which Covered Information may be collected, stored, used, and shared. These include detailed policies regarding both primary and secondary purposes. Covered Information is not disclosed for secondary purposes, per Company policy, without customer authorization. SCE’s Privacy Notice includes the categories of third parties with which SCE may share Covered Information, and circumstances under which that information may be shared.

SCE has implemented internal policies in addition to a dedicated Third Party service desk with a trained team of employees who are instructed to determine the veracity and propriety of Third Party requests, and the relevant customer consent forms, prior to disclosing Covered Information internally.


Risk level -

Risk implication -

Recommendation -

– 15 –



Rule 4: Individual participation (access and choice)


KPMG assessed SCE’s customer-facing program focusing on:

— Internal and external policies and procedures to provide customers with access and consent mechanisms related to their Covered Information;

— Customer Portals review, stakeholder interviews, and walkthroughs of Customer Contact Center and other locations where SCE Customer Service Representatives (CSR’s) interact with customers with respect to their Covered Information;

— Customer Authorization forms to understand how customers can grant and revoke authorization for secondary uses of their Covered Information;

— The process in place to disclose Covered Information pursuant to legal processes and in situations of imminent threat to life or property. Test procedures included review of policies and procedures for tracking these requests and the subsequent notice provided to customers and interviews with SCE stakeholders in relevant business functions.

Results summary SCE provides customers with multiple methods of accessing their Covered Information, including electronically via the SCE My Account feature online, and through monthly bills that allow them to review and interpret their usage information. Customers may contact SCE through phone, web or mail with questions or concerns regarding their monthly bills. With implementation of the Green Button initiative, customers are able to download up to 36 months of their Covered Information and connect such data with Third Parties for analysis. Further, internal guidelines for SCE employees who interact with customers are in place addressing how to provide customers with access to their Covered Information.

SCE has processes and procedures in place for customers to grant and revoke authorization to third parties using an Authorization Form. Customer-facing policies and notices indicate SCE may disclose Covered Information if it is necessary to provide energy services, to comply with relevant laws, to respond to subpoenas or warrants, or to provide emergency responders with pertinent information in the case of imminent threat to life or property.


Risk level -

Risk implication -

Recommendation -

– 16 –



Rule 5: Data minimization


KPMG assessed SCE’s adoption of Data Minimization principles in the collection, use, and disclosure of Covered Information focusing on:

— Corporate and department-specific policies and procedures to understand how Covered Information is segregated from other systems;

— How user access is restricted based on business need;

— How records and assets are retained for only as long as reasonably necessary;

— Proper disposal of records upon their eligibility for destruction;

— How Data Minimization principles were adopted as part of Third Party disclosure practices. Assessment procedures included review of policies and procedures and interviews with relevant stakeholders to understand appropriate safeguards in place to limit the disclosure of Covered Information.

Results summary SCE has implemented the Data Minimization principle as a foundational component to its overall privacy framework, and has documented policies and procedures limiting the amount of information collected, stored, and retained; the number and level of employees who have access to Covered Information; and the categories of third parties with whom it is shared. The Privacy Compliance team reinforces data minimization through various training and awareness campaigns, and employee compliance with relevant policies and procedures is routinely reviewed.


Risk level -

Risk implication -

Recommendation -

– 17 –



Rule 6: Use and disclosure limitation


KPMG assessed SCE’s Third-Party Management Program focusing on:

— Review of processes in place for disclosure of Covered Information to third parties. Third parties is defined to include suppliers and contractors;

— Review of procedures and forms for customers to authorize and revoke a Third Party to receive Covered Information on behalf of the customer;

— Examination of Third Party management policies and procedures and interview of stakeholders to understand how SCE implements practices and procedures based on the categories of third parties (i.e., primary purpose and secondary purpose);

— Review of the Third Party contract management process including onboarding, contract compliance reviews, and contract termination;

— Review third parties (suppliers, vendors, contractors and consultants) risk management documentation;

— Review of data transmission protocols and ongoing monitoring of third parties for compliance with SCE policies and contractual provisions.

Results summary SCE has processes in place to allow customers to share their Covered Information with third parties. SCE has formal internal procedures to manage customer requests for disclosure to third parties, which include forms for explicit customer authorization and forms to revoke such authorization (CISR Form). Customers may also authorize third parties to access of Covered Information through the Green Button Connect program. SCE has internal Third Party management policies and informs third parties about data privacy requirements. Third Party vendors are contractually obligated per their contract clauses to maintain the privacy of the information shared.

Exception A formal process does not exist to enforce or track compliance of Third Party / Vendor contracts around the safeguarding of Covered Information.

Risk level Medium

Risk implication Third Party / Vendor data security practices may not be sufficient to safeguard Covered Information, heightening SCE’s legal and regulatory exposure and increasing the risk of potential breaches of Covered Information.

Recommendation SCE should consider implementing a tracking mechanism to enforce Third Party / Vendor compliance and have reoccurring assessments of whether Third Parties / Vendors have sufficient safeguards in place no less protective than those of SCE to protect Covered Information.

– 18 –



Rule 7: Data quality and integrity


KPMG assessed SCE’s Data Validation methods and procedures focusing on:

— Review of how SCE validates the quality and integrity of Covered Information;

— Examination of the Advanced Meter systems and infrastructure to understand how usage data is managed and reconciled;

— Review of policies and procedures and interviews with stakeholders to understand how SCE provides customers with the opportunity to modify or remove other data elements collected by the Company.

Results summary SCE has policies in place that address the confirmation, validation, and relevance of customer information. The Privacy Notice states that customers may contact SCE through phone, email or mail should they need to update or alter their information. In addition, SCE Call Center personnel authenticate customers and validate their account information when answering calls. SCE’s My Account Online Services Terms and Conditions indicates it is the customers’ responsibility to ensure their Personal Information is updated and accurate.

System checks and manual processes are in place to validate energy usage reads and perform edits to help ensure completeness and accuracy of usage data prior to billing the customer.


Risk level -

Risk implication -

Recommendation -

– 19 –



Rule 8: Data security


KPMG assessed SCE’s physical and Cybersecurity measures to protect Covered Information focusing on:

— Review of Cybersecurity policies, procedures, and measures related to: Endpoint Security (Antivirus protection, E-mail/Database security), the Network environment (Network Segmentation, Intrusion Detection/Prevention Systems, Remote Access, Wireless), Firewalls, Network Access Control. (Logging/Monitoring, Data Loss Prevention, Web-content Filtering), Mobile Security, Patch Management, Vulnerability Management, Business Continuity, System Change Control, Privileged Access, Third Party Access and Data Classification;

— Performance of site walkthroughs of critical SCE locations focusing on the physical and technical security of Covered Information at these key areas: Customer Contact Centers, a Production Data Center, Credit Operations and Billing Operations;

— Inspection of key configurations and system settings related to: System Access (User Authentication and Password Configuration), Access Management (Restriction of Access based on least privilege and need-to-know, Segregation of Duties, Periodic access review), Logging and Monitoring of changes to customer data, Masking of sensitive data in production and development environments;

— Review of SCE’s Incident Response/Breach Management Program and interviews of stakeholders who are responsible and/or accountable in the response to a potential incident involving Covered Information including communications to regulators and impacted customers;

— Examination of evidence of tools deployed in the environment to detect and analyze potential threats to Covered Information.

Results summary SCE has established an Information Security Program and organization that is responsible for the design and implementation of both physical and logical information security controls to protect Covered Information. Formal policies and procedures have been established and implemented that address specific administrative, physical and technical controls to protect Covered Information. Monitoring procedures are in place to detect and address non-compliance with policies and procedures. Various technical controls have been implemented to prevent and detect network security breaches and unauthorized access to systems containing Covered Information. A process is also in place to report and track potential security incidents to help ensure they are resolved and measures are implemented to prevent similar events from occurring into the future.


Risk level -

Risk implication -

Recommendation -

– 20 –



Rule 9: Accountability and auditing


KPMG assessed SCE’s overall Customer Data Privacy and Cybersecurity program, focusing on:

— Review of documentation supporting each program as well as SCE’s communication of these policies to both employees and contractors;

— Review of executive support and sponsorship of Customer Data Privacy and Cybersecurity including the individuals and roles responsible and accountable for Customer Data Privacy and Cybersecurity throughout the enterprise;

— Interviews with members of SCE Executive Management to understand leadership’s views on customer data protection;

— Review of the process to receive, track and resolve customer complaints, disputes, and inquires related to the protection of Covered Information. Test procedures included a review of internal procedures, interviews with stakeholders involved in the Complaints process, and a walkthrough of the Customer Contact Center;

— Examination of employee training and awareness associated with the protection of Covered Information. This assessment included a review of enterprise-wide and targeted training materials provided to organizational units and contractors collecting, handling, storing, or transmitting Covered Information. Additionally, KPMG observed training compliance logs, meeting agendas, and attendance sheets maintained during PII training sessions.

Results summary SCE has developed company and department policies addressing the proper safeguarding of Covered Information. The Company has achieved a high level of maturity for its customer privacy program, including identifying a dedicated Privacy Compliance Program Leader and providing executive and management support, oversight, and visibility to key program metrics and performance indicators. In addition, the Privacy Compliance Program Leader collaborates with appropriate organizational units when working to finalize policies and procedures to protect Covered Information.

We also noted that a process exists to respond to complaints and inquiries levied by customers related to customer privacy. Company-wide privacy training has been implemented, and company representatives continue to identify opportunities to expand the training. Additionally, road shows as well as data privacy and security trainings have been rolled out to employees accessing Covered Information and are tracked for SCE employees.

Exception SCE does not provide CEUD-related training nor receive affirmations from contractors and third parties regarding the performance of required Privacy Training.

Risk level Low

Risk implication SCE contractors and third parties who collect, use, process or store Covered Information may not understand or be aware of Company policies and procedures for safeguarding sensitive information, thus increasing the risk of misuse of data or a potential data incident.

Recommendation SCE should consider implementing procedures, which require contractors and third parties to confirm their understanding of requirements addressing the safeguarding of Covered Information.

– 21

–

© 2

016

KP

MG

LLP

, a D

elaw

are

limite

d lia

bilit

y pa

rtne

rshi

p an

d th

e U

.S. m

embe

r fir

m o

f th

e K

PM

G n

etw

ork

of in

depe

nden

t m

embe

r fir

ms

affil

iate

d w

ith K

PM

G In

tern

atio

nal C

oope

rativ

e (“

KP

MG

Inte

rnat

iona

l”),

a S

wis

s en

tity.

All

right

s re

serv

ed. N

DP

PS

576

245

The

KP

MG

nam

e an

d lo

go a

re r

egis

tere

d tr

adem

arks

or

trad

emar

ks o

f K

PM

G In

tern

atio

nal.

Deta

iled

com

plian

ce te

sting

and

con

clusio

ns

CP

UC

RU

LE 2

- T

ran

spar

ency

(n

oti

ce)

Ove

rall

Co

ncl

usi

on

N

o e

xcep

tio

ns

no

ted

.

CP

UC

Ru

le 2

R

ule

d

escr

ipti

on

W

hen

pro

vid

ed:

Cov

ered

ent

ities

sha

ll pr

ovid

e w

ritte

n no

tice

whe

n co

nfirm

ing

a ne

w c

usto

mer

acc

ount

and

at

leas

t on

ce a

yea

r sh

all i

nfor

m

cust

omer

s ho

w t

hey

may

obt

ain

a co

py o

f th

e co

vere

d en

tity’

s no

tice

rega

rdin

g th

e ac

cess

ing,

col

lect

ion,

sto

rage

, use

, and

di

sclo

sure

of

cove

red

info

rmat

ion

and

shal

l pro

vide

a c

onsp

icuo

us li

nk t

o th

e no

tice

on t

he h

ome

page

of

thei

r w

ebsi

te, a

nd

shal

l inc

lude

a li

nk t

o th

eir

notic

e in

all

elec

tron

ic c

orre

spon

denc

e to

cus

tom

ers.

b

Ass

essm

ent

Pro

ced

ure

s A

sses

smen

t R

esu

lts

Exc

epti

on

s

1. D

eter

min

e w

heth

er S

CE

has

do

cum

ente

d po

licie

s ad

dres

sing

th

e pr

ovis

ion

of n

otic

e to

cu

stom

ers

of C

ompa

ny’s

dat

a co

llect

ion

and

hand

ling

tech

niqu

es.

1.a.

Rev

iew

ed t

he P

rivac

y C

ompl

ianc

e P

rogr

am M

anua

l and

not

ed t

hat

the

com

pany

’s P

rivac

y C

ompl

ianc

e P

rogr

am is

bas

ed o

n th

e F

air

Info

rmat

ion

Pra

ctic

e P

rinci

ples

(FIP

P) a

nd a

ddre

sses

the

co

ncep

ts o

f N

otic

e/A

war

enes

s: "T

he m

ost

fund

amen

tal p

rinci

ple

is n

otic

e. T

he in

divi

dual

mus

t be

giv

en

notic

e of

an

entit

y’s

info

rmat

ion

prac

tices

bef

ore

any

Per

sona

l Inf

orm

atio

n is

col

lect

ed f

rom

the

m."

1.b.

Rev

iew

ed t

he C

PU

C S

mar

t G

rid P

rivac

y D

ecis

ion

Trac

king

doc

umen

t an

d no

ted

that

Priv

acy

Com

plia

nce

iden

tifie

d th

at it

is r

equi

red

to p

rovi

de c

usto

mer

s w

ith m

eani

ngfu

l, cl

ear,

acc

urat

e, s

peci

fic,

and

com

preh

ensi

ve n

otic

e re

gard

ing

the

acce

ssin

g, c

olle

ctio

n, s

tora

ge, a

nd u

se a

nd d

iscl

osur

e of

C

over

ed In

form

atio

n.

1.c.

Rev

iew

ed t

he S

CE

web

site

and

obs

erve

d th

at a

link

to

the

Priv

acy

Not

ice

is in

clud

ed in

bol

d at

the

bo

ttom

of

the

hom

e pa

ge.

– 22

–

© 2

016

KP

MG

LLP

, a D

elaw

are

limite

d lia

bilit

y pa

rtne

rshi

p an

d th

e U

.S. m

embe

r fir

m o

f th

e K

PM

G n

etw

ork

of in

depe

nden

t m

embe

r fir

ms

affil

iate

d w

ith K

PM

G In

tern

atio

nal C

oope

rativ

e (“

KP

MG

Inte

rnat

iona

l”),

a S

wis

s en

tity.

All

right

s re

serv

ed. N

DP

PS

576

245

The

KP

MG

nam

e an

d lo

go a

re r

egis

tere

d tr

adem

arks

or

trad

emar

ks o

f K

PM

G In

tern

atio

nal.

1.d.

Met

with

Dire

ctor

, Com

plia

nce,

Pol

icie

s &

Info

rmat

ion

Gov

erna

nce,

and

was

info

rmed

tha

t th

e P

rivac

y C

ompl

ianc

e P

rogr

am M

anag

er d

evel

oped

the

Priv

acy

Not

ice

base

d on

the

CP

UC

Priv

acy

Dec

isio

n.

2. D

eter

min

e w

heth

er a

pr

oced

ure

exis

ts t

o en

sure

new

cu

stom

ers

rece

ive

notic

e of

the

C

ompa

ny’s

priv

acy

polic

y up

on

regi

stra

tion

and

annu

ally

th

erea

fter

. In

addi

tion,

a

proc

edur

e ex

ists

to

trac

k pr

ior

itera

tions

of

the

priv

acy

polic

y.

2. R

evie

wed

the

CP

UC

Sm

art

Grid

Priv

acy

Dec

isio

n Tr

acki

ng d

ocum

ent

and

note

d th

at it

pro

vide

s cu

stom

er w

ritte

n no

tice

whe

n co

nfirm

ing

a ne

w c

usto

mer

acc

ount

. At

leas

t on

ce a

yea

r S

CE

sha

ll in

form

cus

tom

er h

ow t

hey

may

obt

ain

a co

py o

f co

vere

d en

tity

notic

e re

gard

ing

the

acce

ssin

g,

colle

ctio

n, s

tora

ge, u

se, a

nd d

iscl

osur

e of

Cov

ered

Info

rmat

ion.

Als

o no

ted

that

the

re is

a p

roce

dure

in

plac

e to

tra

ck p

rior

itera

tions

of

the

priv

acy

polic

y.

3. D

eter

min

e w

heth

er S

CE

pr

ovid

es n

otic

e to

cus

tom

ers

on

an a

nnua

l bas

is a

nd w

hen

sign

ing

up n

ew c

usto

mer

s as

re

quire

d by

the

CP

UC

reg

ulat

ion.

3.a.

Rev

iew

ed t

he C

PU

C S

mar

t G

rid P

rivac

y D

ecis

ion

Trac

king

doc

umen

t an

d no

ted

that

it p

rovi

des

cust

omer

writ

ten

notic

e w

hen

conf

irmin

g a

new

cus

tom

er a

ccou

nt. A

t le

ast

once

a y

ear

SC

E s

hall

info

rm c

usto

mer

s ho

w t

hey

may

obt

ain

a co

py o

f co

vere

d en

tity

notic

e re

gard

ing

the

acce

ssin

g,

colle

ctio

n, s

tora

ge, u

se, a

nd d

iscl

osur

e of

Cov

ered

Info

rmat

ion.

3.b.

Rev

iew

ed r

espo

nse

from

Sr.

Man

ager

Dig

ital t

eam

, not

ed t

hat

new

cus

tom

ers

rece

ive

an e

mai

l or

post

car

d up

on r

egis

terin

g fo

r a

new

acc

ount

. The

not

ice

incl

udes

a li

nk t

o th

e pr

ivac

y no

tice.

The

def

ault

is t

o se

nd a

not

ice

by e

mai

l, bu

t po

st c

ards

are

sen

t to

new

cus

tom

ers

who

do

not

prov

ide

an e

mai

l ad

dres

s.

3.c.

Rev

iew

ed t

he A

nnua

l Bill

Inse

rts

incl

uded

with

the

Nov

embe

r 20

15 b

ills

for

resi

dent

ial a

nd

com

mer

cial

cus

tom

ers

title

d C

usto

mer

Con

nect

ion

and

note

d th

at it

incl

udes

a li

nk t

o th

e P

rivac

y N

otic

e an

d an

ale

rt r

elat

ed t

o cu

stom

er s

cam

s.

3.d.

Rev

iew

ed li

stin

g of

new

acc

ount

reg

istr

atio

ns b

etw

een

May

23,

201

5 an

d Ju

ne 5

, 201

5 an

d no

ted

that

cus

tom

ers

who

rec

eive

d ne

w c

usto

mer

not

ices

wer

e fla

gged

.

3.e.

Rev

iew

ed r

espo

nse

from

Sr.

Man

ager

, Dig

ital,

note

d th

at 1

1,82

1 ne

w c

usto

mer

wel

com

e em

ails

w

ere

sent

bet

wee

n M

ay 2

3, 2

015

and

June

5, 2

015.

3.f.

Rev

iew

ed e

mai

l cor

resp

onde

nce

betw

een

the

Priv

acy

Com

plia

nce

Pro

gram

Lea

der

and

Mar

ketin

g O

pera

tions

con

firm

ing

dist

ribut

ion

of t

he a

nnua

l priv

acy

notic

e w

ith t

he N

ovem

ber

2015

bill

s.

– 23

–

© 2

016

KP

MG

LLP

, a D

elaw

are

limite

d lia

bilit

y pa

rtne

rshi

p an

d th

e U

.S. m

embe

r fir

m o

f th

e K

PM

G n

etw

ork

of in

depe

nden

t m

embe

r fir

ms

affil

iate

d w

ith K

PM

G In

tern

atio

nal C

oope

rativ

e (“

KP

MG

Inte

rnat

iona

l”),

a S

wis

s en

tity.

All

right

s re

serv

ed. N

DP

PS

576

245

The

KP

MG

nam

e an

d lo

go a

re r

egis

tere

d tr

adem

arks

or

trad

emar

ks o

f K

PM

G In

tern

atio

nal.

CP

UC

Ru

le 2

R

ule

d

escr

ipti

on

Fo

rm:

The

notic

e sh

all b

e la

belle

d N

otic

e of

Acc

essi

ng, C

olle

ctin

g, S

torin

g, U

sing

and

Dis

clos

ing

Ene

rgy

Usa

ge In

form

atio

n

(1) b

e w

ritte

n in

eas

ily u

nder

stan

dabl

e la

ngua

ge, a

nd

(2) b

e no

long

er t

han

is n

eces

sary

to

conv

ey t

he r

equi

site

info

rmat

ion.

c(1)

-(2)

Ass

essm

ent

pro

ced

ure

s A

sses

smen

t re

sult

s E

xcep

tio

ns

1. R

evie

w S

CE

’s m

etho

ds f

or

prov

idin

g cu

stom

ers

notic

e ab

out

thei

r pr

ivac

y an

d ac

cess

ing

the

priv

acy

notic

e.

1.a.

Rev

iew

ed S

CE

.com

and

not

ed t

hat

the

"Priv

acy

Not

ice"

link

is in

clud

ed o

n th

e bo

ttom

of

each

pag

e w

ithin

the

site

tre

e. U

sers

may

acc

ess

any

of t

hese

Not

ices

fro

m t

he le

ft n

avig

atio

n pa

ne, w

ithin

the

P

rivac

y N

otic

e pa

ge o

n S

CE

.com

, or

by c

licki

ng t

he h

yper

links

with

in t

he N

otic

e.

1.b.

Rev

iew

ed C

usto

mer

Wel

com

e Le

tter

s an

d th

e A

nnua

l Bill

inse

rt s

ent

to c

usto

mer

s an

d no

ted

that

th

ey c

onta

in t

he U

RL

at w

hich

cus

tom

ers

can

find

the

Not

ice

of A

cces

sing

, Col

lect

ing,

Sto

ring,

Usi

ng

and

Dis

clos

ing

Ene

rgy

Usa

ge In

form

atio

n on

line

1.c.

Rev

iew

ed s

ampl

e sy

stem

-gen

erat

ed e

mai

ls f

rom

SC

E a

nd o

bser

ved

that

a li

nk t

o th

e P

rivac

y N

otic

e is

incl

uded

at

the

bott

om o

f th

e em

ail.

2. D

eter

min

e w

heth

er a

pr

oced

ure

exis

ts t

o re

view

the

re

adab

ility

of

the

priv

acy

notic

e an

d m

ake

upda

tes

base

d on

cu

stom

er f

eedb

ack

rela

ted

to

read

abili

ty a

nd c

onte

nt.

2.a.

Rev

iew

ed t

he C

PU

C S

mar

t G

rid P

rivac

y D

ecis

ion

Trac

king

doc

umen

t an

d no

tes

that

SC

E s

hall

prov

ide

to c

usto

mer

s up

on r

eque

st c

onve

nien

t an

d se

cure

acc

ess

to t

heir

Cov

ered

Info

rmat

ion:

(1) i

n an

ea

sily

rea

dabl

e fo

rmat

tha

t is

at

a le

vel n

o le

ss d

etai

led

than

tha

t at

whi

ch t

he c

over

ed e

ntity

dis

clos

es

the

data

to

third

par

ties.

(2) T

he C

omm

issi

on s

hall,

by

subs

eque

nt r

ule,

pre

scrib

e w

hat

is a

rea

sona

ble

time

for

resp

ondi

ng t

o cu

stom

er r

eque

sts

for

acce

ss.

2.b.

Rev

iew

ed t

he S

CE

web

site

and

obs

erve

d th

at it

is a

vaila

ble

in E

nglis

h, S

pani

sh, C

hine

se, K

orea

n,

and

Vie

tnam

ese.

The

link

s to

the

Not

ice

of A

cces

sing

, Col

lect

ing,

Sto

ring,

Usi

ng a

nd D

iscl

osin

g E

nerg

y U

sage

Info

rmat

ion

are

prov

ided

in t

he n

ativ

e la

ngua

ge, t

houg

h th

e la

ngua

ge it

self

is o

nly

prov

ided

in

Eng

lish.

3. D

eter

min

e w

heth

er S

CE

’s

Priv

acy

Not

ice

is w

ritte

n in

an

easy

-to-

unde

rsta

nd la

ngua

ge.

3. R

evie

wed

Not

ice

of A

cces

sing

, Col

lect

ing,

Sto

ring,

Usi

ng a

nd D

iscl

osin

g E

nerg

y U

sage

Info

rmat

ion

and

note

d th

at it

is w

ritte

n at

a 1

6th

grad

e Fl

esch

-Kin

caid

rea

ding

leve

l (i.e

. bes

t un

ders

tood

by

thos

e w

ith f

our

year

s of

uni

vers

ity-le

vel t

rain

ing)

.

– 24

–

© 2

016

KP

MG

LLP

, a D

elaw

are

limite

d lia

bilit

y pa

rtne

rshi

p an

d th

e U

.S. m

embe

r fir

m o

f th

e K

PM

G n

etw

ork

of in

depe

nden

t m

embe

r fir

ms

affil

iate

d w

ith K

PM

G In

tern

atio

nal C

oope

rativ

e (“

KP

MG

Inte

rnat

iona

l”),

a S

wis

s en

tity.

All

right

s re

serv

ed. N

DP

PS

576

245

The

KP

MG

nam

e an

d lo

go a

re r

egis

tere

d tr

adem

arks

or

trad

emar

ks o

f K

PM

G In

tern

atio

nal.

CP

UC

Ru

le 2

R

ule

d

escr

ipti

on

C

on

ten

t: T

he n

otic

e an

d th

e po

sted

priv

acy

polic

y sh

all s

tate

cle

arly

:

(1) t

he id

entit

y of

the

cov

ered

ent

ity,

(2) t

he e

ffec

tive

date

of

the

notic

e or

pos

ted

priv

acy

polic

y,

(3) t

he c

over

ed e

ntity

’s p

roce

ss f

or a

lterin

g th

e no

tice

or p

oste

d pr

ivac

y po

licy,

incl

udin

g ho

w t

he c

usto

mer

will

be

info

rmed

of

any

alte

ratio

ns, a

nd w

here

prio

r ve

rsio

ns w

ill b

e m

ade

avai

labl

e to

cus

tom

ers,

and

(4) t

he t

itle

and

cont

act

info

rmat

ion,

incl

udin

g em

ail a

ddre

ss, p

osta

l add

ress

, and

tel

epho

ne n

umbe

r, o

f an

off

icia

l at

the

cove

red

entit

y w

ho c

an a

ssis

t th

e cu

stom

er w

ith p

rivac

y qu

estio

ns, c

once

rns,

or

com

plai

nts

rega

rdin

g th

e co

llect

ion,

sto

rage

, us

e, o

r di

strib

utio

n of

cov

ered

info

rmat

ion.

d(1

)-(4

)

Ass

essm

ent

pro

ced

ure

s A

sses

smen

t re

sult

s E

xcep

tio

ns

1. U

nder

stan

d th

e pr

oced

ures

in

plac

e to

iden

tify

cove

red

entit

ies

and

dete

rmin

e w

heth

er t

he

effe

ctiv

e da

te is

indi

cate

d in

the

re

leva

nt d

ocum

enta

tion.

1. R

evie

wed

the

Priv

acy

Not

ice

and

Not

ice

of A

cces

sing

, Col

lect

ing,

Sto

ring,

Usi

ng, a

nd D

iscl

osin

g C

over

ed In

form

atio

n on

the

Com

pany

web

site

and

obs

erve

d th

at t

hey

iden

tify

SC

E a

s th

e co

vere

d en

tity

and

incl

ude

the

notic

e ef

fect

ive

date

and

link

s to

pre

viou

s (D

ated

) ver

sion

s of

the

not

ice.

2. U

nder

stan

d ho

w t

he

regu

lato

ry r

equi

rem

ents

, m

anag

emen

t re

view

and

ap

prov

al p

roce

ss w

orks

, in

clud

ing

pote

ntia

l alte

ratio

ns o

f th

e pr

ivac

y po

licie

s.

2.a.

Rev

iew

ed t

he P

rivac

y P

rogr

am M

anua

l and

Priv

acy

Pol

icy

and

note

d th

at t

hat

it do

es n

ot d

etai

l the

pr

oces

s fo

r re

visi

ng S

CE

’s p

rivac

y po

licy,

incl

udin

g w

hat

circ

umst

ance

s tr

igge

r re

visi

ons,

the

st

akeh

olde

rs in

volv

ed, d

eadl

ines

for

sub

mis

sion

s, a

nd g

uide

lines

for

cre

atin

g an

d di

strib

utin

g dr

afts

of

revi

sion

s.

2.b.

Rev

iew

ed t

he C

ompl

ianc

e C

oord

inat

ion

& E

CM

S D

eplo

ymen

t 20

15 d

ocum

ent

and

note

d th

at E

CM

S

was

dep

loye

d w

ithin

the

Com

pany

to

cent

raliz

e co

mpl

ianc

e re

quire

men

ts a

nd m

onito

r an

d tr

ack

com

plia

nce

stat

us a

nd a

ccou

ntab

ility

.

2.c.

Met

with

Priv

acy

Com

plia

nce

Pro

gram

Lea

der,

and

was

info

rmed

tha

t th

e C

ompa

ny u

ses

a co

mpl

ianc

e tr

acki

ng s

yste

m t

o id

entif

y an

d tr

ack

priv

acy

com

plia

nce

requ

irem

ents

. The

Priv

acy

Com

plia

nce

Pro

gram

will

wor

k w

ith t

he L

aw D

epar

tmen

t to

inte

rpre

t re

gula

tory

req

uire

men

ts a

nd u

se

the

trac

king

sys

tem

to

assi

gn c

ontr

ol o

wne

rs w

ho a

re r

espo

nsib

le f

or im

plem

entin

g th

e re

quire

men

ts.

2.d.

Met

with

Dire

ctor

, Com

plia

nce,

Pol

icie

s &

Info

rmat

ion

Gov

erna

nce,

and

was

info

rmed

tha

t th

e P

rivac

y C

ompl

ianc

e pr

ogra

m is

a c

entr

aliz

ed f

unct

ion

with

in S

CE

tha

t es

tabl

ishe

s ce

ntra

lized

gui

delin

es

that

the

Ope

ratin

g U

nits

mus

t im

plem

ent.

2.e.

Met

with

Sr.

Att

orne

y, L

aw d

epar

tmen

t, a

nd w

as in

form

ed t

hat

she

is t

he a

ttor

ney

assi

gned

to

priv

acy

regu

latio

ns a

nd w

ould

not

ify t

he P

rivac

y C

ompl

ianc

e P

rogr

am L

eade

r if

a ne

w c

hang

e is

req

uire

d.

3. In

spec

t or

igin

al a

nd r

evis

ion

date

s of

pol

icie

s to

det

erm

ine

if ac

tual

upd

ates

/edi

ts a

re m

ade

befo

re a

ppro

vals

.

3. R

evie

wed

the

Priv

acy

Not

ice

and

Not

ice

of A

cces

sing

, Col

lect

ing,

Sto

ring,

Usi

ng, a

nd D

iscl

osin

g C

over

ed In

form

atio

n on

the

Com

pany

web

site

and

obs

erve

d th

e no

tice

effe

ctiv

e da

te a

nd li

nks

to

prev

ious

(Dat

ed) v

ersi

ons

of t

he n

otic

e th

at h

ave

been

sup

erse

ded

over

tim

e.

– 25

–

© 2

016

KP

MG

LLP

, a D

elaw

are

limite

d lia

bilit

y pa

rtne

rshi

p an

d th

e U

.S. m

embe

r fir

m o

f th

e K

PM

G n

etw

ork

of in

depe

nden

t m

embe

r fir

ms

affil

iate

d w

ith K

PM

G In

tern

atio

nal C

oope

rativ

e (“

KP

MG

Inte

rnat

iona

l”),

a S

wis

s en

tity.

All

right

s re

serv

ed. N

DP

PS

576

245

The

KP

MG

nam

e an

d lo

go a

re r

egis

tere

d tr

adem

arks

or

trad

emar

ks o

f K

PM

G In

tern

atio

nal.

4. D

eter

min

e ho

w S

CE

info

rms

cust

omer

s of

any

alte

ratio

ns t

o th

e P

rivac

y N

otic

e an

d w

here

pr

ior

vers

ions

will

be

mad

e av

aila

ble

to c

usto

mer

s.

4. R

evie

wed

the

Priv

acy

Not

ice

and

Not

ice

of A

cces

sing

, Col

lect

ing,

Sto

ring,

Usi

ng, a

nd D

iscl

osin

g C

over

ed In

form

atio

n on

the

Com

pany

web

site

and

obs

erve

d th

e no

tice

effe

ctiv

e da

te a

nd li

nks

to

prev

ious

(Dat

ed) v

ersi

ons

of t

he n

otic

e th

at h

ave

been

sup

erse

ded

over

tim

e.

5. E

xam

ine

whe

ther

SC

E’s

pr

ivac

y no

tices

to

iden

tify

whe

ther

the

titl

e an

d co

ntac

t in

form

atio

n (in

clud

ing

emai

l ad

dres

s, p

osta

l add

ress

and

te

leph

one

num

ber)

of

an o

ffic

ial

at t

he c

over

ed e

ntity

is in

dica

ted,

w

ho c

an a

ssis

t th

e cu

stom

er

with

pot

entia

l priv

acy

ques

tions

, co

ncer

ns, o

r co

mpl

aint

s.

5. R

evie

wed

Not

ice

of A

cces

sing

, Col

lect

ing,

Sto

ring,

Usi

ng, a

nd D

iscl

osin

g E

nerg

y U

sage

Info

rmat

ion

onlin

e an

d no

ted

that

it p

rovi

des

cust

omer

s w

ith t

he t

elep

hone

num

ber

and

post

al a

ddre

ss o

f cu

stom

er

serv

ice

repr

esen

tativ

es w

ho c

an h

elp

with

que

stio

ns, c

once

rns,

and

dis

pute

s re

gard

ing

priv

acy.

Fur

ther

, it

prov

ides

a li

nk t

o co

mm

unic

ate

via

emai

l.

6. D

eter

min

e w

heth

er a

spe

cific

pe

rson

or

grou

p w

ithin

SC

E is

re

spon

sibl

e or

acc

ount

able

for

pr

ivac

y an

d se

curit

y po

licy

deve

lopm

ent,

impl

emen

tatio

n,

mon

itorin

g, e

nfor

cing

and

up

datin

g.

6.a.

Rev

iew

ed t

he P

rivac

y C

ompl

ianc

e P

rogr

am M

anua

l and

not

ed t

hat

the

Priv

acy

Com

plia

nce

Pro

gram

Le

ader

and

tea

m is

res

pons

ible

for

priv

acy

polic

y an

d pr

oced

ure

deve

lopm

ent,

impl

emen

tatio

n,

mon

itorin

g, e

nfor

cing

, and

upd

atin

g.

6.b.

Rev

iew

ed t

he C

PU

C S

mar

t G

rid D

ata

Priv

acy

Dec

isio

n R

equi

rem

ents

Tra

ckin

g sh

eet

and

note

d th

at

the

Priv

acy

Com

plia

nce

Pro

gram

Lea

der

is r

espo

nsib

le f

or d

evel

opin

g, c

oord

inat

ing,

and

impl

emen

ting

a co

nsis

tent

set

of

priv

acy

and

secu

rity

rule

s, a

nd r

elat

ed c

usto

mer

info

rmat

ion

requ

est

form

s as

ado

pted

in

D.1

1-07

-056

.

6.c.

Met

with

Priv

acy

Com

plia

nce

Pro

gram

Lea

der,

and

was

info

rmed

tha

t he

is r

espo

nsib

le f

or t

he

onlin

e P

rivac

y N

otic

e an

d w

ill w

ork

with

the

Law

Dep

artm

ent

to id

entif

y an

y re

quire

d ch

ange

s an

d en

sure

the

pol

icy

is u

pdat

ed.

– 26

–

© 2

016

KP

MG

LLP

, a D

elaw

are

limite

d lia

bilit

y pa

rtne

rshi

p an

d th

e U

.S. m

embe

r fir

m o

f th

e K

PM

G n

etw

ork

of in

depe

nden

t m

embe

r fir

ms

affil

iate

d w

ith K

PM

G In

tern

atio

nal C

oope

rativ

e (“

KP

MG

Inte

rnat

iona

l”),

a S

wis

s en

tity.

All

right

s re

serv

ed. N

DP

PS

576

245

The

KP

MG

nam

e an

d lo

go a

re r

egis

tere

d tr

adem

arks

or

trad

emar

ks o

f K

PM

G In

tern

atio

nal.

CP

UC

RU

LE 3

- P

urp

ose

sp

ecif

icat

ion

Ove

rall

Co

ncl

usi

on

N

o e

xcep

tio

ns

no

ted

.

CP

UC

R

ule

3

Ru

le D

escr

ipti

on

C

ateg

ori

es o

f In

form

atio

n:

(1) E

ach

cate

gory

of

cove

red

info

rmat

ion

colle

cted

, use

d, s

tore

d or

dis

clos

ed b

y th

e co

vere

d en

tity,

and

, for

eac

h ca

tego

ry o

f co

vere

d in

form

atio

n, t

he r

easo

nabl

y sp

ecifi

c pu

rpos

es f

or w

hich

it w

ill b

e co

llect

ed, s

tore

d, u

sed,

or

disc

lose

d,

(2) e

ach

cate

gory

of

cove

red

info

rmat

ion

that

is d

iscl

osed

to

third

par

ties,

and

, for

eac

h su

ch c

ateg

ory,

(i) t

he p

urpo

ses

for

whi

ch it

is d

iscl

osed

, and

(ii)

the

cate

gorie

s of

thi

rd p

artie

s to

whi

ch it

is d

iscl

osed

, and

(3) t

he id

entit

ies

of t

hose

thi

rd p

artie

s to

who

m d

ata

is d

iscl

osed

for

sec

onda

ry p

urpo

ses,

and

the

sec

onda

ry p

urpo

ses

for

whi

ch t

he in

form

atio

n is

dis

clos

ed.

a(1)

-(3)

Ass

essm

ent

pro

ced

ure

s A

sses

smen

t re

sult

s E

xcep

tio

ns

1. D

eter

min

e w

heth

er S

CE

’s

Priv

acy

Not

ice

docu

men

ts t

he (1

) ca

tego

ries

and

purp

oses

of

Cov

ered

Info

rmat

ion

colle

cted

, us

ed, s

tore

d or

dis

clos

ed, (

2)

each

cat

egor

y of

Cov

ered

In

form

atio

n th

at is

dis

clos

ed t

o th

ird p

artie

s an

d pu

rpos

e of

di

sclo

sure

, and

(3) t

he id

entit

ies

of t

hose

thi

rd p

artie

s w

ith w

hom

C

over

ed In

form

atio

n is

sha

red

for

seco

ndar

y pu

rpos

es.

1. R

evie

wed

Not

ice

of A

cces

sing

, Col

lect

ing,

Sto

ring,

Usi

ng, a

nd D

iscl

osin

g E

nerg

y U

sage

In

form

atio

n on

line

and

note

d th

at it

pro

vide

s:

—Th

e ki

nd o

f in

form

atio

n th

at w

ill b

e co

llect

ed f

rom

and

abo

ut c

usto

mer

s;

—H

ow t

hat

info

rmat

ion

will

be

used

, sto

red,

and

pro

tect

ed;

—In

wha

t ca

ses

cust

omer

info

rmat

ion

will

be

disc

lose

d to

thi

rd p

artie

s; a

nd

—To

who

m c

usto

mer

info

rmat

ion

will

be

pote

ntia

lly d

iscl

osed

in t

he o

utlin

ed c

ircum

stan

ces.

2. D

eter

min

e w

heth

er S

CE

tra

cks

the

cate

gorie

s of

age

nts,

co

ntra

ctor

s an

d ot

her

third

par

ties

to w

hich

the

y di

sclo

se C

over

ed

Info

rmat

ion

for

a pr

imar

y pu

rpos

e.

2.a.

Rev

iew

ed t

he C

ompa

ny’s

201

5 A

nnua

l Priv

acy

Rep

ort

and

note

d th

at S

CE

dis

clos

ed C

over

ed

Info

rmat

ion

for

a pr

imar

y pu

rpos

e to

147

cus

tom

er-a

utho

rized

thi

rd p

artie

s vi

a th

e G

reen

But

ton

conn

ect

prog

ram

(Opt

ion

5 on

the

CIS

R F

orm

), 16

ven

dors

und

er c

ontr

act,

and

1 E

nerg

y D

ata

Cen

ter

as a

utho

rized

und

er t

he “

Ene

rgy

Dat

a C

ente

r” d

ecis

ion,

D.1

4-05

-016

. 2.

b. M

et w

ith S

r. M

anag

er, C

yber

secu

rity

and

was

info

rmed

tha

t S

CE

has

a r

isk

man

agem

ent

prog

ram

in p

lace

whi

ch r

anks

sup

plie

rs b

y ris

k le

vels

and

tra

cks

whe

ther

sup

plie

rs h

ave

acce

ss t

o C

over

ed In

form

atio

n th

roug

h a

ques

tionn

aire

s an

d an

nual

ris

k as

sess

men

t. A

lso,

not

ed t

hat

Cyb

erse

curit

y w

as n

ot in

volv

ed in

the

coo

rdin

atio

n w

ith S

uppl

y C

hain

in 2

015,

as

it w

as a

new

pr

oces

s.

– 27

–

© 2

016

KP

MG

LLP

, a D

elaw

are

limite

d lia

bilit

y pa

rtne

rshi

p an

d th

e U

.S. m

embe

r fir

m o

f th

e K

PM

G n

etw

ork

of in

depe

nden

t m

embe

r fir

ms

affil

iate

d w

ith K

PM

G In

tern

atio

nal C

oope

rativ

e (“

KP

MG

Inte

rnat

iona

l”),

a S

wis

s en

tity.

All

right

s re

serv

ed. N

DP

PS

576

245

The

KP

MG

nam

e an

d lo

go a

re r

egis

tere

d tr

adem

arks

or

trad

emar

ks o

f K

PM

G In

tern

atio

nal.

2.c.

Rev

iew

ed t

he C

yber

secu

rity

Sta

ndar

d: T

hird

Par

ty P

rovi

ders

and

det

erm

ined

tha

t th

ird p

artie

s re

quiri

ng a

cces

s to

com

pany

com

putin

g sy

stem

s or

ele

ctro

nic

data

mus

t pa

rtic

ipat

e in

and

com

plet

e th

e cy

bers

ecur

ity r

isk

asse

ssm

ent

proc

ess

befo

re t

hey

are

allo

wed

to

acce

ss c

ompa

ny c

ompu

ting

syst

ems

or e

lect

roni

c da

ta.

3. D

eter

min

e w

heth

er a

pr

oced

ure

exis

ts t

o en

sure

new

cu

stom

ers

rece

ive

notic

e of

C

ompa

ny’s

rea

sons

for

col

lect

ing,

us

ing,

sto

ring,

or

disc

losi

ng

Cov

ered

Info

rmat

ion.

3.a.

Rev

iew

ed t

he C

PU

C S

mar

t G

rid P

rivac

y D

ecis

ion

Trac

king

doc

umen

t an

d no

ted

that

it p

rovi

des

cust

omer

writ

ten

notic

e w

hen

conf

irmin

g a

new

cus

tom

er a

ccou

nt. A

t le

ast

once

a y

ear

SC

E s

hall

info

rm c

usto

mer

how

the

y m

ay o

btai

n a

copy

of

cove

red

entit

y no

tice

rega

rdin

g th

e ac

cess

ing,

co

llect

ion,

sto

rage

, use

, and

dis

clos

ure

of C

over

ed In

form

atio

n.

3.b.

Rev

iew

ed r

espo

nse

from

Sr.

Man

ager

, Dig

ital t

eam

, not

ed t

hat

new

cus

tom

ers

rece

ive

an e

mai

l or

pos

t ca

rd u

pon

regi

ster

ing

for

a ne

w a

ccou

nt. T

he n

otic

e in

clud

es a

link

to

the

priv

acy

notic

e. T

he

defa

ult

is t

o se

nd t

he n

otic

e by

em

ail,

but

post

car

ds a

re s

ent

to n

ew c

usto

mer

s w

ho d

o no

t pr

ovid

e an

em

ail a

ddre

ss.

3.c.

Rev

iew

ed A

nnua

l Bill

inse

rts

incl

uded

with

the

Nov

embe

r 20

15 b

ills

for

resi

dent

ial a

nd

com

mer

cial

cus

tom

ers

title

d C

usto

mer

Con

nect

ion

and

note

d th

at it

incl

udes

a li

nk t

o th

e P

rivac

y N

otic

e an

d an

ale

rt r

elat

ed t

o cu

stom

er s

cam

s.

4. D

eter

min

e w

heth

er S

CE

ef

fect

ivel

y m

onito

rs c

ompl

ianc

e w

ith it

s co

llect

ion,

use

, sto

rage

, an

d di

sclo

sure

pra

ctic

es.

4.a.

Rev

iew

ed t

he C

ompl

ianc

e C

oord

inat

ion

& E

nter

pris

e C

ompl

ianc

e M

anag

emen

t S

yste

m (E

CM

S)

Dep

loym

ent

2015

doc

umen

t an

d no

ted

that

EC

MS

was

dep

loye

d w

ithin

the

Com

pany

to

cent

raliz

e co

mpl

ianc

e re

quire

men

ts a

nd m

onito

r an

d tr

ack

com

plia

nce

stat

us a

nd a

ccou

ntab

ility

.

4.b.

Met

with

Priv

acy

Com

plia

nce

Pro

gram

Lea

der,

and

Sr.

Att

orne

y, L

aw D

epar

tmen

t, a

nd w

as

info

rmed

tha

t as

par

t of

the

Priv

acy

Com

plia

nce

Pro

gram

, the

Priv

acy

Com

plia

nce

and

Law

D

epar

tmen

t ar

e in

volv

ed in

mon

itorin

g co

mpl

ianc

e re

quire

men

ts f

rom

the

CP

UC

(with

the

Law

D

epar

tmen

t ha

ving

dire

ct c

onta

ct w

ith t

he C

PU

C),

indu

stry

tra

de g

roup

s, a

nd in

tera

ctio

n w

ith o

ther

ut

ilitie

s. C

ompl

ianc

e an

d re

port

ing

requ

irem

ents

are

inpu

tted

by

the

Priv

acy

Com

plia

nce

Pro

gram

Le

ader

and

ver

ified

by

the

Law

Dep

artm

ent

via

the

EC

MS

sys

tem

, whi

ch a

ssig

ns a

uni

que

proc

ess

owne

r an

d id

entif

ies

rele

vant

con

trol

s in

ord

er t

o en

sure

com

plia

nce

4.c.

Met

with

Man

ager

, Aud

it S

ervi

ces,

and

was

info

rmed

tha

t A

udit

Ser

vice

s pe

rfor

ms

seve

ral

audi

ts e

ach

year

ass

ocia

ted

with

ent

erpr

ise

risks

. In

2015

, thr

ee a

udits

wer

e co

nduc

ted

rela

ted

to

priv

acy

and

secu

rity,

how

ever

non

e of

the

se a

udits

dire

ctly

dea

lt w

ith C

over

ed In

form

atio

n.

4.d.

Rev

iew

ed t

he D

ata

Priv

acy

Gov

erna

nce

Aud

it re

port

per

form

ed b

y A

udit

Ser

vice

s du

ring

the

cove

red

perio

d an

d no

ted

that

Aud

it S

ervi

ces

dete

rmin

ed t

hat

the

priv

acy

prog

ram

is w

ell d

esig

ned

and

impl

emen

ted

and

conc

lude

d th

e au

dit

as “

satis

fact

ory

with

exc

eptio

ns.”

– 28

–

© 2

016

KP

MG

LLP

, a D

elaw

are

limite

d lia

bilit

y pa

rtne

rshi

p an

d th

e U

.S. m

embe

r fir

m o

f th

e K

PM

G n

etw

ork

of in

depe

nden

t m

embe

r fir

ms

affil

iate

d w

ith K

PM

G In

tern

atio

nal C

oope

rativ

e (“

KP

MG

Inte

rnat

iona

l”),

a S

wis

s en

tity.

All

right

s re

serv

ed. N

DP

PS

576

245

The

KP

MG

nam

e an

d lo

go a

re r

egis

tere

d tr

adem

arks

or

trad

emar

ks o

f K

PM

G In

tern

atio

nal.

CP

UC

R

ule

3

Ru

le D

escr

ipti

on

R

eten

tio

n T

ime:

The

notic

e re

quire

d un

der

sect

ion

2 sh

all p

rovi

de:

The

appr

oxim

ate

perio

d of

tim

e th

at c

over

ed in

form

atio

n w

ill b

e re

tain

ed b

y th

e co

vere

d en

tity;

b

Ass

essm

ent

pro

ced

ure

s A

sses

smen

t re

sult

s E

xcep

tio

ns

1. D

eter

min

e w

heth

er S

CE

’s

Priv

acy

Not

ice

addr

esse

s th

e re

tent

ion

of C

over

ed In

form

atio

n.

1. R

evie

wed

the

Not

ice

of A

cces

sing

, Col

lect

ing,

Sto

ring,

Usi

ng a

n D

iscl

osin

g E

nerg

y U

sage

In

form

atio

n, p

ublic

ly a

vaila

ble

on S

CE

.com

, and

not

ed t

hat

the

notic

e ad

dres

ses

the

rete

ntio

n of

en

ergy

usa

ge in

form

atio

n "W

e w

ill r

etai

n al

l Ene

rgy

Usa

ge in

form

atio

n in

com

plia

nce

with

the

law

an

d on

ly a

s lo

ng a

s re

ason

ably

nec

essa

ry o

r as

aut

horiz

ed b

y th

e C

PU

C t

o ac

com

plis

h on

e of

the

pr

imar

y pu

rpos

es d

escr

ibed

abo

ve o

r fo

r a

purp

ose

that

you

spe

cific

ally

aut

horiz

e."

CP

UC

R

ule

3

Ru

le d

escr

ipti

on

C

ust

om

er L

imit

atio

n:

The

notic

e re

quire

d un

der

sect

ion

2 sh

all p

rovi

de a

des

crip

tion

of

(1) t

he m

eans

by

whi

ch c

usto

mer

s m

ay v

iew

, inq

uire

abo

ut, o

r di

sput

e th

eir

cove

red

info

rmat

ion

c(1)

Ass

essm

ent

pro

ced

ure

s A

sses

smen

t re

sult

s E

xcep

tio

ns

1. D

eter

min

e w

heth

er S

CE

’s

Priv

acy

Not

ice

addr

esse

s cu

stom

ers’

abi

lity

to v

iew

, in

quire

, or

disp

ute

thei

r C

over

ed

Info

rmat

ion

or o

ther

PII.

1.a.

Rev

iew

ed t

he N

otic

e of

Acc

essi

ng, C

olle

ctin

g, S

torin

g, U

sing

and

Dis

clos

ing

Ene

rgy

Usa

ge

Info

rmat

ion,

pub

licly

ava

ilabl

e on

SC

E.c

om, a

nd n

oted

tha

t cu

stom

ers

may

con

tact

the

Chi

ef E

thic

s an

d C

ompl

ianc

e O

ffic

er t

hrou

gh m

ail,

emai

l or

phon

e w

ith a

ny q

uest

ions

and

to

find

out

how

the

y ca

n lim

it, v

iew

, or

disp

ute

the

disc

lose

d in

form

atio

n.

1.b.

Rev

iew

ed a

n au

tom

ated

em

ail s

ent

by S

CE

to

wel

com

e ne

w c

usto

mer

s w

ho p

rovi

de e

mai

l ad

dres

ses,

and

a p

ostc

ard

mai

led

to t

hose

who

don

’t p

rovi

de e

mai

l add

ress

, and

obs

erve

d th

at S

CE

di

sclo

ses

that

:

—C

usto

mer

s ca

n m

anag

e on

line

billi

ng t

hrou

gh "M

y A

ccou

nt;"

—C

usto

mer

s m

ay v

isit

SC

E’s

Priv

acy

Not

ice

thro

ugh

a w

eb li

nk p

rovi

ded.

– 29

–

© 2

016

KP

MG

LLP

, a D

elaw

are

limite

d lia

bilit

y pa

rtne

rshi

p an

d th

e U

.S. m

embe

r fir

m o

f th

e K

PM

G n

etw

ork

of in

depe

nden

t m

embe

r fir

ms

affil

iate

d w

ith K

PM

G In

tern

atio

nal C

oope

rativ

e (“

KP

MG

Inte

rnat

iona

l”),

a S

wis

s en

tity.

All

right

s re

serv

ed. N

DP

PS

576

245

The

KP

MG

nam

e an

d lo

go a

re r

egis

tere

d tr

adem

arks

or

trad

emar

ks o

f K

PM

G In

tern

atio

nal.

CP

UC

R

ule

3

Ru

le d

escr

ipti

on

C

ust

om

er L

imit

atio

n:

The

notic

e re

quire

d un

der

sect

ion

2 sh

all p

rovi

de a

des

crip

tion

of:

(2) t

he m

eans

, if

any,

by

whi

ch c

usto

mer

s m

ay li

mit

the

colle

ctio

n, u

se, s

tora

ge o

r di

sclo

sure

of

cove

red

info

rmat

ion

and

the

cons

eque

nces

to

cust

omer

s if

they

exe

rcis

e su

ch li

mits

. c(

2)

Ass

essm

ent

pro

ced

ure

s A

sses

smen

t re

sult

s E

xcep

tio

ns

1. D

eter

min

e w

heth

er S

CE

’s

priv

acy

notic

es a

ddre

ss

expl

icit/

impl

icit

cust

omer

cho

ice

and

cons

ent

rega

rdin

g da

ta

colle

ctio

n, u

se, h

andl

ing,

and

di

sclo

sure

pra

ctic

es, a

nd t

he

cons

eque

nces

for

den

ying

co

nsen

t.

1. R

evie

wed

the

Priv

acy

Not

ice,

last

upd

ated

on

May

26,

201

5 an

d pu

blic

ly a

vaila

ble

on S

CE

.com

. O

bser

ved

that

it in

clud

es d

ata

priv

acy

rela

ted

links

as

follo

ws:

—A

link

to

the

Web

site

Priv

acy

Not

ice,

—A

link

to

the

Not

ice

of A

cces

sing

, Col

lect

ing,

Sto

ring,

Usi

ng a

nd D

iscl

osin

g E

nerg

y U

sage

In

form

atio

n,

—C

onta

ct in

form

atio

n fo

r qu

estio

ns r

elat

ing

to d

ata

priv

acy,

—D

efin

ition

of

"Per

sona

l Inf

orm

atio

n" a

s de

fined

by

SC

E.

2. D

eter

min

e w

heth

er S

CE

’s

priv

acy

notic

es a

ddre

ss t

he

expl

icit/

impl

icit

cons

ent

requ

ired

to c

olle

ct, u

se, a

nd d

iscl

ose

Cov

ered

Info

rmat

ion

and

othe

r P

erso

nal I

nfor

mat

ion.

2. R

evie

wed

the

Not

ice

of A

cces

sing

, Col

lect

ing,

Sto

ring,

Usi

ng a

nd D

iscl

osin

g E

nerg

y U

sage

In

form

atio

n an

d no

ted

that

it a

ddre

ss e

xplic

it co

nsen

t and

con

sequ

ence

s fo

r de

nyin

g su

ch c

onse

nt.

The

Not

ice

expl

icitl

y ad

dres

ses

met

hods

for

the

cus

tom

ers

to "O

pt-O

ut,"

whi

ch a

llow

s cu

stom

ers

to

deny

con

sent

for

SC

E t

o co

llect

, sto

re, u

se, a

nd d

iscl

ose

thei

r C

over

ed In

form

atio

n. In

par

ticul

ar, t

he

Not

ice

incl

udes

the

fol

low

ing:

—“…

You

hav

e th

e rig

ht t

o no

t pr

ovid

e us

you

r S

ocia

l Sec

urity

Num

ber

but

you

may

be

char

ged

a de

posi

t or

hav

e th

e de

posi

t w

aive

d if

enro

lled

in D

irect

Pay

men

t.”

—“…

You

hav

e th

e rig

ht n

ot t

o pr

ovid

e yo

ur e

mai

l add

ress

how

ever

, you

will

not

be

able

to

take

adv

anta

ge o

f ou

r di

gita

l ser

vice

s su

ch a

s el

ectr

onic

bill

ing

and

paym

ents

.”

3. D

eter

min

e w

heth

er

com

mun

icat

ion

to in

divi

dual

s ad

dres

s th

e co

nseq

uenc

es o

f de

nyin

g co

nsen

t.

3. S

ee C

PU

C R

ule

3 c

(2) 2

.a. A

sses

smen

t Te

st R

esul

ts f

or d

etai

ls.

4. In

spec

t S

CE

’s s

yste

ms

whe

re

Cus

tom

er E

nerg

y U

sage

Dat

a is

co

llect

ed t

o de

term

ine

whe

ther

cu

stom

ers’

impl

icit

or e

xplic

it co

nsen

t pr

efer

ence

s ar

e ca

ptur

ed

(bef

ore

data

tra

nsfe

r).

4.a.

Rev

iew

ed t

he "W

ays

to A

cces

s an

d S

hare

You

r U

sage

Dat

a" w

eb p

age

on S

CE

.com

and

not

ed

that

it p

rovi

des

inst

ruct

ions

to

cust

omer

s on

how

the

y ca

n au

thor

ize

shar

ing

thei

r da

ta w

ith a

Thi

rd

Par

ty v

endo

r.

4.b.

Obs

erve

d sc

reen

shot

s of

the

Dat

a S

harin

g ta

b an

d no

ted

that

cus

tom

ers

can

sele

ct t

he t

ypes

of

data

, the

fre

quen

cy, a

nd t

he d

urat

ion

for

whi

ch t

hey

will

sha

re w

ith a

sel

ecte

d Th

ird P

arty

.

– 30

–

© 2

016

KP

MG

LLP

, a D

elaw

are

limite

d lia

bilit

y pa

rtne

rshi

p an

d th

e U

.S. m

embe

r fir

m o

f th

e K

PM

G n

etw

ork

of in

depe

nden

t m

embe

r fir

ms

affil

iate

d w

ith K

PM

G In

tern

atio

nal C

oope

rativ

e (“

KP

MG

Inte

rnat

iona

l”),

a S

wis

s en

tity.

All

right

s re

serv

ed. N

DP

PS

576

245

The

KP

MG

nam

e an

d lo

go a

re r

egis

tere

d tr

adem

arks

or

trad

emar

ks o

f K

PM

G In

tern

atio

nal.

CP

UC

RU

LE 4

Ind

ivid

ual

par

tici

pat

ion

(ac

cess

an

d c

on

tro

l)

Ove

rall

Co

ncl

usi

on

N

o e

xcep

tio

ns

no

ted

.

CP

UC

R

ule

4

Ru

le d

escr

ipti

on

A

cces

s:

Cov

ered

ent

ities

sha

ll pr

ovid

e to

cus

tom

ers

upon

req

uest

con

veni

ent

and

secu

re a

cces

s to

the

ir co

vere

d in

form

atio

n:

(1) i

n an

eas

ily r

eada

ble

form

at t

hat

is a

t a

leve

l no

less

det

aile

d th

an t

hat a

t w

hich

the

cov

ered

ent

ity d

iscl

oses

the

dat

a to

th

ird p

artie

s.

a(1)

Ass

essm

ent

pro

ced

ure

s A

sses

smen

t re

sult

s E

xcep

tio

ns

1. D

eter

min

e w

heth

er S

CE

’s

Priv

acy

Not

ice

addr

esse

s th

e pr

ovis

ion

of a

cces

s to

indi

vidu

als

to t

heir

Cov

ered

Info

rmat

ion.

1. R

evie

wed

Not

ice

of A

cces

sing

, Col

lect

ing,

Sto

ring,

Usi

ng, a

nd D

iscl

osin

g E

nerg

y U

sage

In

form

atio

n on

line

and

note

d th

at it

sta

tes

that

mos

t cu

stom

ers

can

find

thei

r in

form

atio

n on

the

ir m

onth

ly b

ills

or o

n S

CE

’s w

ebsi

te. A

lso,

not

ed t

hat

to r

ecei

ve in

stan

t ac

cess

to

bill,

mak

e pa

ymen

ts,

and

rece

ive

impo

rtan

t al

erts

, the

cus

tom

er m

ust

regi

ster

for

the

SC

E.c

om M

y A

ccou

nt s

ervi

ce,

whi

ch r

equi

res

an e

mai

l add

ress

. Als

o, n

oted

tha

t cus

tom

ers

have

the

rig

ht t

o op

t ou

t of

rec

eivi

ng

emai

ls. O

nce

a cu

stom

er is

reg

iste

red

to u

se S

CE

.com

My

Acc

ount

, the

y ca

n op

t ou

t of

fut

ure

mai

lings

in M

y A

ccou

nt.

2. D

eter

min

e w

heth

er S

CE

’s

inte

rnal

pol

icie

s de

scrib

e th

e pr

oces

s fo

r pr

ovid

ing

cust

omer

s w

ith a

cces

s to

the

ir C

over

ed

Info

rmat

ion.

2. R

evie

wed

the

SC

E.c

om U

ser

ID t

o C

SS

Acc

ount

Str

uctu

re "L

inki

ng" P

roce

ss a

nd n

oted

tha

t gu

idel

ines

are

pro

vide

d to

cal

l cen

ters

and

cus

tom

er s

ervi

ce e

mpl

oyee

s to

hel

p pr

ovid

e cu

stom

ers

with

acc

ess

to t

heir

Cov

ered

Info

rmat

ion.

3. D

eter

min

e w

heth

er c

usto

mer

s ca

n ac

cess

the

ir C

over

ed

Info

rmat

ion

in a

det

aile

d, y

et

easy

-to-

read

for

mat

.

3.a.

Rev

iew

ed S

CE

.com

and

not

ed t

hat

cust

omer

s ca

n ac

cess

the

ir en

ergy

usa

ge d

ata

usin

g th

eir

user

ID t

hrou

gh t

he M

y A

ccou

nt s

ervi

ce.

3.b.

Rev

iew

ed a

sam

ple

cust

omer

bill

and

not

ed t

hat

mon

thly

bill

s pr

ovid

e cu

stom

ers

with

ave

rage

us

age

leve

ls f

or t

he p

rece

ding

12

mon

ths

and

the

prec

edin

g ye

ar f

or t

he m

onth

ly b

ill c

ycle

.

3.c.

Exa

min

ed f

our

My

Acc

ount

scr

eens

hots

and

not

ed t

hat

cust

omer

s ca

n se

lect

the

Opt

ion,

"U

nder

stan

d m

y B

ill" f

rom

the

Bill

Pag

e an

d ac

cess

the

ir U

sage

and

Tie

r le

vel i

n an

eas

y to

rea

d fo

rmat

. Als

o, n

oted

tha

t th

ey c

an g

o to

the

ir M

y A

ccou

nt H

ome

Pag

e an

d ac

cess

the

ir U

sage

at

an

hour

ly le

vel,

Rec

ent

Leve

l, B

illed

Mon

ths,

and

Mon

thly

Tre

nd in

form

atio

n. C

usto

mer

s ca

n al

so

acce

ss t

heir

acco

unt

data

thr

ough

the

mai

l if

they

do

not

have

a M

y A

ccou

nt s

et u

p.

– 31

–

© 2

016

KP

MG

LLP

, a D

elaw

are

limite

d lia

bilit

y pa

rtne

rshi

p an

d th

e U

.S. m

embe

r fir

m o

f th

e K

PM

G n

etw

ork

of in

depe

nden

t m

embe

r fir

ms

affil

iate

d w

ith K

PM

G In

tern

atio

nal C

oope

rativ

e (“

KP

MG

Inte

rnat

iona

l”),

a S

wis

s en

tity.

All

right

s re

serv

ed. N

DP

PS

576

245

The

KP

MG

nam

e an

d lo

go a

re r

egis

tere

d tr

adem

arks

or

trad

emar

ks o

f K

PM

G In

tern

atio

nal.

CP

UC

Ru

le

4 R

ule

des

crip

tio

n

Co

ntr

ol:

Cov

ered

ent

ities

sha

ll pr

ovid

e cu

stom

ers

with

con

veni

ent

mec

hani

sms

for:

(1) g

rant

ing

and

revo

king

aut

horiz

atio

n fo

r se

cond

ary

uses

of

cove

red

info

rmat

ion,

(2) d

ispu

ting

the

accu

racy

or

com

plet

enes

s of

cov

ered

info

rmat

ion

that

the

cov

ered

ent

ity is

sto

ring

or d

istr

ibut

ing

for

any

prim

ary

or s

econ

dary

pur

pose

, and

(3) r

eque

stin

g co

rrec

tions

or

amen

dmen

ts t

o co

vere

d in

form

atio

n th

at t

he c

over

ed e

ntity

is c

olle

ctin

g, s

torin

g, u

sing

, or

dist

ribut

ing

for

any

prim

ary

or s

econ

dary

pur

pose

.

b(1

)-(3

)

Ass

essm

ent

pro

ced

ure

s A

sses

smen

t re

sult

s E

xcep

tio

ns

1. D

eter

min

e w

heth

er S

CE

has

a

proc

ess

in p

lace

for

pro

vidi

ng

cust

omer

s w

ith a

cces

s to

gra

nt

and

revo

ke a

utho

rizat

ion

for

seco

ndar

y pu

rpos

es.

1.a.

SC

E d

oes

not

volu

ntar

ily e

ngag

e in

sec

onda

ry p

urpo

ses.

See

als

o C

PU

C R

ule

6d (1

- 3)

A

sses

smen

t Te

st R

esul

ts f

or d

etai

ls.

1.

b. M

et w

ith P

rivac

y C

ompl

ianc

e P

rogr

am L

eade

r, a

nd S

r. A

ttor

ney,

Law

Dep

artm

ent,

and

was

in

form

ed t

hat

SC

E d

oes

not

volu

ntar

ily c

olle

ct o

r us

e in

form

atio

n fo

r se

cond

ary

purp

oses

. SC

E o

nly

uses

and

col

lect

s in

form

atio

n fo

r P

rimar

y P

urpo

ses

as d

efin

ed b

y th

e C

PU

C P

rivac

y D

ecis

ion

(D. 1

1-07

-056

) and

tho

se r

easo

ns a

re id

entif

ied

in t

he N

otic

e of

Acc

essi

ng, C

olle

ctin

g, S

torin

g, U

sing

, and

D

iscl

osin

g E

nerg

y U

sage

Info

rmat

ion,

whi

ch is

pub

licly

ava

ilabl

e on

SC

E.c

om.

1.c.

Met

with

Prin

cipa

l Man

ager

, Bill

ing

Ope

ratio

ns M

anag

emen

t, a

nd B

usin

ess

Ana

lyst

, Bill

ing

Ope

ratio

ns M

anag

emen

t an

d no

ted

that

cus

tom

er c

onse

nt is

req

uire

d pr

ior

to d

iscl

osur

e of

cu

stom

er in

form

atio

n th

roug

h th

e au

thor

izat

ion

form

: Cus

tom

er In

form

atio

n S

tand

ardi

zed

Req

uest

(C

ISR

For

m).

We

revi

ewed

the

CIS

R F

orm

, pub

licly

ava

ilabl

e on

SC

E.c

om, a

nd n

oted

tha

t su

ch

cons

ent

wou

ld b

e co

nfirm

ed, t

rack

ed, a

nd r

enew

ed a

t m

axim

um in

terv

als

of 3

yea

rs.

1.d.

Rev

iew

ed t

he C

ISR

For

m t

empl

ate

as w

ell a

s co

mpl

eted

CIS

R F

orm

sam

ples

and

not

ed t

hat

cust

omer

s pr

ovid

ed a

utho

rizat

ion

and

cons

ent

for

disc

losu

re o

f sp

ecifi

c ac

coun

t in

form

atio

n to

de

sign

ated

thi

rd p

artie

s fo

r in

terv

als

such

as

sing

le-t

ime

cons

ent,

one

yea

r co

nsen

t, o

r cu

stom

tim

e in

terv

al (a

s se

lect

ed b

y th

e cu

stom

er a

nd f

or a

per

iod

of u

p to

thr

ee y

ears

).

2. D

eter

min

e w

heth

er S

CE

has

a

proc

ess

in p

lace

for

cus

tom

ers

to

acce

ss t

heir

Cov

ered

Info

rmat

ion

and

disp

ute

its a

ccur

acy

and

com

plet

enes

s.

2.a.

Rev

iew

ed N

otic

e of

Acc

essi

ng, C

olle

ctin

g, S

torin

g, U

sing

and

Dis

clos

ing

Ene

rgy

Usa

ge

Info

rmat

ion

avai

labl

e pu

blic

ly o

n S

CE

.com

and

not

ed t

hat

cust

omer

s ha

ve a

cces

s to

the

ir C

over

ed

Info

rmat

ion

thro

ugh

mon

thly

bill

s an

d th

eir

SC

E o

nlin

e ac

coun

t ca

lled

My

Acc

ount

. Cov

ered

In

form

atio

n is

pro

vide

d as

act

ual u

sage

and

dis

play

s ho

urly

usa

ge in

15-

min

ute

inte

rval

s. C

usto

mer

s ca

n co

ntac

t S

CE

thr

ough

pho

ne, w

eb, o

r m

ail w

ith q

uest

ions

, con

cern

s an

d co

mpl

aint

s.

2.b.

Met

with

Man

ager

, Cus

tom

er C

onta

ct C

ente

r, an

d pe

rfor

med

a w

alkt

hrou

gh o

f th

e Ir

win

dale

C

onta

ct C

ente

r, w

hich

incl

uded

list

enin

g to

sam

ple

cust

omer

cal

ls, a

nd n

oted

tha

t C

usto

mer

S

olut

ions

Rep

rese

ntat

ives

(CS

Rs)

hav

e th

e ab

ility

to

mak

e up

date

s to

cus

tom

er p

rofil

es u

pon

requ

est

and

also

pro

mpt

cus

tom

ers

to c

ompl

ete

or u

pdat

e th

eir

Per

sona

l Inf

orm

atio

n on

file

with

S

CE

, as

nece

ssar

y.

– 32

–

© 2

016

KP

MG

LLP

, a D

elaw

are

limite

d lia

bilit

y pa

rtne

rshi

p an

d th

e U

.S. m

embe

r fir

m o

f th

e K

PM

G n

etw

ork

of in

depe

nden

t m

embe

r fir

ms

affil

iate

d w

ith K

PM

G In

tern

atio

nal C

oope

rativ

e (“

KP

MG

Inte

rnat

iona

l”),

a S

wis

s en

tity.

All

right

s re

serv

ed. N

DP

PS

576

245

The

KP

MG

nam

e an

d lo

go a

re r

egis

tere

d tr

adem

arks

or

trad

emar

ks o

f K

PM

G In

tern

atio

nal.

2.c.

Rev

iew

ed S

CE

’s M

y A

ccou

nt a

nd G

reen

But

ton

prog

ram

pag

es o

n th

e w

ebsi

te a

nd n

oted

tha

t cu

stom

ers

who

hav

e an

onl

ine

My

Acc

ount

use

rnam

e an

d pa

ssw

ord,

in a

dditi

on t

o el

ectr

ic

Sm

artM

eter

s co

nnec

ted

to t

he n

etw

ork,

can

acc

ess

thei

r la

st 3

6 m

onth

s of

the

ir C

EU

D t

hrou

gh t

he

My

Acc

ount

pag

e.

2.d.

Obt

aine

d an

d in

spec

ted

scre

ensh

ots

of M

y A

ccou

nt u

sage

rep

orts

and

not

ed t

hat

cust

omer

s w

ho h

ave

My

Acc

ount

acc

ess

with

SC

E c

an a

cces

s th

eir

Ene

rgy

Usa

ge D

ata

thro

ugh

the

"Usa

ge"

tab

avai

labl

e on

the

ir "M

y A

ccou

nt H

ome"

sec

tion

page

. The

res

ultin

g in

tera

ctiv

e gr

aph

orga

nize

s th

e cu

stom

er’s

ele

ctric

ity u

sage

dat

a by

mon

th, b

illin

g cy

cle,

day

, or

15-m

inut

e in

terv

al, a

s se

lect

ed b

y th

e cu

stom

er. I

n ad

ditio

n, M

y A

ccou

nt p

rovi

des

cust

omer

s w

ith o

nlin

e ac

cess

to

usag

e an

d ot

her

Per

sona

l Inf

orm

atio

n, a

s w

ell a

s th

e ab

ility

to

disp

ute

pote

ntia

l inc

orre

ct/in

accu

rate

dat

a.

2.e.

Rev

iew

ed s

ampl

es o

f cu

stom

er b

ills

and

note

d th

at t

hey

incl

ude

a ph

one

num

ber

avai

labl

e fr

om

6AM

to

9PM

, Mon

day

thro

ugh

Frid

ay, a

nd 8

AM

thr

ough

5P

M o

n S

atur

days

(1-8

00-6

84-8

123)

for

cu

stom

ers

to in

quire

, dis

pute

or

ques

tion

thei

r bi

ll. T

he b

ills

also

info

rm c

usto

mer

s th

at if

not

sa

tisfie

d w

ith S

CE

res

pons

e, t

hey

can

cont

act

the

CP

UC

Con

sum

er A

ffai

rs B

ranc

h by

mai

l, vi

a th

e in

tern

et, o

r ca

ll th

em. T

he b

ill a

lso

prov

ides

a p

re-a

ddre

ssed

tem

plat

e fo

r cu

stom

ers

to f

ill o

ut a

nd

upda

te o

r ch

ange

the

ir P

erso

nal I

nfor

mat

ion

on f

ile w

ith S

CE

.

3. D

eter

min

e w

heth

er S

CE

has

a

proc

ess

in p

lace

to

mak

e co

rrec

tions

or

amen

dmen

ts t

o th

e co

llect

ion,

sto

rage

, use

, or

dist

ribut

ion

of C

over

ed

Info

rmat

ion

upon

a c

usto

mer

’s

requ

est.

3.a.

Rev

iew

ed N

otic

e of

Acc

essi

ng, C

olle

ctin

g, S

torin

g, U

sing

, and

Dis

clos

ing

Ene

rgy

Usa

ge

Info

rmat

ion

and

note

d th

at it

indi

cate

s th

at c

usto

mer

s m

ay c

onta

ct S

CE

thr

ough

pho

ne, e

mai

l or

mai

l with

any

que

stio

ns, c

once

rns,

and

com

plai

nts.

3.b.

Lis

tene

d to

sam

ple

cust

omer

cal

ls a

t th

e Ir

win

dale

Con

tact

Cen

ter

and

note

d th

at C

SR

s, o

nce

verif

ied

the

acco

unt

owne

r, c

an u

pdat

e cu

stom

ers’

rec

ords

, inc

ludi

ng c

orre

ctin

g ad

dres

ses,

pho

ne

num

bers

, nam

es, a

nd s

ocia

l sec

urity

num

bers

.

3.c.

Rev

iew

ed S

mar

tMet

er O

pt-O

ut n

otic

e pu

blic

ly a

vaila

ble

at S

CE

.com

and

not

ed f

or c

usto

mer

s w

ho d

o no

t w

ish

to h

ave

adva

nced

met

ers

inst

alle

d on

the

ir ho

mes

, the

y ca

n op

t ou

t by

cal

ling

1-80

0-81

0-23

69. T

his

page

incl

udes

a F

AQ

sec

tion

with

det

ails

and

cos

ts a

ssoc

iate

d w

ith o

ptin

g ou

t.

3.d.

Rev

iew

ed C

onsu

mer

Aff

airs

--Com

plai

nt R

esol

utio

n-C

onfid

entia

l Tre

atm

ent

of R

ecor

ds P

olic

y an

d Fo

rmal

Com

plai

nt H

andb

ook

and

note

d cu

stom

ers

may

sub

mit

form

al a

nd in

form

al c

ompl

aint

s pu

rsua

nt t

o ap

plic

able

CP

UC

rul

es a

nd r

egul

atio

ns.

3.e.

Rev

iew

ed P

roce

dure

to

File

Con

fiden

tial C

usto

mer

Per

sona

l Dat

a U

nder

Sea

l and

not

ed t

hat

this

doc

umen

t is

a g

uida

nce

to S

CE

em

ploy

ees

who

pro

cess

cus

tom

er c

ompl

aint

s an

d de

tails

how

to

pro

cess

the

se c

ompl

aint

s co

nfid

entia

lly.

3.f.

Rev

iew

ed c

usto

mer

bill

sam

ples

and

not

ed t

hat

they

incl

ude

a ph

one

num

ber

avai

labl

e fr

om

6AM

to

9PM

, Mon

day

thro

ugh

Frid

ay, a

nd 8

AM

to

5PM

on

Sat

urda

ys (1

-800

-684

-812

3) f

or

cust

omer

s to

inqu

ire, d

ispu

te o

r qu

estio

n th

eir

bill.

The

bill

s al

so in

form

cus

tom

ers

that

if n

ot

satis

fied

with

SC

E r

espo

nse,

the

y ca

n co

ntac

t th

e C

PU

C C

onsu

mer

Aff

airs

Bra

nch

by m

ail,

via

the

– 33

–

© 2

016

KP

MG

LLP

, a D

elaw

are

limite

d lia

bilit

y pa

rtne

rshi

p an

d th

e U

.S. m

embe

r fir

m o

f th

e K

PM

G n

etw

ork

of in

depe

nden

t m

embe

r fir

ms

affil

iate

d w

ith K

PM

G In

tern

atio

nal C

oope

rativ

e (“

KP

MG

Inte

rnat

iona

l”),

a S

wis

s en

tity.

All

right

s re

serv

ed. N

DP

PS

576

245

The

KP

MG

nam

e an

d lo

go a

re r

egis

tere

d tr

adem

arks

or

trad

emar

ks o

f K

PM

G In

tern

atio

nal.

inte

rnet

, or

call

them

. The

bill

als

o pr

ovid

es a

pre

-add

ress

ed t

empl

ate

for

cust

omer

s to

fill

out

and

up

date

or

chan

ge t

heir

Per

sona

l Inf

orm

atio

n on

file

with

SC

E.

CP

UC

Ru

le

4 R

ule

Des

crip

tio

n

Dis

clo

sure

Pu

rsu

ant

to L

egal

Pro

cess

:

(1) E

xcep

t as

oth

erw

ise

prov

ided

in t

his

rule

or

expr

essl

y au

thor

ized

by

stat

e or

fed

eral

law

or

by o

rder

of

the

Com

mis

sion

, a

cove

red

entit

y sh

all n

ot d

iscl

ose

cove

red

info

rmat

ion

exce

pt p

ursu

ant

to a

war

rant

or

othe

r co

urt

orde

r na

min

g w

ith

spec

ifici

ty t

he c

usto

mer

s w

hose

info

rmat

ion

is s

ough

t. U

nles

s ot

herw

ise

dire

cted

by

a co

urt,

law

, or

orde

r of

the

C

omm

issi

on, c

over

ed e

ntiti

es s

hall

trea

t re

ques

ts f

or r

eal-t

ime

acce

ss t

o co

vere

d in

form

atio

n as

wire

taps

, req

uirin

g ap

prov

al

unde

r th

e fe

dera

l or

stat

e w

ireta

p la

w a

s ne

cess

ary.

(2) U

nles

s ot

herw

ise

proh

ibite

d by

cou

rt o

rder

, law

, or

orde

r of

the

Com

mis

sion

, a c

over

ed e

ntity

, upo

n re

ceip

t of

a

subp

oena

for

dis

clos

ure

of c

over

ed in

form

atio

n pu

rsua

nt t

o le

gal p

roce

ss, s

hall,

prio

r to

com

plyi

ng, n

otify

the

cus

tom

er in

w

ritin

g an

d al

low

the

cus

tom

er 7

day

s to

app

ear

and

cont

est

the

clai

m o

f th

e pe

rson

or

entit

y se

ekin

g di

sclo

sure

.

(6) O

n an

ann

ual b

asis

, cov

ered

ent

ities

sha

ll re

port

to

the

Com

mis

sion

the

num

ber

of d

eman

ds r

ecei

ved

for

disc

losu

re o

f cu

stom

er d

ata

purs

uant

to

lega

l pro

cess

or

purs

uant

to

situ

atio

ns o

f im

min

ent

thre

at t

o lif

e or

pro

pert

y an

d th

e nu

mbe

r of

cu

stom

ers

who

se r

ecor

ds w

ere

disc

lose

d. U

pon

requ

est

of th

e C

omm

issi

on, c

over

ed e

ntiti

es s

hall

repo

rt a

dditi

onal

in

form

atio

n to

the

Com

mis

sion

on

such

dis

clos

ures

. The

Com

mis

sion

may

mak

e su

ch r

epor

ts p

ublic

ly a

vaila

ble

with

out

iden

tifyi

ng t

he a

ffec

ted

cust

omer

s, u

nles

s m

akin

g su

ch r

epor

ts p

ublic

is p

rohi

bite

d by

sta

te o

r fe

dera

l law

or

by o

rder

of

the

Com

mis

sion

.

c(1)

-(6)

Ass

essm

ent

pro

ced

ure

s A

sses

smen

t re

sult

s E

xcep

tio

ns

1. D

eter

min

e w

heth

er S

CE

has

pr

oced

ures

in p

lace

to

ensu

re

prop

er h

andl

ing

and

docu

men

tatio

n of

any

Cov

ered

In

form

atio

n da

ta d

iscl

osur

es f

or

lega

l rea

sons

.

1.a.

Rev

iew

ed N

otic

e of

Acc

essi

ng, C

olle

ctin

g, S

torin

g, U

sing

and

Dis

clos

ing

Ene

rgy

Usa

ge

Info

rmat

ion

and

note

d cu

stom

ers

are

info

rmed

tha

t S

CE

doe

s no

t di

sclo

se C

over

ed In

form

atio

n w

ithou

t cu

stom

ers’

prio

r co

nsen

t, u

nles

s re

ques

ted

by 1

) law

enf

orce

men

t of

ficer

s pu

rsua

nt t

o le

gal

proc

ess,

2) c

ontr

acte

d Th

ird P

arty

for

Ess

entia

l Ser

vice

s, o

r 3)

the

CP

UC

, cer

tain

aca

dem

ic

rese

arch

ers

and

gove

rnm

enta

l age

ncie

s.

1.b.

Rev

iew

ed P

rivac

y P

olic

y gu

idan

ce d

ocum

ent

for

empl

oyee

s w

ith a

cces

s to

Per

sona

l Inf

orm

atio

n an

d no

ted

that

SC

E k

eeps

cus

tom

er P

II co

nfid

entia

l and

doe

s no

t di

sclo

se in

form

atio

n un

less

it is

to

a Th

ird P

arty

with

pre

viou

s w

ritte

n cu

stom

er c

onse

nt, o

r un

less

the

Com

pany

is o

ther

wis

e re

quire

d or

per

mitt

ed t

o di

sclo

se s

uch

info

rmat

ion

purs

uant

to

a le

gal p

roce

ss.

1.c.

Rev

iew

ed t

he A

dvic

e Le

tter

281

9-E

Tar

iff R

ule

25 f

iling

and

not

ed t

hat

upon

rec

eivi

ng o

f w

arra

nt

or o

ther

cou

rt o

rder

s su

ch a

s su

bpoe

na f

or d

iscl

osur

e of

Cov

ered

Info

rmat

ion

for

lega

l pur

pose

s,

SC

E n

otifi

es t

he c

usto

mer

in w

ritin

g an

d al

low

s 7

days

for

the

cus

tom

er t

o co

ntes

t di

sclo

sure

.

1.d.

Rev

iew

ed t

he A

dvic

e Le

tter

281

9-E

Tar

iff R

ule

25 f

iling

and

not

ed t

hat

cust

omer

s’ e

xplic

it co

nsen

t is

req

uire

d fo

r di

sclo

sure

of

Cov

ered

Info

rmat

ion

for

seco

ndar

y pu

rpos

es. P

rior

expl

icit

– 34

–

© 2

016

KP

MG

LLP

, a D

elaw

are

limite

d lia

bilit

y pa

rtne

rshi

p an

d th

e U

.S. m

embe

r fir

m o

f th

e K

PM

G n

etw

ork

of in

depe

nden

t m

embe

r fir

ms

affil

iate

d w

ith K

PM

G In

tern

atio

nal C

oope

rativ

e (“

KP

MG

Inte

rnat

iona

l”),

a S

wis

s en

tity.

All

right

s re

serv

ed. N

DP

PS

576

245

The

KP

MG

nam

e an

d lo

go a

re r

egis

tere

d tr

adem

arks

or

trad

emar

ks o

f K

PM

G In

tern

atio

nal.

cons

ent

for

disc

losu

re is

not

req

uire

d in

situ

atio

ns p

ursu

ant

to a

lega

l pro

cess

, im

min

ent

thre

at t

o lif

e or

pro

pert

y, o

r is

aut

horiz

ed b

y th

e C

omm

issi

on p

ursu

ant

to it

s ju

risdi

ctio

n.

1.e.

Rev

iew

ed G

uide

lines

and

Pro

cedu

res

for

Han

dlin

g th

e S

ervi

ce o

f S

umm

ons

and

Com

plai

nts,

S

ubpo

enas

, and

Oth

er L

egal

Doc

umen

ts g

uida

nce

docu

men

t av

aila

ble

to a

ll em

ploy

ees

in S

CE

’s

intr

anet

and

not

ed t

his

docu

men

t de

scrib

es p

roce

dure

s fo

r tr

eatin

g th

e re

ceip

t of

sum

mon

s an

d co

mpl

aint

s, s

ubpo

enas

, and

oth

er le

gal d

ocum

ents

. Not

ed t

he f

ollo

win

g:

—W

hen

SC

E e

mpl

oyee

s re

ceiv

e a

sum

mon

s or

a s

ubpo

ena,

the

y ar

e re

quire

d to

con

tact

the

La

w D

epar

tmen

t an

d fo

rwar

d th

e re

ques

t to

the

SC

E S

ubpo

ena

Coo

rdin

ator

.

—Th

e La

w D

epar

tmen

t S

ubpo

ena

Coo

rdin

ator

and

res

pons

ible

att

orne

y co

ordi

nate

all

info

rmat

ion

prov

ided

for

a s

ubpo

ena.

—S

ubpo

enas

req

uest

ing

cust

omer

Per

sona

l Inf

orm

atio

n w

ill b

e co

mpl

ied

with

in t

he m

anne

r an

d w

ithin

the

tim

e in

dica

ted

in t

he b

ody

of t

he s

ubpo

ena.

1.f.

Rev

iew

ed S

harin

g P

erso

nal I

nfor

mat

ion

Inte

rnal

ly /

3rd

Par

ties

Inte

rnal

Por

tal a

rtic

le a

vaila

ble

to

all S

CE

em

ploy

ees

via

the

com

pany

’s in

tran

et a

nd n

oted

tha

t fo

r su

bpoe

nas

and

war

rant

s,

empl

oyee

s ar

e in

stru

cted

to

“ser

ve t

o th

e La

w D

epar

tmen

t’s

Sub

poen

a C

oord

inat

or a

t th

e G

ener

al

Off

ice

in R

osem

ead.

Acc

epta

nce

is p

rohi

bite

d at

all

othe

r lo

catio

ns."

The

Sub

poen

a C

oord

inat

or lo

gs

all s

umm

ons

and

com

plai

nts

into

the

Dat

a R

eque

st (D

R) m

odul

e w

ithin

SC

E’s

Cla

ims

Man

agem

ent

Sys

tem

(CM

IS),

cate

goriz

ing

the

subp

oena

by

type

, req

uest

or, a

nd t

he n

umbe

r of

acc

ount

s re

fere

nced

in t

he r

eque

st. S

umm

ons

and

com

plai

nts

are

revi

ewed

by

the

Sub

poen

a C

oord

inat

or a

nd

forw

arde

d to

the

app

ropr

iate

sec

tion

of t

he L

aw D

epar

tmen

t fo

r ha

ndlin

g.

2. In

spec

t do

cum

enta

tion

rega

rdin

g di

sclo

sure

of

Cov

ered

In

form

atio

n pu

rsua

nt t

o a

lega

l pu

rpos

e to

det

erm

ine

whe

ther

th

e en

tity

prop

erly

han

dled

the

de

man

d.

2.a.

Rev

iew

ed S

CE

’s W

ebsi

te P

rivac

y P

olic

y av

aila

ble

at

ww

w.s

ce.c

om/w

ps/p

orta

l/hom

e/pr

ivac

y/w

ebsi

te-p

rivac

y-no

tice

and

note

d th

at S

CE

sta

tes

that

the

C

ompa

ny m

ust

disc

lose

Per

sona

l Inf

orm

atio

n in

situ

atio

ns w

here

req

uire

d to

by

law

, as

com

pelle

d by

a s

ubpo

ena

or s

imila

r le

gal p

roce

ss.

2.b.

Rev

iew

ed t

he P

rivac

y P

olic

y in

tend

ed f

or a

ll S

CE

em

ploy

ees

via

SC

E’s

intr

anet

and

not

ed t

hat

Cov

ered

Info

rmat

ion

may

onl

y be

dis

clos

ed t

o a

third

-par

ty w

ith c

usto

mer

writ

ten

cons

ent

unle

ss

the

Com

pany

is o

ther

wis

e re

quire

d or

per

mitt

ed t

o di

sclo

se s

uch

info

rmat

ion

purs

uant

to

a le

gal

proc

ess.

Whe

n re

ceiv

ed, r

eque

sts

purs

uant

to

lega

l pro

cess

es a

re f

irst

docu

men

ted

by S

ubpo

ena

Coo

rdin

ator

s, a

nd t

hen

dire

cted

to

the

appr

opria

te a

ttor

neys

in t

he L

aw D

epar

tmen

t su

ppor

ting

the

Com

pany

’s P

rivac

y P

rogr

am. T

he L

aw d

epar

tmen

t ap

prov

es a

ny d

iscl

osur

e of

Cov

ered

Info

rmat

ion

to t

hird

par

ties

purs

uant

to

a le

gal p

roce

ss.

2.c.

Rev

iew

ed s

ampl

e S

earc

h W

arra

nt e

ntitl

ed S

tate

of

Cal

iforn

ia, C

ount

y of

Ora

nge,

Sea

rch

War

rant

an

d A

ffid

avit,

as

it w

as s

erve

d to

SC

E o

n 04

/15/

2015

and

not

ed t

hat

the

docu

men

t w

as f

ully

ex

ecut

ed b

y a

mag

istr

ate

of t

he O

rang

e C

ount

y S

uper

ior

Cou

rt o

f C

alifo

rnia

and

sta

ted

that

"the

in

form

atio

n w

ould

be

nece

ssar

y to

sho

w t

hat

a fe

lony

has

bee

n co

mm

itted

or

that

a p

artic

ular

pe

rson

has

com

mitt

ed a

fel

ony.

" Bas

ed u

pon

the

lang

uage

not

ed in

the

Not

ice

of A

cces

sing

,

– 35

–

© 2

016

KP

MG

LLP

, a D

elaw

are

limite

d lia

bilit

y pa

rtne

rshi

p an

d th

e U

.S. m

embe

r fir

m o

f th

e K

PM

G n

etw

ork

of in

depe

nden

t m

embe

r fir

ms

affil

iate

d w

ith K

PM

G In

tern

atio

nal C

oope

rativ

e (“

KP

MG

Inte

rnat

iona

l”),

a S

wis

s en

tity.

All

right

s re

serv

ed. N

DP

PS

576

245

The

KP

MG

nam

e an

d lo

go a

re r

egis

tere

d tr

adem

arks

or

trad

emar

ks o

f K

PM

G In

tern

atio

nal.

Col

lect

ing,

Sto

ring,

Usi

ng a

nd D

iscl

osin

g E

nerg

y U

sage

Info

rmat

ion,

SC

E f

ollo

wed

gui

delin

es a

nd

resp

onde

d to

thi

s su

bpoe

na.

3. In

spec

t th

e A

nnua

l Rep

ort

subm

itted

to

the

Com

mis

sion

to

dete

rmin

e w

heth

er t

he e

ntity

re

port

ed t

he n

umbe

r of

dem

ands

re

ceiv

ed f

or d

iscl

osur

e of

cu

stom

er d

ata

purs

uant

to

lega

l pr

oces

s an

d th

e nu

mbe

r of

cu

stom

ers

who

se r

ecor

ds w

ere

disc

lose

d.

3.a.

Insp

ecte

d th

e C

ompa

ny’s

201

5 A

nnua

l Priv

acy

Rep

ort

subm

itted

to

the

Com

mis

sion

on

Apr

il 28

, 20

16 a

nd d

eter

min

ed t

hat

the

Com

pany

rep

orte

d 1

dem

and

rece

ived

for

dis

clos

ure

of c

usto

mer

dat

a pu

rsua

nt t

o le

gal p

roce

ss a

nd 1

cus

tom

er w

hose

rec

ords

wer

e di

sclo

sed.

3.

b. S

ee C

PU

C R

ule

4c (1

- 6)

Ass

essm

ent

Test

Res

ult

2.c.

for

det

ails

.

– 36

–

© 2

016

KP

MG

LLP

, a D

elaw

are

limite

d lia

bilit

y pa

rtne

rshi

p an

d th

e U

.S. m

embe

r fir

m o

f th

e K

PM

G n

etw

ork

of in

depe

nden

t m

embe

r fir

ms

affil

iate

d w

ith K

PM

G In

tern

atio

nal C

oope

rativ

e (“

KP

MG

Inte

rnat

iona

l”),

a S

wis

s en

tity.

All

right

s re

serv

ed. N

DP

PS

576

245

The

KP

MG

nam

e an

d lo

go a

re r

egis

tere

d tr

adem

arks

or

trad

emar

ks o

f K

PM

G In

tern

atio

nal.

CP

UC

Ru

le

4 R

ule

des

crip

tio

n

Dis

clo

sure

of

Info

rmat

ion

in S

itu

atio

ns

of

Imm

inen

t T

hre

at t

o L

ife

or

Pro

per

ty:

Thes

e ru

les

conc

erni

ng a

cces

s, c

ontr

ol a

nd d

iscl

osur

e do

not

app

ly t

o in

form

atio

n pr

ovid

ed t

o em

erge

ncy

resp

onde

rs in

si

tuat

ions

invo

lvin

g an

imm

inen

t th

reat

to

life

or p

rope

rty.

Em

erge

ncy

disc

losu

res,

how

ever

, rem

ain

subj

ect

to r

epor

ting

rule

4(c

)(6).

d(1

)-(6

)

Ass

essm

ent

pro

ced

ure

s A

sses

smen

t re

sult

s E

xcep

tio

ns

1. D

eter

min

e w

heth

er C

ompa

ny

has

proc

edur

es in

pla

ce t

o en

sure

pr

oper

han

dlin

g an

d do

cum

enta

tion

of a

ny C

over

ed In

form

atio

n da

ta

disc

losu

res

in s

ituat

ions

of

imm

inen

t th

reat

to

life

or p

rope

rty.

1.a.

Rev

iew

ed t

he W

ebsi

te P

rivac

y P

olic

y an

d no

ted

that

the

com

pany

adv

ises

vis

itors

tha

t it

may

di

sclo

se P

erso

nal I

nfor

mat

ion

whe

n, "i

n go

od f

aith

tha

t di

sclo

sure

is n

eces

sary

to

law

enf

orce

men

t or

the

Uni

ted

Sta

tes’

Gov

ernm

ent,

to

prot

ect

[the

cus

tom

ers’

] rig

hts,

pro

tect

[cus

tom

ers’

] saf

ety

or

the

safe

ty o

f ot

hers

..."

1.b.

Met

with

Priv

acy

Com

plia

nce

Pro

gram

Lea

der,

and

Man

ager

, Cus

tom

er C

onta

ct C

ente

r, a

nd

disc

usse

d th

e di

sclo

sure

of

Per

sona

l Inf

orm

atio

n in

situ

atio

ns o

f im

min

ent

thre

at t

o lif

e or

pro

pert

y.

Not

ed t

hat

alth

ough

SC

E d

oes

not

have

a s

epar

ate

proc

edur

e fo

r ad

dres

sing

a r

eque

st f

or P

erso

nal

Info

rmat

ion

in s

ituat

ions

of

imm

inen

t th

reat

to

life

or p

rope

rty,

dis

clos

ures

in t

he s

ituat

ion

are

purs

uant

to

SC

E’s

Priv

acy

Pol

icy,

whi

ch s

tate

s th

e “T

he a

ppro

pria

te a

ttor

neys

in t

he L

aw

Dep

artm

ent,

res

pons

ible

for

sup

port

ing

the

Com

pany

’s p

rivac

y pr

ogra

m, s

hall

appr

ove

any

disc

losu

re o

f P

erso

nal I

nfor

mat

ion

to t

hird

par

ties

purs

uant

to

a le

gal p

roce

ss, e

mer

genc

y si

tuat

ion,

or

oth

er r

eque

st.”

2. In

spec

t do

cum

enta

tion

rega

rdin

g di

sclo

sure

of

Cov

ered

In

form

atio

n in

situ

atio

ns o

f im

min

ent

thre

at t

o lif

e of

pro

pert

y.

2.a.

Met

with

Priv

acy

Com

plia

nce

Pro

gram

Lea

der,

and

not

ed t

hat

the

Com

pany

has

not

rec

eive

d a

requ

est

for

Per

sona

l Inf

orm

atio

n in

situ

atio

ns o

f im

min

ent

thre

at t

o lif

e or

pro

pert

y.

2.b.

Rev

iew

ed t

he C

ompa

ny’s

201

5 A

nnua

l Priv

acy

Rep

ort

and

conf

irmed

tha

t no

req

uest

s fo

r C

over

ed In

form

atio

n w

ere

rece

ived

for

situ

atio

ns in

reg

ards

to

a th

reat

to

life

or p

rope

rty.

3. In

spec

t th

e A

nnua

l Rep

ort

subm

itted

to

the

Com

mis

sion

to

dete

rmin

e w

heth

er t

he C

ompa

ny

repo

rted

the

num

ber

of d

eman

ds

rece

ived

for

dis

clos

ure

of c

usto

mer

da

ta p

ursu

ant

to s

ituat

ions

of

imm

inen

t th

reat

to

life

or p

rope

rty

and

the

num

ber

of c

usto

mer

s w

hose

rec

ords

wer

e di

sclo

sed.

3. R

evie

wed

the

Com

pany

’s 2

015

Ann

ual P

rivac

y R

epor

t an

d no

ted

that

zer

o (0

) req

uest

s fo

r C

over

ed In

form

atio

n w

ere

rece

ived

for

situ

atio

ns in

reg

ards

to

a th

reat

to

life

or p

rope

rty

– 37

–

© 2

016

KP

MG

LLP

, a D

elaw

are

limite

d lia

bilit

y pa

rtne

rshi

p an

d th

e U

.S. m

embe

r fir

m o

f th

e K

PM

G n

etw

ork

of in

depe

nden

t m

embe

r fir

ms

affil

iate

d w

ith K

PM

G In

tern

atio

nal C

oope

rativ

e (“

KP

MG

Inte

rnat

iona

l”),

a S

wis

s en

tity.

All

right

s re

serv

ed. N

DP

PS

576

245

The

KP

MG

nam

e an

d lo

go a

re r

egis

tere

d tr

adem

arks

or

trad

emar

ks o

f K

PM

G In

tern

atio

nal.

CP

UC

RU

LE 5

Dat

a m

inim

izat

ion

Ove

rall

Co

ncl

usi

on

N

o e

xcep

tio

ns

no

ted

.

CP

UC

R

ule

5

Ru

le d

escr

ipti

on

G

ener

ally

:

Cov

ered

ent

ities

sha

ll co

llect

, sto

re, u

se, a

nd d

iscl

ose

only

as

muc

h co

vere

d in

form

atio

n as

is r

easo

nabl

y ne

cess

ary

or a

s au

thor

ized

by

the

Com

mis

sion

to

acco

mpl

ish

a sp

ecifi

c pr

imar

y pu

rpos

e id

entif

ied

in t

he n

otic

e re

quire

d un

der

sect

ion

2 or

fo

r a

spec

ific

seco

ndar

y pu

rpos

e au

thor

ized

by

the

cust

omer

. a A

sses

smen

t p

roce

du

res

Ass

essm

ent

resu

lts

Exc

epti

on

s

1. D

eter

min

e w

heth

er S

CE

has

da

ta m

inim

izat

ion

proc

edur

es in

pl

ace

as t

hey

rela

te t

o th

e co

llect

ion,

sto

rage

, usa

ge, a

nd

disc

losu

re o

f C

over

ed In

form

atio

n fo

r pr

imar

y pu

rpos

es.

1.a.

Rev

iew

ed t

he C

onsu

mer

Aff

airs

– C

ompl

aint

Res

olut

ion

- Con

fiden

tial T

reat

men

t of

Rec

ords

P

olic

y an

d no

ted

that

Con

sum

er A

ffai

rs e

mpl

oyee

s ar

e in

stru

cted

to

mai

ntai

n th

e co

nfid

entia

lity

of

cust

omer

com

plai

nts

thro

ugh

the

inta

ke a

nd r

evie

w p

roce

ss. C

ompl

aint

s sh

ould

be

mar

ked

as

"con

fiden

tial"

and

lock

ed o

n th

e la

ptop

or

in t

he d

esk.

1.b.

Rev

iew

ed t

he Id

entit

y Th

eft

Pre

vent

ion

proc

edur

e an

d no

ted

that

it a

ddre

sses

the

rel

ease

of

Cov

ered

Info

rmat

ion

to t

hird

par

ties,

inst

ruct

ing

pers

onne

l to

only

pro

vide

the

min

imum

info

rmat

ion

nece

ssar

y to

com

plet

e a

task

.

1.c.

Rev

iew

ed t

he 2

015

Eth

ics

and

Com

plia

nce

Com

mun

icat

ions

and

Out

reac

h tr

acki

ng s

heet

and

no

ted

that

the

dat

a m

inim

izat

ion

med

ia w

indo

w w

as p

oste

d to

the

por

tal o

n 10

/7/2

015.

1.d.

Obs

erve

d th

e D

ata

Min

imiz

atio

n P

orta

l art

icle

, whi

ch p

rovi

ded

empl

oyee

s w

ith s

ix

step

s/pr

oced

ures

as

they

rel

ate

to t

he c

olle

ctio

n, s

tora

ge, u

sage

, and

dis

clos

ure

of C

over

ed

Info

rmat

ion.

1.e.

Obs

erve

d th

e D

istr

ibut

ion

Por

tal a

rtic

le, w

hich

pro

vide

d em

ploy

ees

with

inst

ruct

ions

reg

ardi

ng

the

dist

ribut

ion

of c

usto

mer

Cov

ered

Info

rmat

ion

and

empl

oyee

Per

sona

l Inf

orm

atio

n to

thi

rd

part

ies.

1.f.

Met

with

Man

ager

, Loc

al G

over

nmen

t an

d P

artn

ersh

ip, a

nd w

as in

form

ed t

hat

as it

rel

ates

to

Dire

ct A

cces

s/E

nerg

y S

ervi

ce P

rovi

ders

and

Com

mun

ity C

hoic

e A

ggre

gato

rs, c

usto

mer

Cov

ered

In

form

atio

n is

acc

esse

d an

d pr

oces

sed

by a

spe

cific

tea

m w

ith a

dire

ct b

usin

ess

need

. Oth

er

Com

pany

em

ploy

ees

do n

ot h

ave

acce

ss t

o th

e da

ta o

r th

e fa

cilit

y w

here

tho

se e

mpl

oyee

s w

ork.

1.g.

Met

with

Prin

cipa

l Man

ager

, Bill

ing

and

Ope

ratio

ns M

anag

emen

t, a

nd B

usin

ess

Ana

lyst

, Bill

ing

and

Ope

ratio

ns M

anag

emen

t, a

nd w

as in

form

ed t

hat

SC

E w

ill p

rovi

de in

form

atio

n to

thi

rd p

artie

s on

ly if

the

Com

pany

has

rec

eive

d a

sign

ed C

usto

mer

Info

rmat

ion

Sta

ndar

dize

d R

eque

st (C

ISR

) for

m

and

only

the

info

rmat

ion

auth

oriz

ed b

y th

e cl

ient

will

be

rele

ased

. If

a si

gned

for

m is

not

on

file

or

the

Third

Par

ty r

eque

sts

addi

tiona

l inf

orm

atio

n, t

he r

eque

st f

or d

ata

will

be

deni

ed.

– 38

–

© 2

016

KP

MG

LLP

, a D

elaw

are

limite

d lia

bilit

y pa

rtne

rshi

p an

d th

e U

.S. m

embe

r fir

m o

f th

e K

PM

G n

etw

ork

of in

depe

nden

t m

embe

r fir

ms

affil

iate

d w

ith K

PM

G In

tern

atio

nal C

oope

rativ

e (“

KP

MG

Inte

rnat

iona

l”),

a S

wis

s en

tity.

All

right

s re

serv

ed. N

DP

PS

576

245

The

KP

MG

nam

e an

d lo

go a

re r

egis

tere

d tr

adem

arks

or

trad

emar

ks o

f K

PM

G In

tern

atio

nal.

2. D

eter

min

e w

heth

er S

CE

has

da

ta m

inim

izat

ion

proc

edur

es in

pl

ace

as t

hey

rela

te t

o th

e co

llect

ion,

sto

rage

, usa

ge, a

nd

disc

losu

re o

f C

over

ed In

form

atio

n fo

r se

cond

ary

purp

oses

.

2.a.

Rev

iew

ed t

he D

ata

Min

imiz

atio

n P

orta

l Art

icle

pub

lishe

d by

Eth

ics

and

Com

plia

nce,

and

not

ed

that

it p

rovi

des

six

step

s/pr

oced

ures

to

ensu

re d

ata

min

imiz

atio

n th

roug

h th

e co

llect

ion,

sto

rage

, us

age,

and

dis

clos

ure

of C

over

ed In

form

atio

n

2.b.

Met

with

Prin

cipa

l Man

ager

, Bill

ing

and

Ope

ratio

ns M

anag

emen

t, a

nd B

usin

ess

Ana

lyst

, Bill

ing

and

Ope

ratio

ns M

anag

emen

t, a

nd w

as in

form

ed t

hat

SC

E w

ill p

rovi

de in

form

atio

n to

thi

rd p

artie

s on

ly if

the

Com

pany

has

rec

eive

d a

sign

ed C

usto

mer

Info

rmat

ion

Ser

vice

Req

uest

(CIS

R) f

orm

and

on

ly t

he in

form

atio

n au

thor

ized

by

the

clie

nt w

ill b

e re

leas

ed. I

f a

sign

ed f

orm

is n

ot o

n fil

e or

the

Th

ird P

arty

req

uest

s ad

ditio

nal i

nfor

mat

ion,

the

req

uest

for

dat

a w

ill b

e de

nied

.

3. D

eter

min

e w

heth

er S

CE

has

in

tern

al p

rivac

y po

licie

s.

3.a.

Rev

iew

ed t

he P

rote

ctin

g P

erso

nal I

nfor

mat

ion

proc

edur

e an

d no

ted

that

it g

over

ns t

he h

andl

ing,

tr

ansm

ittal

, and

dis

play

of

Per

sona

l Inf

orm

atio

n an

d st

eps

to t

ake

in t

he e

vent

of

a su

spec

ted

data

br

each

invo

lvin

g P

erso

nal I

nfor

mat

ion.

3.b.

Rev

iew

ed t

he P

rivac

y P

olic

y, a

nd n

oted

tha

t it

incl

udes

pol

icy

on d

ata

min

imiz

atio

n,

"una

utho

rized

em

ploy

ees

or S

uppl

emen

tal W

orke

rs w

ill o

nly

be p

rovi

ded

acce

ss t

o P

erso

nal

Info

rmat

ion

as is

rea

sona

bly

nece

ssar

y to

ful

fill t

heir

requ

ired

busi

ness

fun

ctio

n an

d th

e ne

ed t

o ac

cess

thi

s in

form

atio

n sh

all b

e pe

riodi

cally

ver

ified

by

Eth

ics

and

Com

plia

nce.

" Als

o, n

oted

tha

t th

e de

finiti

on o

f P

erso

nal I

nfor

mat

ion

is in

clud

ed in

the

pol

icy.

3.c.

Rev

iew

ed s

uppl

emen

tal p

roce

dura

l doc

umen

ts, w

hich

incl

ude

Iden

tity

Thef

t P

reve

ntio

n, P

rivac

y B

reac

h N

otifi

catio

n, a

nd P

rote

ctin

g P

erso

nal I

nfor

mat

ion

and

note

d th

at p

olic

y an

d pr

oced

ures

for

id

entif

ying

red

fla

gs f

or c

usto

mer

acc

ount

s; n

otifi

catio

n pr

oced

ures

of

pote

ntia

l bre

ache

s; a

nd

guid

elin

es f

or p

rote

ctin

g P

erso

nal I

nfor

mat

ion

are

outli

ned.

3.d.

Rev

iew

ed t

he S

CE

inte

rnal

por

tal a

nd n

oted

tha

t em

ploy

ees

can

acce

ss d

iffer

ent

polic

ies

from

th

e P

olic

y La

ndin

g P

age

incl

udin

g pr

ivac

y, c

yber

secu

rity,

and

tra

inin

g.

– 39

–

© 2

016

KP

MG

LLP

, a D

elaw

are

limite

d lia

bilit

y pa

rtne

rshi

p an

d th

e U

.S. m

embe

r fir

m o

f th

e K

PM

G n

etw

ork

of in

depe

nden

t m

embe

r fir

ms

affil

iate

d w

ith K

PM

G In

tern

atio

nal C

oope

rativ

e (“

KP

MG

Inte

rnat

iona

l”),

a S

wis

s en

tity.

All

right

s re

serv

ed. N

DP

PS

576

245

The

KP

MG

nam

e an

d lo

go a

re r

egis

tere

d tr

adem

arks

or

trad

emar

ks o

f K

PM

G In

tern

atio

nal.

4. D

eter

min

e w

heth

er S

CE

im

plem

ents

dat

a m

inim

izat

ion

acro

ss U

ser

Acc

ess

role

s to

sy

stem

s an

d ap

plic

atio

ns w

here

C

over

ed In

form

atio

n is

sto

red,

us

ed, o

r pr

oces

sed.

4.a.

Per

insp

ectio

n of

the

sup

port

ing

docu

men

tatio

n re

late

d to

dat

a co

llect

ion,

sto

rage

, pro

cess

ing

and

use,

it w

as n

oted

tha

t th

e fo

llow

ing

data

min

imiz

atio

n gu

idel

ines

and

req

uire

men

ts h

ave

been

id

entif

ied

and

form

ally

doc

umen

ted:

—R

evie

wed

the

Dat

a M

inim

izat

ion

Por

tal A

rtic

le a

nd t

he P

rivac

y P

olic

y an

d no

ted

that

dat

a m

inim

izat

ion

is r

equi

red

for

all c

usto

mer

PII,

incl

udin

g C

over

ed In

form

atio

n. A

lso

note

d th

at

reas

onab

le t

echn

ical

, adm

inis

trat

ive,

and

phy

sica

l saf

egua

rds

are

requ

ired

to p

rote

ct

Cov

ered

Info

rmat

ion

from

una

utho

rized

acc

ess.

—R

evie

wed

the

Pro

tect

ing

Per

sona

l Inf

orm

atio

n pr

oced

ure

and

note

d th

at a

utho

rized

pe

rson

nel w

ill o

nly

be p

rovi

ded

acce

ss t

o P

erso

nal I

nfor

mat

ion

as is

rea

sona

bly

nece

ssar

y to

ful

fill t

heir

requ

ired

busi

ness

fun

ctio

n an

d th

e ne

ed t

o ac

cess

thi

s in

form

atio

n sh

all b

e pe

riodi

cally

ver

ified

by

the

supe

rvis

or o

r m

anag

er. P

erso

nal I

nfor

mat

ion

shal

l nev

er b

e ac

cess

ed o

r pr

ovid

ed f

or a

ny n

on-jo

b-re

late

d re

ason

. Als

o no

ted

that

upo

n ve

rific

atio

n of

an

auth

oriz

ed r

eque

st o

nly

the

min

imal

am

ount

of

info

rmat

ion

nece

ssar

y to

com

plet

e th

e re

ques

t w

ill b

e pr

ovid

ed. I

n ce

rtai

n ca

ses,

it m

ay b

e ap

prop

riate

to

trun

cate

, scr

ambl

e, o

r re

mov

e P

erso

nal I

nfor

mat

ion.

—R

evie

wed

the

Dat

a M

inim

izat

ion

- CS

OD

RS

O c

heck

list

and

findi

ngs

and

note

d th

at in

201

5 th

e C

ompa

ny c

ondu

cted

an

asse

ssm

ent

of it

s da

ta c

olle

ctio

n an

d us

e pr

actic

es b

y in

terv

iew

ing

key

stak

ehol

ders

thr

ough

out

the

Com

pany

. The

y di

d no

t fin

d an

y in

appr

opria

te

data

col

lect

ion

or u

se. A

lso

note

d th

at t

he a

sses

smen

t in

clud

ed h

ow d

ata

is c

olle

cted

, who

it

is c

olle

cted

fro

m, w

here

it is

sto

red,

and

rea

sons

for

col

lect

ion.

4.b.

Per

insp

ectio

n of

the

sys

tem

pro

file

ques

tionn

aire

s fo

r th

e 14

sys

tem

s co

ntai

ning

Cov

ered

In

form

atio

n an

d sy

stem

arc

hite

ctur

e di

agra

ms,

it w

as n

oted

tha

t us

er a

cces

s ro

les

are

in p

lace

to

help

ens

ure

data

min

imiz

atio

n.

– 40

–

© 2

016

KP

MG

LLP

, a D

elaw

are

limite

d lia

bilit

y pa

rtne

rshi

p an

d th

e U

.S. m

embe

r fir

m o

f th

e K

PM

G n

etw

ork

of in

depe

nden

t m

embe

r fir

ms

affil

iate

d w

ith K

PM

G In

tern

atio

nal C

oope

rativ

e (“

KP

MG

Inte

rnat

iona

l”),

a S

wis

s en

tity.

All

right

s re

serv

ed. N

DP

PS

576

245

The

KP

MG

nam

e an

d lo

go a

re r

egis

tere

d tr

adem

arks

or

trad

emar

ks o

f K

PM

G In

tern

atio

nal.

CP

UC

R

ule

5

Ru

le d

escr

ipti

on

D

ata

Ret

enti

on

:

Cov

ered

ent

ities

sha

ll m

aint

ain

cove

red

info

rmat

ion

only

for

as

long

as

reas

onab

ly n

eces

sary

or

as a

utho

rized

by

the

Com

mis

sion

to

acco

mpl

ish

a sp

ecifi

c pr

imar

y pu

rpos

e id

entif

ied

in t

he n

otic

e re

quire

d un

der

sect

ion

2 or

for

a s

peci

fic

seco

ndar

y pu

rpos

e au

thor

ized

by

the

cust

omer

. b

Ass

essm

ent

pro

ced

ure

s A

sses

smen

t re

sult

s E

xcep

tio

ns

1. D

eter

min

e w

heth

er S

CE

’s

inte

rnal

pol

icie

s ad

dres

s a

docu

men

t re

tent

ion

polic

y co

verin

g al

l rel

evan

t as

pect

s.

1.a.

Rev

iew

ed t

he R

ecor

ds M

anag

emen

t po

licy

that

gov

erns

the

ret

entio

n of

SC

E r

ecor

ds. A

lso

revi

ewed

rec

ords

ret

entio

n sc

hedu

le s

tand

ard,

whi

ch p

rovi

des

deta

iled

rete

ntio

n pe

riods

for

di

ffer

ent

data

set

s in

clud

ing

Inte

rval

Cus

tom

er E

nerg

y U

sage

Dat

a.

1.b.

Rev

iew

ed t

he C

lass

ifica

tion

and

Acc

ess

proc

edur

e an

d no

ted

that

it p

rovi

des

inst

ruct

ions

on

wha

t cl

assi

ficat

ion

leve

l sho

uld

be a

ssig

ned

to a

doc

umen

t re

late

d to

acc

ess

and

hand

ling,

incl

udin

g do

cum

ents

con

tain

ing

Cov

ered

Info

rmat

ion.

2. D

eter

min

e w

heth

er S

CE

’s

rete

ntio

n po

licie

s ar

e pe

riodi

cally

re

view

ed a

nd u

pdat

ed w

here

ne

cess

ary.

2. R

evie

wed

Rec

ords

Ret

entio

n S

ched

ule

Sta

ndar

d an

d de

term

ined

tha

t th

e R

ecor

ds R

eten

tion

Sch

edul

e is

dat

ed D

ecem

ber

9, 2

015,

the

thi

rd r

evis

ion,

and

reg

ular

ly r

evie

wed

and

upd

ated

.

3. D

eter

min

e w

heth

er a

m

anag

emen

t pr

oced

ure

exis

ts t

o he

lp e

nsur

e th

at d

ocum

ents

are

re

tain

ed in

com

plia

nce

with

C

ompa

ny p

olic

ies

and

that

re

cord

s ar

e ke

pt f

or o

nly

as lo

ng

as r

easo

nabl

y ne

cess

ary.

3.a.

Rev

iew

ed t

he jo

b ai

d C

ompl

etin

g a

Rec

ords

Dis

posi

tion

Rep

ort

and

note

d th

at it

pro

vide

s In

form

atio

n S

tew

ards

with

gui

danc

e on

acc

essi

ng D

ispo

sitio

n R

epor

ts a

nd id

entif

ying

and

ver

ifyin

g re

cord

s th

at m

ay b

e ap

prop

riate

for

des

truc

tion.

3.b.

Rev

iew

ed t

he D

ispo

sitio

n P

roce

ss W

orkf

low

and

not

ed t

hat

a fo

rmal

pro

cess

has

bee

n es

tabl

ishe

d w

ith a

rtic

ulat

ed r

oles

and

res

pons

ibili

ties

for

revi

ewin

g an

pre

parin

g el

igib

le r

ecor

ds f

or

dest

ruct

ion.

3.c.

Rev

iew

ed a

gend

as f

rom

the

Ent

erpr

ise

Info

rmat

ion

Gov

erna

nce

(EIG

) Cou

ncil

Mee

tings

, and

de

term

ined

tha

t ar

eas

of d

ata

stew

ards

hip

and

info

rmat

ion

man

agem

ent

land

scap

e ar

e ad

dres

sed.

Fu

rthe

r, e

xam

ined

the

Info

rmat

ion

Ste

war

ds a

nd R

ecor

d C

lean

-Up

Sch

edul

e an

d de

term

ined

tha

t pr

oced

ural

doc

umen

ts a

re in

pla

ce t

o he

lp e

nsur

e th

at d

ocum

ents

are

ret

aine

d in

com

plia

nce

with

C

ompa

ny p

olic

ies

and

that

rec

ords

are

kep

t fo

r on

ly a

s lo

ng a

s re

ason

ably

nec

essa

ry

3.d.

Met

with

Prin

cipa

l Man

ager

, Inf

orm

atio

n G

over

nanc

e O

rgan

izat

ion,

and

was

info

rmed

tha

t th

ere

is a

mon

thly

mee

ting

for

the

EIG

Cou

ncil

that

is a

gro

up o

f pe

ople

at

man

agem

ent

leve

l tha

t ca

n pr

ovid

e ov

ersi

ght

to R

ecor

ds a

nd In

form

atio

n M

anag

emen

t ec

osys

tem

.

– 41

–

© 2

016

KP

MG

LLP

, a D

elaw

are

limite

d lia

bilit

y pa

rtne

rshi

p an

d th

e U

.S. m

embe

r fir

m o

f th

e K

PM

G n

etw

ork

of in

depe

nden

t m

embe

r fir

ms

affil

iate

d w

ith K

PM

G In

tern

atio

nal C

oope

rativ

e (“

KP

MG

Inte

rnat

iona

l”),

a S

wis

s en

tity.

All

right

s re

serv

ed. N

DP

PS

576

245

The

KP

MG

nam

e an

d lo

go a

re r

egis

tere

d tr

adem

arks

or

trad

emar

ks o

f K

PM

G In

tern

atio

nal.

3.e.

Met

with

Info

rmat

ion

Ste

war

d, C

usto

mer

Ser

vice

, and

was

info

rmed

tha

t he

r ro

le s

erve

s as

the

po

int

of c

onta

ct a

nd li

aiso

n be

twee

n em

ploy

ees

and

Info

rmat

ion

Gov

erna

nce

“IG

” or

gani

zatio

n. T

o su

ppor

t th

e re

cord

s m

anag

emen

t pr

oces

s, In

form

atio

n S

tew

ards

will

fac

ilita

te a

nnua

l Rec

ords

C

lean

-up

Day

s. P

rior

to t

he c

lean

-up

date

, the

Info

rmat

ion

Ste

war

d ho

lds

a pl

anni

ng s

essi

on t

o in

form

the

tea

ms

of t

he u

pcom

ing

requ

irem

ents

. Aft

er t

he c

lean

-up

date

, the

Info

rmat

ion

Ste

war

d se

nds

a no

te s

ayin

g th

e si

tes

have

com

plet

ed t

he r

ecor

ds c

lean

-up

for

elec

tron

ic a

nd p

hysi

cal

copi

es.

3.f.

Rev

iew

ed t

he D

istr

ibut

ion

Rep

ort

Pro

cess

, Ris

k R

anki

ng, D

ispo

sitio

n R

epor

t tem

plat

e an

d Jo

b A

id f

or C

ompl

etin

g a

Dis

posi

tion

Rep

ort

and

note

d th

at t

he In

form

atio

n G

over

nanc

e de

part

men

t in

itiat

es t

he r

evie

w a

nd a

ppro

val p

roce

ss b

y di

strib

utin

g re

port

s th

at li

st r

ecor

ds e

ligib

le f

or

dest

ruct

ion

to t

he r

ecor

ds o

wne

r. T

he In

form

atio

n S

tew

ard

revi

ews

the

Dis

posi

tion

Rep

ort

with

the

ap

prop

riate

Sub

ject

Mat

ter

Exp

erts

(SM

Es)

or

reco

rd o

wne

r to

obt

ain

appr

oval

to

dest

roy.

Onc

e ap

prov

ed b

y re

cord

s ow

ner,

the

Info

rmat

ion

Ste

war

d se

nds

the

Rep

ort(

s) b

ack

to In

form

atio

n G

over

nanc

e.

4. In

spec

t ev

iden

ce o

f S

CE

’s

docu

men

ts c

ompl

ying

with

the

re

cord

ret

entio

n po

licie

s se

t fo

rth

by C

ompa

ny.

4.a.

Exa

min

ed t

he In

form

atio

n S

tew

ards

and

Rec

ord

Cle

an-U

p S

ched

ule

and

dete

rmin

ed t

hat

info

rmat

ion

stew

ards

mus

t pa

rtic

ipat

e in

rec

ords

cle

an u

p (b

oth

phys

ical

and

ele

ctro

nic)

acc

ordi

ng t

o as

sign

ed d

ates

in s

ched

ule.

4.b.

Rev

iew

ed a

sam

ple

Dis

posi

tion

Rep

ort

from

the

cov

ered

per

iod

and

note

d th

at e

ligib

le r

ecor

ds

for

dest

ruct

ion

that

wer

e ap

prov

ed a

nd d

estr

oyed

. The

rep

ort

was

com

plet

ed c

onsi

sten

t w

ith

Com

pany

pol

icy.

4.c.

Rev

iew

ed e

mai

l cor

resp

onde

nce

from

the

Cus

tom

er S

ervi

ce In

form

atio

n S

tew

ard

conf

irmin

g co

mpl

etio

n of

the

ele

ctro

nic

and

phys

ical

rec

ords

cle

an-u

p da

ys.

4.d.

Rev

iew

ed a

Thi

rd P

arty

Cer

tific

ate

of D

estr

uctio

n da

ted

2/13

/201

5 an

d no

ted

that

320

box

es

wer

e co

nfirm

ed d

estr

oyed

.

– 42

–

© 2

016

KP

MG

LLP

, a D

elaw

are

limite

d lia

bilit

y pa

rtne

rshi

p an

d th

e U

.S. m

embe

r fir

m o

f th

e K

PM

G n

etw

ork

of in

depe

nden

t m

embe

r fir

ms

affil

iate

d w

ith K

PM

G In

tern

atio

nal C

oope

rativ

e (“

KP

MG

Inte

rnat

iona

l”),

a S

wis

s en

tity.

All

right

s re

serv

ed. N

DP

PS

576

245

The

KP

MG

nam

e an

d lo

go a

re r

egis

tere

d tr

adem

arks

or

trad

emar

ks o

f K

PM

G In

tern

atio

nal.

CP

UC

R

ule

5

Ru

le d

escr

ipti

on

D

ata

Dis

clo

sure

:

Cov

ered

ent

ities

sha

ll no

t di

sclo

se t

o an

y Th

ird P

arty

mor

e co

vere

d in

form

atio

n th

an is

rea

sona

bly

nece

ssar

y or

as

auth

oriz

ed

by t

he C

omm

issi

on t

o ca

rry

out

on b

ehal

f of

the

cov

ered

ent

ity a

spe

cific

prim

ary

purp

ose

iden

tifie

d in

the

not

ice

requ

ired

unde

r se

ctio

n 2

or f

or a

spe

cific

sec

onda

ry p

urpo

se a

utho

rized

by

the

cust

omer

. c A

sses

smen

t p

roce

du

res

Ass

essm

ent

resu

lts

Exc

epti

on

s

1. U

nder

stan

d S

CE

’s p

rivac

y po

licie

s to

det

erm

ine

whe

ther

th

ey: —

desc

ribe

the

prac

tices

re

late

d to

sha

ring

Cov

ered

Info

rmat

ion

(if

appl

icab

le) w

ith t

hird

pa

rtie

s an

d th

e re

ason

s fo

r in

form

atio

n sh

arin

g,

—id

entif

y th

ird p

artie

s or

cl

asse

s of

thi

rd p

artie

s to

who

m C

over

ed

Info

rmat

ion

is

disc

lose

d.

1.a.

Rev

iew

ed N

otic

e of

Acc

essi

ng, C

olle

ctin

g, S

torin

g, U

sing

and

Dis

clos

ing

Ene

rgy

Usa

ge

Info

rmat

ion

and

note

d th

at S

CE

des

crib

es E

nerg

y U

sage

Info

rmat

ion

as “

deta

iled

elec

tric

al

cons

umpt

ion

data

(15-

min

ute

or h

ourly

) obt

aine

d th

roug

h S

CE

’s A

dvan

ced

Met

erin

g In

fras

truc

ture

” an

d, w

hen

asso

ciat

ed w

ith a

ny in

form

atio

n th

at c

ould

rea

sona

bly

iden

tify

a cu

stom

er, i

s pr

otec

ted

as

a ty

pe o

f P

erso

nal I

nfor

mat

ion.

As

such

, SC

E in

form

s cu

stom

ers

that

Per

sona

l Inf

orm

atio

n w

ill o

nly

be

disc

lose

d to

thi

rd p

artie

s fo

r ce

rtai

n pu

rpos

es id

entif

ied

in t

he n

otic

e an

d in

cas

es w

hen

prio

r an

d w

ritte

n cu

stom

er c

onse

nt h

as b

een

obta

ined

thr

ough

a C

ISR

For

m, o

r in

a s

peci

al c

ircum

stan

ce a

s pr

evio

usly

not

ed. I

n ad

ditio

n, S

CE

not

es t

hat

Third

Par

ty c

ontr

acto

rs a

re “

requ

ire[d

] to

have

pol

icie

s an

d pr

oced

ures

to

prot

ect

[our

] cus

tom

er’s

Ene

rgy

Usa

ge In

form

atio

n fr

om b

eing

dis

clos

ed.”

The

re

ason

s fo

r sh

arin

g in

form

atio

n in

clud

e:

—D

iscl

osur

e ne

cess

ary

to p

erfo

rm e

ssen

tial s

ervi

ces;

—D

iscl

osur

e to

non

-gov

ernm

enta

l thi

rd p

artie

s as

dire

cted

or

allo

wed

by

the

CP

UC

;

—D

iscl

osur

e to

gov

ernm

ent

agen

cies

as

dire

cted

by

CP

UC

Ord

er o

r R

esol

utio

n;

—D

iscl

osur

e up

on e

xplic

it cu

stom

er w

ritte

n co

nsen

t to

rel

ease

info

rmat

ion

to a

Thi

rd P

arty

;

—D

iscl

osur

e pu

rsua

nt t

o le

gal p

roce

sses

suc

h as

war

rant

or

subp

oena

;

—D

iscl

osur

e in

the

cas

e of

an

imm

inen

t th

reat

to

life

or p

rope

rty;

or

—O

ther

dis

clos

ures

as

orde

red

or a

llow

ed b

y th

e C

PU

C.

1.b.

Rev

iew

ed P

rote

ctin

g P

erso

nal I

nfor

mat

ion

Sta

ndar

d av

aila

ble

to e

mpl

oyee

s on

SC

E’s

intr

anet

, an

d no

ted

that

it in

clud

es g

uide

lines

sta

ting

"eac

h em

ploy

ee is

res

pons

ible

for

ens

urin

g th

at P

erso

nal

Info

rmat

ion

in t

heir

cont

rol i

s ha

ndle

d in

acc

orda

nce

with

thi

s pr

oced

ure

and

all a

pplic

able

lega

l and

re

gula

tory

req

uire

men

ts.”

We

note

d th

at f

or p

rovi

ding

Per

sona

l Inf

orm

atio

n to

sup

plie

rs, t

he “

Edi

son

Rep

rese

ntat

ive

shal

l ens

ure

the

Sup

plie

r ha

s an

exe

cute

d co

ntra

ct w

ith t

he C

ompa

ny, w

ith t

he

appr

opria

te e

xhib

it(s)

, tha

t al

low

s ac

cess

to

Per

sona

l Inf

orm

atio

n.”

1.c.

Rev

iew

ed a

list

of

16 v

endo

rs id

entif

ied

as t

hird

par

ties

with

acc

ess

to C

over

ed In

form

atio

n du

ring

2015

and

not

ed t

hat

the

coun

t m

atch

es t

he n

umbe

r of

ven

dors

rep

orte

d in

the

Com

pany

’s

2015

Ann

ual P

rivac

y R

epor

t.

– 43

–

© 2

016

KP

MG

LLP

, a D

elaw

are

limite

d lia

bilit

y pa

rtne

rshi

p an

d th

e U

.S. m

embe

r fir

m o

f th

e K

PM

G n

etw

ork

of in

depe

nden

t m

embe

r fir

ms

affil

iate

d w

ith K

PM

G In

tern

atio

nal C

oope

rativ

e (“

KP

MG

Inte

rnat

iona

l”),

a S

wis

s en

tity.

All

right

s re

serv

ed. N

DP

PS

576

245

The

KP

MG

nam

e an

d lo

go a

re r

egis

tere

d tr

adem

arks

or

trad

emar

ks o

f K

PM

G In

tern

atio

nal.

1.d.

Rev

iew

ed t

he G

reen

But

ton

– Th

ird P

arty

Con

nect

ion

info

rmat

ion

page

, pub

licly

ava

ilabl

e at

ht

tps:

//ww

w.s

ce.c

om/w

ps/p

orta

l/hom

e/pa

rtne

rs/p

artn

ersh

ips/

third

part

ylan

ding

page

, and

not

ed

vend

ors

are

requ

ired

to r

egis

ter

by c

reat

ing

a U

ser

ID a

nd P

assw

ord,

pro

vidi

ng t

he o

rgan

izat

ions

Ta

xpay

er Id

entif

icat

ion

Num

ber,

acc

eptin

g S

CE

’s T

erm

s &

Con

ditio

ns, a

nd p

erfo

rmin

g a

conn

ectiv

ity

test

for

the

dat

e tr

ansm

issi

on v

ia E

lect

roni

c D

ata

Inte

rcha

nge

(ED

I.)

1.e.

Rev

iew

ed S

CE

’s E

mpl

oyee

Priv

acy

Trai

ning

, pro

vide

d to

em

ploy

ees

with

acc

ess

to C

over

ed

Info

rmat

ion,

and

not

ed s

peci

fic t

rain

ing

cont

ent

that

des

crib

ed S

CE

’s p

olic

ies

rega

rdin

g th

e ha

ndlin

g an

d sh

arin

g of

Cov

ered

Info

rmat

ion,

and

not

ed t

he t

rain

ing

prov

ided

spe

cific

ref

eren

ces

to S

CE

po

licie

s co

ncer

ning

the

han

dlin

g, s

tora

ge, a

nd u

se o

f C

over

ed In

form

atio

n.

1.f.

Rev

iew

ed P

rivac

y P

rogr

am M

anua

l, av

aila

ble

to a

ll S

CE

em

ploy

ees

via

the

intr

anet

, and

not

ed

spec

ific

lang

uage

req

uirin

g em

ploy

ee a

nd c

ontr

acto

r co

mpl

ianc

e to

all

SC

E P

rivac

y C

ompl

ianc

e P

rogr

am a

nd R

ecor

ds M

anag

emen

t po

licie

s an

d pr

oced

ures

, as

wel

l as

appl

icab

le la

ws

and

regu

latio

ns. A

dditi

onal

ly, c

ontr

acto

rs a

re f

urth

er s

ubje

cted

to

thei

r co

ntra

ctua

l req

uire

men

ts a

s w

ell a

s th

e S

CE

Sup

plie

r C

ode

of C

ondu

ct.

1.g.

Rev

iew

ed P

rivac

y FA

Qs

avai

labl

e to

all

SC

E E

mpl

oyee

s vi

a th

e in

tran

et, a

nd n

oted

gui

danc

e fo

r em

ploy

ees

rece

ivin

g a

requ

est

for

Cov

ered

Info

rmat

ion,

who

are

inst

ruct

ed t

o id

entif

y if

the

requ

estin

g pa

rty

is p

erm

itted

to

rece

ive

the

info

rmat

ion.

For

sup

plie

rs, t

he d

ocum

ent

note

s th

e su

pplie

r co

ntra

ct m

ust

cont

ain

eith

er t

he E

diso

n P

erso

nal I

nfor

mat

ion

or S

ecur

ity In

cide

nt R

espo

nse

Pro

visi

on e

xhib

it as

par

t of

the

ir co

ntra

ct. I

f on

e of

the

se e

xhib

its a

re n

ot in

clud

ed, t

he e

mpl

oyee

is

inst

ruct

ed t

o no

t sh

are

any

Cov

ered

Info

rmat

ion

and

cont

act

the

Edi

son

Hel

pLin

e or

rea

ch o

ut t

o S

uppl

y M

anag

emen

t.

1.h.

Met

with

Man

ager

, Bill

ing

Ope

ratio

ns M

anag

emen

t, a

nd B

usin

ess

Ana

lyst

, Bill

ing

Ope

ratio

ns

Man

agem

ent,

and

not

ed t

hat

SC

E o

nly

shar

es c

usto

mer

info

rmat

ion

with

thi

rd p

artie

s w

ith p

rior

cust

omer

writ

ten

cons

ent

thro

ugh

the

Gre

en B

utto

n an

d C

ISR

pro

cess

for

bot

h re

side

ntia

l and

co

mm

erci

al a

ccou

nts.

The

cus

tom

er h

as t

he o

ptio

n to

pro

vide

Per

sona

l Inf

orm

atio

n ac

cess

au

thor

izat

ion

thro

ugh

the

CIS

R F

orm

for

a s

peci

fic p

erio

d up

to

a m

axim

um o

f 3

year

s. T

he c

usto

mer

m

ust

dete

rmin

e in

the

CIS

R F

orm

the

typ

e of

info

rmat

ion

shar

ed. U

pon

rece

ivin

g an

d ve

rifyi

ng t

he

info

rmat

ion

on t

he c

usto

mer

-sig

ned

CIS

R F

orm

, SC

E d

iscl

oses

the

req

uest

ed in

form

atio

n to

the

Thi

rd

Par

ty v

ia e

mai

l to

the

emai

l add

ress

not

ed o

n th

e C

ISR

For

m.

1.i.

Rev

iew

ed C

ISR

For

m (A

utho

rizat

ion

to R

ecei

ve C

usto

mer

Info

rmat

ion

or A

ct U

pon

a C

usto

mer

’s

Beh

alf,

als

o kn

own

as C

usto

mer

Info

rmat

ion

Sta

ndar

dize

d R

eque

st) a

nd o

bser

ved

Third

Par

ty D

esk

proc

essi

ng o

f C

ISR

For

ms,

and

not

ed t

hat

cust

omer

s m

ust

prov

ide

writ

ten

auth

oriz

atio

n to

SC

E t

o al

low

a T

hird

Par

ty t

o re

ceiv

e cu

stom

er in

form

atio

n or

act

on

the

cust

omer

’s b

ehal

f. T

his

info

rmat

ion

is v

erifi

ed m

anua

lly a

gain

st t

he C

SS

sys

tem

to

valid

ate

cust

omer

req

uest

prio

r to

ful

fillin

g th

e in

form

atio

n re

ques

t.

1.j.

Met

with

Prin

cipa

l Man

ager

, Bill

ing

Ope

ratio

ns M

anag

emen

t, a

nd B

usin

ess

Ana

lyst

, Bill

ing

Ope

ratio

ns M

anag

emen

t, a

nd n

oted

tha

t S

CE

doe

s no

t vo

lunt

arily

eng

age

in s

econ

dary

pur

pose

s. A

ny

– 44

–

© 2

016

KP

MG

LLP

, a D

elaw

are

limite

d lia

bilit

y pa

rtne

rshi

p an

d th

e U

.S. m

embe

r fir

m o

f th

e K

PM

G n

etw

ork

of in

depe

nden

t m

embe

r fir

ms

affil

iate

d w

ith K

PM

G In

tern

atio

nal C

oope

rativ

e (“

KP

MG

Inte

rnat

iona

l”),

a S

wis

s en

tity.

All

right

s re

serv

ed. N

DP

PS

576

245

The

KP

MG

nam

e an

d lo

go a

re r

egis

tere

d tr

adem

arks

or

trad

emar

ks o

f K

PM

G In

tern

atio

nal.

disc

losu

re o

f cu

stom

er P

erso

nal I

nfor

mat

ion

wou

ld r

equi

re e

xplic

it C

usto

mer

con

sent

via

a c

ompl

eted

C

ISR

For

m.

1.k.

Rev

iew

ed S

ervi

ce A

gree

men

t pr

ocur

emen

t te

mpl

ates

for

CC

A a

nd E

SP

sup

plie

rs (E

lect

rical

S

ervi

ce P

rovi

der

Ser

vice

Agr

eem

ent

and

Com

mun

ity C

hoic

e A

ggre

gato

r S

ervi

ce A

gree

men

t) a

s w

ell

as s

ampl

es o

f ex

ecut

ed c

ontr

acts

for

eac

h. W

e no

ted

the

cont

ract

s re

quire

non

disc

losu

re o

f C

onfid

entia

l Inf

orm

atio

n (in

clud

ing

cust

omer

info

rmat

ion)

with

out

SC

E’s

con

sent

unl

ess

any

gove

rnm

enta

l, ju

dici

al o

r re

gula

tory

aut

horit

y is

requ

iring

suc

h C

onfid

entia

l Inf

orm

atio

n pu

rsua

nt t

o an

y ap

plic

able

law

, reg

ulat

ion,

rul

ing,

or

orde

r.

– 45

–

© 2

016

KP

MG

LLP

, a D

elaw

are

limite

d lia

bilit

y pa

rtne

rshi

p an

d th

e U

.S. m

embe

r fir

m o

f th

e K

PM

G n

etw

ork

of in

depe

nden

t m

embe

r fir

ms

affil

iate

d w

ith K

PM

G In

tern

atio

nal C

oope

rativ

e (“

KP

MG

Inte

rnat

iona

l”),

a S

wis

s en

tity.

All

right

s re

serv

ed. N

DP

PS

576

245

The

KP

MG

nam

e an

d lo

go a

re r

egis

tere

d tr

adem

arks

or

trad

emar

ks o

f K

PM

G In

tern

atio

nal.

CP

UC

RU

LE 6

Use

an

d d

iscl

osu

re li

mit

atio

n

Ove

rall

Co

ncl

usi

on

O

ne

exce

pti

on

no

ted

:

Co

ntr

act

Co

mp

lian

ce:

A f

orm

al p

roce

ss d

oes

not

exis

t to

enf

orce

or

trac

k co

mpl

ianc

e of

Thi

rd P

arty

/ V

endo

r co

ntra

cts

arou

nd t

he s

afeg

uard

ing

of

Cov

ered

Info

rmat

ion.

– 46

–

© 2

016

KP

MG

LLP

, a D

elaw

are

limite

d lia

bilit

y pa

rtne

rshi

p an

d th

e U

.S. m

embe

r fir

m o

f th

e K

PM

G n

etw

ork

of in

depe

nden

t m

embe

r fir

ms

affil

iate

d w

ith K

PM

G In

tern

atio

nal C

oope

rativ

e (“

KP

MG

Inte

rnat

iona

l”),

a S

wis

s en

tity.

All

right

s re

serv

ed. N

DP

PS

576

245

The

KP

MG

nam

e an

d lo

go a

re r

egis

tere

d tr

adem

arks

or

trad

emar

ks o

f K

PM

G In

tern

atio

nal.

CP

UC

R

ule

6

Ru

le d

escr

ipti

on

D

iscl

osur

es t

o Th

ird P

artie

s

(1) I

nitia

l Dis

clos

ures

by

an E

lect

rical

Cor

pora

tion:

An

elec

tric

al c

orpo

ratio

n m

ay d

iscl

ose

Cov

ered

Info

rmat

ion

with

out

cust

omer

con

sent

to

a Th

ird P

arty

act

ing

unde

r co

ntra

ct w

ith t

he C

omm

issi

on f

or t

he p

urpo

se o

f pr

ovid

ing

serv

ices

au

thor

ized

pur

suan

t to

an

orde

r or

res

olut

ion

of t

he C

omm

issi

on o

r to

a g

over

nmen

tal e

ntity

for

the

pur

pose

of

prov

idin

g en

ergy

eff

icie

ncy

or e

nerg

y ef

ficie

ncy

eval

uatio

n se

rvic

es p

ursu

ant

to a

n or

der

or r

esol

utio

n of

the

Com

mis

sion

. An

elec

tric

al

corp

orat

ion

may

dis

clos

e co

vere

d in

form

atio

n to

a T

hird

Par

ty w

ithou

t cu

stom

er c

onse

nt

—a.

whe

n ex

plic

itly

orde

red

to d

o so

by

the

Com

mis

sion

; or

—b.

for

a p

rimar

y pu

rpos

e be

ing

carr

ied

out

unde

r co

ntra

ct w

ith a

nd o

n be

half

of t

he e

lect

rical

cor

pora

tion

disc

losi

ng

the

data

; pro

vide

d th

at t

he c

over

ed e

ntity

dis

clos

ing

the

data

sha

ll, b

y co

ntra

ct, r

equi

re t

he T

hird

Par

ty t

o ag

ree

to

acce

ss, c

olle

ct, s

tore

, use

, and

dis

clos

e th

e co

vere

d in

form

atio

n un

der

polic

ies,

pra

ctic

es a

nd n

otifi

catio

n re

quire

men

ts n

o le

ss p

rote

ctiv

e th

an t

hose

und

er w

hich

the

cov

ered

ent

ity it

self

oper

ates

as

requ

ired

unde

r th

is

rule

, unl

ess

othe

rwis

e di

rect

ed b

y th

e C

omm

issi

on.

(2) S

ubse

quen

t D

iscl

osur

es: A

ny e

ntity

tha

t re

ceiv

es c

over

ed in

form

atio

n de

rived

initi

ally

fro

m a

cov

ered

ent

ity m

ay d

iscl

ose

such

cov

ered

info

rmat

ion

to a

noth

er e

ntity

with

out

cust

omer

con

sent

for

a p

rimar

y pu

rpos

e, p

rovi

ded

that

the

ent

ity

disc

losi

ng t

he c

over

ed in

form

atio

n sh

all,

by c

ontr

act,

req

uire

the

ent

ity r

ecei

ving

the

cov

ered

info

rmat

ion

to u

se t

he c

over

ed

info

rmat

ion

only

for

suc

h pr

imar

y pu

rpos

e an

d to

agr

ee t

o st

ore,

use

, and

dis

clos

e th

e co

vere

d in

form

atio

n un

der

polic

ies,

pr

actic

es a

nd n

otifi

catio

n re

quire

men

ts n

o le

ss p

rote

ctiv

e th

an t

hose

und

er w

hich

the

cov

ered

ent

ity f

rom

whi

ch t

he c

over

ed

info

rmat

ion

was

initi

ally

der

ived

ope

rate

s as

req

uire

d by

this

rul

e, u

nles

s ot

herw

ise

dire

cted

by

the

Com

mis

sion

.

(3)T

erm

inat

ing

Dis

clos

ures

to

Ent

ities

Fai

ling

to C

ompl

y w

ith T

heir

Priv

acy

Ass

uran

ces:

Whe

n a

cove

red

entit

y di

sclo

ses

cove

red

info

rmat

ion

to a

Thi

rd P

arty

und

er t

his

subs

ectio

n 6(

c), i

t sh

all s

peci

fy b

y co

ntra

ct,

unle

ss o

ther

wis

e or

dere

d by

the

Com

mis

sion

, tha

t it

shal

l be

cons

ider

ed a

mat

eria

l bre

ach

if th

e Th

ird P

arty

eng

ages

in a

pa

tter

n or

pra

ctic

e of

acc

essi

ng, s

torin

g, u

sing

or

disc

losi

ng t

he c

over

ed in

form

atio

n in

vio

latio

n of

the

Thi

rd P

arty

’s

cont

ract

ual o

blig

atio

ns t

o ha

ndle

the

cov

ered

info

rmat

ion

unde

r po

licie

s no

less

pro

tect

ive

than

tho

se u

nder

whi

ch t

he

cove

red

entit

y fr

om w

hich

the

cov

ered

info

rmat

ion

was

initi

ally

der

ived

ope

rate

s in

com

plia

nce

with

thi

s ru

le.

—If

a c

over

ed e

ntity

dis

clos

ing

cove

red

info

rmat

ion

for

a pr

imar

y pu

rpos

e be

ing

carr

ied

out

unde

r co

ntra

ct w

ith a

nd o

n be

half

of t

he e

ntity

dis

clos

ing

the

data

fin

ds t

hat

a Th

ird P

arty

con

trac

tor

to w

hich

it d

iscl

osed

cov

ered

info

rmat

ion

is

enga

ged

in a

pat

tern

or

prac

tice

of a

cces

sing

, sto

ring,

usi

ng o

r di

sclo

sing

cov

ered

info

rmat

ion

in v

iola

tion

of t

he

Third

Par

ty’s

con

trac

tual

obl

igat

ions

rel

ated

to

hand

ling

cove

red

info

rmat

ion,

the

dis

clos

ing

entit

y sh

all p

rom

ptly

ce

ase

disc

losi

ng c

over

ed in

form

atio

n to

suc

h Th

ird P

arty

.

—If

a c

over

ed e

ntity

dis

clos

ing

cove

red

info

rmat

ion

to a

Com

mis

sion

-aut

horiz

ed o

r cu

stom

er-a

utho

rized

Thi

rd P

arty

re

ceiv

es a

cus

tom

er c

ompl

aint

abo

ut t

he T

hird

Par

ty’s

mis

use

of d

ata

or o

ther

vio

latio

n of

the

priv

acy

rule

s, t

he

disc

losi

ng e

ntity

sha

ll, u

pon

cust

omer

req

uest

or

at t

he C

omm

issi

on’s

dire

ctio

n, p

rom

ptly

cea

se d

iscl

osin

g th

at

cust

omer

’s in

form

atio

n to

suc

h Th

ird P

arty

. The

dis

clos

ing

entit

y sh

all n

otify

the

Com

mis

sion

of

any

such

com

plai

nts

or s

uspe

cted

vio

latio

ns.

c(1)

-(3)

– 47

–

© 2

016

KP

MG

LLP

, a D

elaw

are

limite

d lia

bilit

y pa

rtne

rshi

p an

d th

e U

.S. m

embe

r fir

m o

f th

e K

PM

G n

etw

ork

of in

depe

nden

t m

embe

r fir

ms

affil

iate

d w

ith K

PM

G In

tern

atio

nal C

oope

rativ

e (“

KP

MG

Inte

rnat

iona

l”),

a S

wis

s en

tity.

All

right

s re

serv

ed. N

DP

PS

576

245

The

KP

MG

nam

e an

d lo

go a

re r

egis

tere

d tr

adem

arks

or

trad

emar

ks o

f K

PM

G In

tern

atio

nal.

Ass

essm

ent

pro

ced

ure

s A

sses

smen

t re

sult

s E

xcep

tio

ns

1. U

nder

stan

d S

CE

’s p

rivac

y po

licie

s to

det

erm

ine

whe

ther

th

ey: —

desc

ribe

the

prac

tices

re

late

d to

sha

ring

Per

sona

l Inf

orm

atio

n (if

app

licab

le) w

ith

third

par

ties

and

the

reas

ons

for

info

rmat

ion

shar

ing

iden

tify

third

par

ties

or

clas

ses

of t

hird

par

ties

to w

hom

Cov

ered

In

form

atio

n is

di

sclo

sed.

1.a.

Rev

iew

ed N

otic

e of

Acc

essi

ng, C

olle

ctin

g, S

torin

g, U

sing

and

Dis

clos

ing

Ene

rgy

Usa

ge

Info

rmat

ion

and

note

d th

at S

CE

lim

its t

he s

peci

fic r

easo

ns f

or s

harin

g C

over

ed In

form

atio

n w

ith a

Thi

rd

Par

ty t

o th

e fo

llow

ing:

—

Dis

clos

ure

nece

ssar

y to

per

form

ess

entia

l ser

vice

s;

—D

iscl

osur

e to

non

-gov

ernm

enta

l thi

rd p

artie

s as

dire

cted

or

allo

wed

by

the

CP

UC

;

—D

iscl

osur

e to

gov

ernm

ent

agen

cies

as

dire

cted

by

CP

UC

Ord

er o

r R

esol

utio

n;

—D

iscl

osur

e up

on e

xplic

it cu

stom

er w

ritte

n co

nsen

t to

rel

ease

info

rmat

ion

to a

Thi

rd P

arty

;

—D

iscl

osur

e pu

rsua

nt t

o le

gal p

roce

sses

suc

h as

war

rant

or

subp

oena

;

—D

iscl

osur

e in

the

cas

e of

an

imm

inen

t th

reat

to

life

or p

rope

rty;

or

—O

ther

dis

clos

ures

as

orde

red

or a

llow

ed b

y th

e C

PU

C.

2.b.

Rev

iew

ed P

rote

ctin

g P

erso

nal I

nfor

mat

ion

Pol

icy

inte

nded

for

all

empl

oyee

s an

d no

ted

the

com

pany

info

rms

empl

oyee

s th

at: “

Aut

horiz

ed e

mpl

oyee

s sh

all p

rovi

de o

nly

the

Per

sona

l Inf

orm

atio

n re

ason

ably

nec

essa

ry f

or s

uppl

iers

to

com

plet

e th

eir

wor

k. P

rior

to p

rovi

ding

any

Per

sona

l Inf

orm

atio

n to

a s

uppl

ier,

che

ck w

ith S

uppl

y M

anag

emen

t to

ens

ure

the

supp

lier

has

an e

xecu

ted

cont

ract

with

the

C

ompa

ny w

ith t

he a

ppro

pria

te e

xhib

it(s)

tha

t al

low

s ac

cess

to

Per

sona

l Inf

orm

atio

n.”

2.

c. R

evie

wed

the

201

5 A

nnua

l Priv

acy

Rep

ort

and

note

d th

at S

CE

dis

clos

es t

hree

typ

es o

f au

thor

ized

th

ird p

artie

s ac

cess

ing

Cov

ered

Info

rmat

ion:

(1)

Cus

tom

er A

utho

rized

, (2)

Ven

dors

Und

er C

ontr

act,

an

d (3

) Ene

rgy

Dat

a C

ente

rs.

2.d.

Rev

iew

ed S

uppl

ier

Cod

e of

Con

duct

and

not

ed S

CE

inst

ruct

s su

pplie

rs t

hat

Edi

son

reso

urce

s,

incl

udin

g th

e us

e of

Cov

ered

Info

rmat

ion,

are

onl

y to

be

used

for

“le

gitim

ate

Edi

son

busi

ness

pu

rpos

es”.

2. D

eter

min

e w

heth

er S

CE

in

form

s cu

stom

ers

that

P

erso

nal I

nfor

mat

ion

is

disc

lose

d to

thi

rd p

artie

s on

ly

for

the

purp

oses

(a) i

dent

ified

in

the

notic

e, a

nd (b

) for

whi

ch

the

indi

vidu

al h

as p

rovi

ded

impl

icit

or e

xplic

it co

nsen

t, o

r as

spe

cific

ally

allo

wed

or

requ

ired

by la

w o

r re

gula

tion

befo

re d

ata

is d

iscl

osed

to

third

pa

rtie

s.

2.a.

Rev

iew

ed N

otic

e of

Acc

essi

ng, C

olle

ctin

g, S

torin

g, U

sing

and

Dis

clos

ing

Ene

rgy

Usa

ge

Info

rmat

ion

and

note

d th

at S

CE

info

rms

cust

omer

s it

may

sha

re P

erso

nal I

nfor

mat

ion

with

thi

rd p

artie

s fo

r es

sent

ial s

ervi

ces,

i.e.

, pur

pose

s of

ope

ratin

g th

e ut

ility

sys

tem

. The

Not

ice

spec

ifies

tha

t S

CE

doe

s no

t us

e P

erso

nal I

nfor

mat

ion

for

purp

oses

bey

ond

thos

e lis

ted

in t

he N

otic

e, a

nd t

hat

SC

E d

oes

not

shar

e P

erso

nal I

nfor

mat

ion

with

thi

rd p

artie

s w

ithou

t th

e cu

stom

ers’

prio

r w

ritte

n co

nsen

t. In

add

ition

, it

indi

cate

s th

at:

—C

usto

mer

s m

ay a

utho

rize

any

Third

Par

ty t

o ha

ve a

cces

s to

the

ir S

CE

pro

vide

d in

form

atio

n by

su

bmitt

ing

a C

ISR

For

m g

rant

ing

such

acc

ess

or t

hrou

gh t

he G

reen

But

ton

Con

nect

pro

gram

.

—S

CE

may

dis

clos

e P

erso

nal I

nfor

mat

ion,

incl

udin

g C

usto

mer

Ene

rgy

Usa

ge D

ata,

info

rmat

ion

unde

r th

e fo

llow

ing

circ

umst

ance

s:

(1) C

ontr

acte

d th

ird p

artie

s pr

ovid

ing

Ess

entia

l Ser

vice

s;

(2) N

on-g

over

nmen

tal t

hird

par

ties

perf

orm

ing

serv

ices

und

er a

con

trac

t w

ith t

he C

PU

C o

r un

der

orde

r by

the

CP

UC

;

– 48

–

© 2

016

KP

MG

LLP

, a D

elaw

are

limite

d lia

bilit

y pa

rtne

rshi

p an

d th

e U

.S. m

embe

r fir

m o

f th

e K

PM

G n

etw

ork

of in

depe

nden

t m

embe

r fir

ms

affil

iate

d w

ith K

PM

G In

tern

atio

nal C

oope

rativ

e (“

KP

MG

Inte

rnat

iona

l”),

a S

wis

s en

tity.

All

right

s re

serv

ed. N

DP

PS

576

245

The

KP

MG

nam

e an

d lo

go a

re r

egis

tere

d tr

adem

arks

or

trad

emar

ks o

f K

PM

G In

tern

atio

nal.

(3) G

over

nmen

t ag

enci

es t

hat

are

usin

g, c

olle

ctin

g, a

nd s

torin

g P

erso

nal I

nfor

mat

ion

to p

erfo

rm e

nerg

y ef

ficie

ncy,

ene

rgy

eval

uatio

n, o

r ot

her

spec

ified

ser

vice

s un

der

a C

PU

C O

rder

or

Res

olut

ion;

(4) T

o a

Third

Par

ty w

ith e

xplic

it cu

stom

er c

onse

nt t

hrou

gh t

he u

se o

f a

CIS

R F

orm

;

(5) P

ursu

ant

to a

lega

l pro

cess

suc

h as

a w

arra

nt o

r su

bpoe

na;

(6) I

n a

case

of

imm

inen

t th

reat

to

life

or p

rope

rty,

incl

udin

g di

sclo

sure

to

law

enf

orce

men

t;

(7) A

s or

dere

d by

the

CP

UC

; and

(8) A

s al

low

ed b

y th

e C

PU

C t

o ce

rtai

n ac

adem

ic r

esea

rche

rs a

nd g

over

nmen

tal a

genc

ies.

Und

er a

ll ci

rcum

stan

ces

note

d ab

ove,

SC

E a

dvis

es c

usto

mer

s th

at t

he C

ompa

ny w

ill li

mit

the

type

and

am

ount

of

Per

sona

l Inf

orm

atio

n sh

ared

with

thi

rd p

artie

s to

tha

t, w

hich

is r

easo

nabl

y ne

cess

ary

for

the

Third

P

arty

to

acco

mpl

ish

the

purp

ose

for

whi

ch it

nee

ds a

cces

s to

Per

sona

l Inf

orm

atio

n.

2.b.

Rev

iew

ed A

utho

rizat

ion

to R

ecei

ve C

usto

mer

Info

rmat

ion

Or

Act

Upo

n A

Cus

tom

er’s

Beh

alf

(or

CIS

R F

orm

), av

aila

ble

publ

icly

at

ww

w.s

ce.c

om/w

ps/w

cm/c

onne

ct/d

01a2

941-

2690

-4da

f-97

e3-

2549

f276

cc32

/100

715_

Form

14_7

96_C

ISR

v2.p

df?M

OD

=A

JPE

RE

S, a

nd n

oted

tha

t by

com

plet

ing

this

fo

rm, t

he c

usto

mer

exp

licitl

y au

thor

izes

a T

hird

Par

ty t

o re

ques

t an

d re

ceiv

e th

e cu

stom

er’s

dat

a su

ch

as b

illin

g hi

stor

y, a

ccou

nt in

form

atio

n, a

nd u

sage

dat

a (u

p to

a m

axim

um o

f m

ost

rece

nt 1

2-m

onth

s).

The

cust

omer

mus

t sp

ecify

whe

ther

thi

s is

a o

ne-t

ime

auth

oriz

atio

n, o

ne-y

ear

auth

oriz

atio

n, o

r de

term

ine

an e

xpira

tion

date

lim

ited

to m

axim

um t

hree

yea

rs. T

he f

orm

als

o co

llect

s th

e Th

ird P

arty

’s

info

rmat

ion,

suc

h as

the

ent

ity’s

nam

e an

d te

leph

one

num

ber.

By

com

plet

ing

this

for

m, t

he c

usto

mer

m

ust

chec

k bo

x st

atin

g th

at t

he c

usto

mer

"und

erst

ands

tha

t [h

e/sh

e] m

ay c

ance

l thi

s au

thor

izat

ion

at

any

time

by s

ubm

ittin

g a

writ

ten

requ

est.

" A s

ampl

e of

com

plet

ed C

ISR

For

ms

wer

e re

view

ed f

or

evid

ence

on

cons

iste

ncy

with

thi

s pr

oces

s an

d no

ted

no e

xcep

tions

.

2.c.

Rev

iew

ed t

he G

reen

But

ton

Con

nect

info

rmat

ion

page

, pub

licly

ava

ilabl

e at

w

ww

.sce

.com

/wps

/por

tal/h

ome/

part

ners

/par

tner

ship

s/th

irdpa

rtyl

andi

ngpa

ge/,

and

note

d th

at

cust

omer

s w

ith a

My

Acc

ount

logi

n an

d S

mar

tMet

er c

onne

cted

to

the

netw

ork

can

choo

se t

o sh

are

up

to 1

3 m

onth

s of

ele

ctric

usa

ge d

ata

with

sel

ecte

d th

ird p

artie

s. T

hird

par

ties

mus

t re

gist

er w

ith t

his

prog

ram

with

a u

niqu

e U

ser

ID, P

assw

ord,

and

Tax

paye

r Id

entif

icat

ion

Num

ber,

as

wel

l as

pass

a

Con

nect

ivity

Tes

t an

d ac

cept

SC

E’s

Ter

ms

and

Con

ditio

ns f

or t

he p

rogr

am.

2.d.

Rev

iew

ed G

reen

But

ton

Con

nect

My

Dat

a A

cces

s A

gree

men

t an

d no

ted

spec

ific

lang

uage

re

gard

ing

data

priv

acy.

Dur

ing

regi

stra

tion

for

the

Gre

en B

utto

n pr

ogra

m, t

hird

par

ties

ackn

owle

dge

that

SC

E w

ill c

olle

ct P

erso

nal I

nfor

mat

ion

in c

onne

ctio

n w

ith t

heir

use

of t

he p

rogr

am, a

nd t

hat

SC

E

will

not

“re

nt, s

ell,

or o

ther

wis

e m

ake

avai

labl

e to

any

Thi

rd P

arty

for

any

rea

son

any

of t

his

info

rmat

ion

that

per

sona

lly id

entif

ies

[the

cus

tom

ers]

” ex

cept

ing

for

circ

umst

ance

s su

ch a

s “t

o pr

ovid

e se

rvic

es o

r to

com

ply

with

app

licab

le la

ws

or r

egul

atio

ns, i

nclu

ding

CP

UC

or

cour

t or

ders

”.

2.e.

Rev

iew

ed C

usto

mer

Con

tact

Cen

ter

New

Hire

Tra

inin

g G

uide

lines

and

not

ed t

hat

in c

ases

suc

h as

a

conf

eren

ce c

all o

r 3-

way

cal

l whe

re a

Thi

rd P

arty

is o

n th

e lin

e, t

he c

usto

mer

ser

vice

spe

cial

ist

is

– 49

–

© 2

016

KP

MG

LLP

, a D

elaw

are

limite

d lia

bilit

y pa

rtne

rshi

p an

d th

e U

.S. m

embe

r fir

m o

f th

e K

PM

G n

etw

ork

of in

depe

nden

t m

embe

r fir

ms

affil

iate

d w

ith K

PM

G In

tern

atio

nal C

oope

rativ

e (“

KP

MG

Inte

rnat

iona

l”),

a S

wis

s en

tity.

All

right

s re

serv

ed. N

DP

PS

576

245

The

KP

MG

nam

e an

d lo

go a

re r

egis

tere

d tr

adem

arks

or

trad

emar

ks o

f K

PM

G In

tern

atio

nal.

inst

ruct

ed t

o ad

vise

the

cus

tom

er t

hat

he /

she

will

be

aske

d to

ver

ify P

erso

nal I

nfor

mat

ion

he o

r sh

e m

ay n

ot w

ant

shar

ed w

ith t

he T

hird

Par

ty.

3. D

eter

min

e w

heth

er S

CE

co

mm

unic

ates

spe

cific

in

stru

ctio

ns f

or h

andl

ing

Per

sona

l Inf

orm

atio

n an

d th

e co

nseq

uenc

es o

f im

prop

er

disc

losu

re t

o th

e Th

ird P

arty

pr

ior

to d

iscl

osin

g th

e in

form

atio

n.

3.a.

Insp

ecte

d C

ontr

act

Exh

ibit

3-E

diso

n P

erso

nal I

nfor

mat

ion,

mos

t fr

eque

ntly

use

d fo

r en

gagi

ng t

hird

pa

rtie

s re

quiri

ng a

cces

s to

Cov

ered

Info

rmat

ion,

and

not

ed it

con

tain

s la

ngua

ge li

miti

ng t

he u

se o

f P

erso

nal I

nfor

mat

ion

and

requ

ires

the

cont

ract

or t

o pr

otec

t da

ta f

rom

una

utho

rized

dis

clos

ure.

In t

he

even

t of

a b

reac

h, s

peci

fic c

ontr

act

term

s ar

e de

fined

whi

ch d

etai

l con

sequ

ence

s of

impr

oper

di

sclo

sure

.

3.b.

Rev

iew

ed S

uppl

ier

Cod

e of

Con

duct

and

not

ed t

hat

SC

E in

form

s su

pplie

rs t

hat

acce

ss o

f U

tility

in

form

atio

n m

ust

be li

mite

d to

per

form

ance

of

legi

timat

e S

CE

bus

ines

s pu

rpos

es. I

n ad

ditio

n,

info

rmat

ion

shar

ed b

y S

CE

mus

t be

han

dled

in a

ccor

danc

e w

ith a

pplic

able

lega

l and

reg

ulat

ory

requ

irem

ent,

incl

udin

g fe

dera

l and

sta

te r

egul

atio

ns, s

uch

as C

alifo

rnia

’s P

rivac

y La

ws,

Mas

sach

uset

ts’

Dat

a P

rote

ctio

n La

w, o

r th

e C

PU

C S

mar

t G

rid D

ata

Priv

acy

Reg

ulat

ion.

3.c.

Rev

iew

ed t

empl

ates

for

ser

vice

agr

eem

ents

with

Ene

rgy

Ser

vice

Pro

vide

rs (E

SP

s), a

nd

Com

mun

ity C

hoic

e A

ggre

gato

rs (C

CA

s) w

ho p

rovi

de e

nerg

y to

SC

E’s

cus

tom

ers

and

have

acc

ess

to

Cov

ered

Info

rmat

ion,

and

not

ed t

hat

thes

e ve

ndor

s m

ust

sign

ser

vice

agr

eem

ents

with

the

Util

ity,

whi

ch d

efin

e ro

les

and

resp

onsi

bilit

ies

of b

oth

part

ies,

incl

udin

g pr

ovis

ions

with

man

dato

ry s

afeg

uard

s ar

ound

cus

tom

er in

form

atio

n.

3.d.

Met

with

Man

ager

, Cus

tom

er C

onta

ct C

ente

r, a

nd w

as in

form

ed t

hat

cust

omer

s m

ust

be

auth

entic

ated

bef

ore

acce

ss is

aut

horiz

ed b

y us

ing

thei

r ac

coun

t in

form

atio

n (i.

e. S

ocia

l sec

urity

nu

mbe

r, a

ccou

nt m

embe

r, s

ervi

ce ID

, etc

.). W

e sa

mpl

ed a

nd li

sten

ed t

o cu

stom

er c

alls

to

verif

y th

is

proc

ess.

3.e.

Met

with

Man

ager

, Cus

tom

er C

hoic

e S

ervi

ces,

and

was

info

rmed

tha

t th

e 1

CC

A a

nd 1

7 E

SP

s ha

d C

PU

C a

ppro

ved

cert

ifica

tion

prio

r to

ent

erin

g in

to a

ser

vice

agr

eem

ent

with

SC

E. A

ppro

vals

to

wor

k w

ith S

CE

wer

e co

mpl

eted

ele

ctro

nica

lly t

hrou

gh S

CE

.com

. Onc

e a

serv

ice

agre

emen

t is

est

ablis

hed,

tr

ansf

er o

f cu

stom

er b

illin

g in

form

atio

n to

the

se v

endo

rs is

don

e th

roug

h th

e se

cure

d E

DI p

roce

ss,

subj

ect

to a

sig

ned

ED

I Tra

ding

Par

tner

Agr

eem

ent

as n

oted

in t

he D

irect

Acc

ess

ES

P H

andb

ook.

3.f.

Rev

iew

ed D

irect

Acc

ess

ES

P H

andb

ook,

ava

ilabl

e pu

blic

ly o

n S

CE

.com

, and

not

ed C

CA

s an

d E

SP

s ar

e re

quire

d to

sub

mit

com

plet

ed C

ISR

For

ms

prio

r to

SC

E d

iscl

osin

g an

y cu

stom

er P

erso

nal

Info

rmat

ion.

4. U

nder

stan

d w

heth

er T

hird

P

arty

con

trac

ting

docu

men

tatio

n is

con

sist

ent

with

the

SC

E’s

pol

icie

s an

d pr

oced

ures

.

4.a.

Rev

iew

ed c

ontr

act

tem

plat

e us

ed b

y S

CE

for

ven

dors

with

acc

ess

to C

over

ed In

form

atio

n or

EP

I (E

diso

n P

erso

nal I

nfor

mat

ion)

dat

ed J

une

2013

and

use

d th

roug

h th

e co

vere

d pe

riod,

and

not

ed t

he

follo

win

g la

ngua

ge s

urro

undi

ng p

rote

ctio

n of

cus

tom

er in

form

atio

n:

– 50

–

© 2

016

KP

MG

LLP

, a D

elaw

are

limite

d lia

bilit

y pa

rtne

rshi

p an

d th

e U

.S. m

embe

r fir

m o

f th

e K

PM

G n

etw

ork

of in

depe

nden

t m

embe

r fir

ms

affil

iate

d w

ith K

PM

G In

tern

atio

nal C

oope

rativ

e (“

KP

MG

Inte

rnat

iona

l”),

a S

wis

s en

tity.

All

right

s re

serv

ed. N

DP

PS

576

245

The

KP

MG

nam

e an

d lo

go a

re r

egis

tere

d tr

adem

arks

or

trad

emar

ks o

f K

PM

G In

tern

atio

nal.

—"C

ontr

acto

r sh

all,

and

shal

l req

uire

Con

trac

tor’

s P

erso

nnel

and

Sub

cont

ract

ors

to a

cces

s an

d us

e E

PI s

olel

y fo

r th

e pu

rpos

e of

per

form

ing

the

Ser

vice

s an

d cr

eatin

g D

eliv

erab

les

unde

r a

CW

A o

r S

OW

(as

appl

icab

le),

but

not

othe

rwis

e. In

add

ition

, Con

trac

tor

shal

l com

ply,

and

en

sure

tha

t C

ontr

acto

r’s

Per

sonn

el a

nd S

ubco

ntra

ctor

s co

mpl

y, w

ith a

ll A

pplic

able

Law

s an

d E

diso

n P

olic

ies

rela

ting

to t

he p

rote

ctio

n of

EP

I".

—"C

ontr

acto

r sh

all n

ot, a

nd s

hall

ensu

re C

ontr

acto

r’s

Per

sonn

el a

nd S

ubco

ntra

ctor

s do

not

: (i)

use

EP

I for

Con

trac

tor’

s, C

ontr

acto

r’s

Per

sonn

el o

r S

ubco

ntra

ctor

s’ o

wn

bene

fit o

r fo

r an

y pu

rpos

e ot

her

than

as

expr

essl

y st

ated

in S

ectio

n 7(

a) a

bove

; or

(ii) d

iscl

ose

EP

I to

any

Third

P

arty

; exc

ept

as p

erm

itted

" for

the

exe

cutio

n of

Ess

entia

l Ser

vice

s.

In a

dditi

on, t

he t

empl

ate

requ

ires

cons

ulta

nts

to c

ompl

y w

ith a

pplic

able

law

s re

latin

g to

pro

tect

ion

of

cust

omer

con

fiden

tial i

nfor

mat

ion,

and

sha

ll no

t us

e S

CE

’s c

usto

mer

info

rmat

ion

for

thei

r ow

n be

nefit

s, o

r di

sclo

se c

onfid

entia

l inf

orm

atio

n to

a T

hird

Par

ty. C

ontr

acte

d pa

rtie

s ar

e re

quire

d to

sig

n a

non-

disc

losu

re c

ertif

icat

e to

cer

tify

unde

rsta

ndin

g of

pro

tect

ing

conf

iden

tial i

nfor

mat

ion.

4.b.

Rev

iew

ed c

ontr

act

tem

plat

es f

or C

omm

unity

Cho

ice

Agg

rega

tors

(CC

As)

, Ele

ctric

Ser

vice

P

rovi

ders

(ES

Ps)

and

Mas

ter

Ser

vice

s A

gree

men

ts a

nd n

oted

tha

t th

ere

wer

e so

me

inco

nsis

tenc

ies

in

the

priv

acy

and

secu

rity

lang

uage

for

pro

visi

ons

rela

ted

to s

afeg

uard

ing

Cov

ered

Info

rmat

ion.

4.c.

Rev

iew

ed 9

sam

ple

cont

ract

s fo

r ve

ndor

s w

ith a

cces

s to

Cov

ered

Info

rmat

ion,

and

not

ed t

hat

7 of

th

e 9

cont

ract

s co

ntai

ned

prov

isio

ns r

equi

ring

the

Third

Par

ty t

o sa

fegu

ard

Cov

ered

Info

rmat

ion

at t

he

stan

dard

of

SC

E’s

in a

lignm

ent

with

the

Priv

acy

Dec

isio

ns.

KP

MG

obs

erve

d 2

Con

trac

ts n

ot in

ful

l co

mpl

ianc

e th

at w

ere

exec

uted

prio

r to

the

dat

e of

the

Priv

acy

Dec

isio

ns.

Alth

ough

the

se c

ontr

acts

co

ntai

n ce

rtai

n pr

ovis

ions

req

uirin

g th

e ve

ndor

to

safe

guar

d C

over

ed In

form

atio

n at

the

sta

ndar

d w

ith

whi

ch S

CE

pro

tect

s th

eir

own

info

rmat

ion,

the

re a

re s

ome

cont

ract

lang

uage

inco

nsis

tenc

ies.

SC

E is

aw

are

of t

hese

lega

cy c

ontr

acts

and

is w

orki

ng w

ith t

heir

proc

urem

ent

team

s to

upd

ate

thes

e ve

ndor

co

ntra

cts.

4.d.

Rev

iew

ed C

ontr

acto

r N

ondi

sclo

sure

Agr

eem

ents

and

not

ed t

hat

SC

E r

equi

res

third

par

ties

to

mai

ntai

n th

e co

nfid

entia

lity

of c

usto

mer

Per

sona

l Inf

orm

atio

n an

d ha

ve s

afeg

uard

s in

pla

ce t

o m

aint

ain

secu

re a

cces

s to

cus

tom

er P

erso

nal I

nfor

mat

ion.

4.e.

Rev

iew

ed t

he D

irect

Acc

ess

ES

P H

andb

ook

avai

labl

e pu

blic

ly o

n S

CE

.com

and

not

ed t

hat

it co

ntai

ns t

he in

stru

ctio

ns a

nd e

stab

lishm

ent

form

s re

quire

d fo

r an

ES

P t

o co

nduc

t bu

sine

ss w

ithin

the

S

CE

ser

vice

ter

ritor

ies.

Thi

s do

cum

ent

outli

nes

the

step

s ne

cess

ary

for

ES

Ps

to e

nrol

l with

Edi

son,

in

sign

ing

an E

SP

Ser

vice

Agr

eem

ent

and

com

plet

ing

CIS

R F

orm

s fo

r cu

stom

ers

serv

ed.

4.f.

Rev

iew

ed t

he E

SP

Ser

vice

Agr

eem

ent,

ava

ilabl

e on

line

at S

CE

.com

, and

not

ed t

hat

it co

ntai

ns

spec

ific

lang

uage

whe

re b

oth

part

ies

agre

e to

“re

mai

n in

com

plia

nce

with

all

appl

icab

le la

ws

and

tarif

fs, i

nclu

ding

app

licab

le C

PU

C r

equi

rem

ents

” as

wel

l as

not

to d

iscl

ose

“any

Con

fiden

tial

Info

rmat

ion

obta

ined

pur

suan

t to

thi

s A

gree

men

t to

any

Thi

rd P

arty

, inc

ludi

ng a

ffili

ates

of

such

Par

ty,

with

out

the

expr

ess

prio

r w

ritte

n co

nsen

t of

the

oth

er P

arty

.”

– 51

–

© 2

016

KP

MG

LLP

, a D

elaw

are

limite

d lia

bilit

y pa

rtne

rshi

p an

d th

e U

.S. m

embe

r fir

m o

f th

e K

PM

G n

etw

ork

of in

depe

nden

t m

embe

r fir

ms

affil

iate

d w

ith K

PM

G In

tern

atio

nal C

oope

rativ

e (“

KP

MG

Inte

rnat

iona

l”),

a S

wis

s en

tity.

All

right

s re

serv

ed. N

DP

PS

576

245

The

KP

MG

nam

e an

d lo

go a

re r

egis

tere

d tr

adem

arks

or

trad

emar

ks o

f K

PM

G In

tern

atio

nal.

5. In

spec

t sa

mpl

e ev

iden

ce o

f ac

know

ledg

men

ts /

cert

ifica

tions

fro

m t

hird

par

ties

rega

rdin

g co

mpl

ianc

e w

ith

SC

E’s

dat

a pr

ivac

y po

licie

s.

5.a.

Met

with

Priv

acy

Com

plia

nce

Pro

gram

Lea

der,

and

Man

ager

, Acq

uisi

tion

Pla

nnin

g an

d P

rocu

rem

ent

Ste

war

dshi

p, a

nd n

oted

tha

t al

l new

Thi

rd P

arty

ven

dors

are

con

trac

tual

ly o

blig

ated

per

th

eir

cont

ract

cla

uses

with

SC

E t

o m

aint

ain

the

priv

acy

of t

he in

form

atio

n sh

ared

, how

ever

, no

form

al

proc

ess

exis

ts t

o en

forc

e an

d tr

ack

com

plia

nce

of v

endo

rs a

nd s

uppl

iers

.

A f

orm

al p

roce

ss d

oes

not

exis

t to

enf

orce

or

trac

k co

mpl

ianc

e of

Th

ird P

arty

/ V

endo

r co

ntra

cts

arou

nd t

he

safe

guar

ding

of

Cov

ered

Info

rmat

ion.

6. D

eter

min

e w

heth

er S

CE

has

a

proc

ess

in p

lace

to

revi

ew

cont

ract

com

plia

nce

for

third

pa

rtie

s re

ceiv

ing

Cov

ered

In

form

atio

n.

6.a.

See

CP

UC

Rul

e 6c

Ass

essm

ent

Test

Res

ult

5.a.

for

det

ails

. A

for

mal

pro

cess

doe

s no

t ex

ist

to e

nfor

ce o

r tr

ack

com

plia

nce

of

Third

Par

ty /

Ven

dor

cont

ract

s ar

ound

the

sa

fegu

ardi

ng o

f C

over

ed In

form

atio

n.

CP

UC

R

ule

6

Ru

le d

escr

ipti

on

S

eco

nd

ary

Pu

rpo

ses.

No

cove

red

entit

y sh

all u

se o

r di

sclo

se c

over

ed in

form

atio

n fo

r an

y se

cond

ary

purp

ose

with

out

obta

inin

g th

e cu

stom

er’s

pr

ior,

exp

ress

, writ

ten

auth

oriz

atio

n fo

r ea

ch t

ype

of s

econ

dary

pur

pose

. Thi

s au

thor

izat

ion

is n

ot r

equi

red

whe

n in

form

atio

n is

:

(1) p

rovi

ded

purs

uant

to

a le

gal p

roce

ss a

s de

scrib

ed in

4(c

) abo

ve;

(2) p

rovi

ded

in s

ituat

ions

of

imm

inen

t th

reat

to

life

or p

rope

rty

as d

escr

ibed

in 4

(d) a

bove

; or

(3) a

utho

rized

by

the

Com

mis

sion

pur

suan

t to

its

juris

dict

ion

and

cont

rol.

d(1)

-(3)

Ass

essm

ent

pro

ced

ure

s A

sses

smen

t re

sult

s E

xcep

tio

ns

1. D

eter

min

e w

heth

er S

CE

en

gage

s in

sec

onda

ry p

urpo

ses,

an

d de

term

ine

if pr

oced

ures

are

in

pla

ce t

o:

—no

tify

indi

vidu

als

and

obta

in t

heir

cons

ent

prio

r to

dis

clos

ing

Cov

ered

Info

rmat

ion

to

a Th

ird P

arty

for

1.a.

Met

with

Prin

cipa

l Man

ager

, Bill

ing

Ope

ratio

ns M

anag

emen

t, a

nd B

usin

ess

Ana

lyst

, Bill

ing

Ope

ratio

ns M

anag

emen

t, a

nd n

oted

tha

t S

CE

cur

rent

ly d

oes

not

volu

ntar

ily e

ngag

e in

usi

ng C

over

ed

Info

rmat

ion

for

seco

ndar

y pu

rpos

es. W

e w

ere

info

rmed

tha

t S

CE

req

uire

s cu

stom

er c

onse

nt p

rior

to

disc

losu

re o

f C

over

ed In

form

atio

n fo

r se

cond

ary

purp

oses

, whi

ch w

ould

be

docu

men

ted

thro

ugh

a co

mpl

eted

and

sig

ned

Aut

horiz

atio

n to

Rec

eive

Cus

tom

er In

form

atio

n or

Act

upo

n a

Cus

tom

er’s

B

ehal

f (C

ISR

For

m).

See

als

o C

PU

C R

ule

6 c

(2) A

sses

smen

t Te

st R

esul

ts f

or d

etai

ls.

1.b.

Rev

iew

ed N

otic

e of

Acc

essi

ng, C

olle

ctin

g, S

torin

g, U

sing

and

Dis

clos

ing

Ene

rgy

Usa

ge

Info

rmat

ion

and

note

d th

at it

indi

cate

s cu

stom

ers

are

requ

ired

to p

rovi

de c

onse

nt f

or a

ny o

ther

use

th

at is

not

an

"ess

entia

l ser

vice

". S

CE

will

onl

y di

sclo

se C

over

ed In

form

atio

n fo

r a

purp

ose

unre

late

d to

ess

entia

l ser

vice

s un

der

4 sp

ecifi

c ci

rcum

stan

ces:

– 52

–

© 2

016

KP

MG

LLP

, a D

elaw

are

limite

d lia

bilit

y pa

rtne

rshi

p an

d th

e U

.S. m

embe

r fir

m o

f th

e K

PM

G n

etw

ork

of in

depe

nden

t m

embe

r fir

ms

affil

iate

d w

ith K

PM

G In

tern

atio

nal C

oope

rativ

e (“

KP

MG

Inte

rnat

iona

l”),

a S

wis

s en

tity.

All

right

s re

serv

ed. N

DP

PS

576

245

The

KP

MG

nam

e an

d lo

go a

re r

egis

tere

d tr

adem

arks

or

trad

emar

ks o

f K

PM

G In

tern

atio

nal.

purp

oses

not

iden

tifie

d in

the

priv

acy

notic

e,

—do

cum

ent

whe

ther

SC

E

has

notif

ied

the

indi

vidu

al a

nd r

ecei

ved

the

indi

vidu

al’s

con

sent

, m

onito

r th

at P

erso

nal

Info

rmat

ion

is b

eing

pr

ovid

ed t

o th

ird p

artie

s on

ly f

or u

ses

spec

ified

in

the

priv

acy

notic

e.

"(1) U

pon

rece

ipt

of [t

he C

usto

mer

s’] e

xplic

it co

nsen

t to

rel

ease

info

rmat

ion

to a

Thi

rd P

arty

tha

t [t

he

Cus

tom

ers]

spe

cific

ally

iden

tify,

(2) P

ursu

ant

to le

gal p

roce

ss s

uch

as a

war

rant

or

subp

oena

,

(3) I

n th

e ca

se o

f an

imm

inen

t th

reat

to

life

or p

rope

rty,

or

(4) A

s or

dere

d by

the

CP

UC

."

1.c.

Rev

iew

ed P

rivac

y N

otic

e pu

blic

ly a

vaila

ble

on t

he S

CE

.com

web

site

and

not

ed t

hat

SC

E r

equi

res

that

Cov

ered

Info

rmat

ion

may

onl

y be

dis

clos

ed t

o a

Third

Par

ty (w

hose

fun

ctio

ns d

o no

t re

late

to

Prim

ary

Pur

pose

s / E

ssen

tial S

ervi

ces)

with

prio

r cu

stom

er w

ritte

n co

nsen

t. S

ince

SC

E d

oes

not

enga

ge in

sec

onda

ry p

urpo

ses,

all

disc

losu

re o

f C

over

ed In

form

atio

n to

thi

rd p

artie

s re

late

d to

non

-es

sent

ial s

ervi

ces

wou

ld b

e in

itiat

ed b

y th

e C

usto

mer

.

1.d.

Met

with

Prin

cipa

l Man

ager

, Bill

ing

Ope

ratio

ns M

anag

emen

t an

d B

usin

ess

Ana

lyst

, Bill

ing

Ope

ratio

ns M

anag

emen

t an

d ob

serv

ed t

he p

roce

ssin

g of

a s

ampl

e C

ISR

For

m. T

he T

hird

Par

ty D

esk

is r

espo

nsib

le f

or t

he p

roce

ssin

g of

CIS

R F

orm

s as

wel

l as

fulfi

lling

dat

a re

ques

ts. C

ISR

For

ms

are

rece

ived

via

em

ail t

o 3r

dpar

ty@

sce.

com

or

via

mai

l or

fax.

Upo

n re

ceip

t, t

he C

ISR

For

m is

ana

lyze

d fo

r co

mpl

eten

ess

and

the

cust

omer

’s a

ccou

nt in

form

atio

n is

ver

ified

in C

SS

. If

no e

xcep

tions

are

no

ted,

the

info

rmat

ion

is d

ownl

oade

d fr

om C

SS

and

the

req

uest

is f

ulfil

led

by r

espo

ndin

g to

the

em

ail a

ddre

ss a

s no

ted

on t

he C

ISR

For

m. T

he T

hird

Par

ty d

esk

logs

CIS

R r

eque

sts

thro

ugh

the

inte

rnal

Off

ice

365

syst

em a

s w

ell a

s a

Sha

red

File

Sto

rage

driv

e, w

here

cop

ies

of a

ll co

rres

pond

ence

an

d co

mpl

eted

CIS

R F

orm

s ar

e st

ored

for

cus

tom

ers.

Man

agem

ent

perf

orm

s m

onth

ly Q

A/Q

C

chec

ks t

o en

sure

thi

s sy

stem

is o

pera

ting

as d

esig

ned.

2. D

eter

min

e w

heth

er c

usto

mer

co

nsen

t au

thor

izin

g us

e of

en

ergy

usa

ge d

ata

for

seco

ndar

y pu

rpos

es is

doc

umen

ted.

2.a.

Not

app

licab

le a

s S

CE

doe

s no

t di

sclo

se C

over

ed In

form

atio

n fo

r se

cond

ary

purp

oses

.

3. D

eter

min

e w

heth

er c

usto

mer

co

nsen

t au

thor

izin

g us

e of

en

ergy

usa

ge d

ata

for

seco

ndar

y pu

rpos

es is

doc

umen

ted

3.a.

Met

with

Prin

cipa

l Man

ager

, Bill

ing

Ope

ratio

ns M

anag

emen

t, a

nd B

usin

ess

Ana

lyst

, Bill

ing

Ope

ratio

ns M

anag

emen

t an

d no

ted

that

the

Thi

rd P

arty

des

k re

ceiv

es C

ISR

For

ms

via

emai

l to

3rdp

arty

@sc

e.co

m o

r vi

a m

ail a

nd f

ax. T

hese

CIS

R F

orm

s ar

e fil

ed in

SC

E’s

inte

rnal

Off

ice

365

syst

em a

s w

ell a

s a

Sha

red

File

Sto

rage

driv

e, a

cces

sibl

e on

ly t

o st

aff

with

in t

he B

illin

g O

pera

tions

de

part

men

t, r

ough

ly 8

em

ploy

ees.

CP

UC

R

ule

6

Ru

le d

escr

ipti

on

C

ust

om

er A

uth

ori

zati

on

:

(1) A

utho

rizat

ion.

Sep

arat

e au

thor

izat

ion

by e

ach

cust

omer

mus

t be

obt

aine

d fo

r al

l dis

clos

ures

of

cove

red

info

rmat

ion

exce

pt

as o

ther

wis

e pr

ovid

ed f

or h

erei

n.

e(1)

-(3)

– 53

–

© 2

016

KP

MG

LLP

, a D

elaw

are

limite

d lia

bilit

y pa

rtne

rshi

p an

d th

e U

.S. m

embe

r fir

m o

f th

e K

PM

G n

etw

ork

of in

depe

nden

t m

embe

r fir

ms

affil

iate

d w

ith K

PM

G In

tern

atio

nal C

oope

rativ

e (“

KP

MG

Inte

rnat

iona

l”),

a S

wis

s en

tity.

All

right

s re

serv

ed. N

DP

PS

576

245

The

KP

MG

nam

e an

d lo

go a

re r

egis

tere

d tr

adem

arks

or

trad

emar

ks o

f K

PM

G In

tern

atio

nal.

(2) R

evoc

atio

n. C

usto

mer

s ha

ve t

he r

ight

to

revo

ke, a

t an

y tim

e, a

ny p

revi

ousl

y gr

ante

d au

thor

izat

ion.

(3) O

ppor

tuni

ty t

o R

evok

e. T

he c

onse

nt o

f a

resi

dent

ial c

usto

mer

sha

ll co

ntin

ue w

ithou

t ex

pira

tion,

but

an

entit

y re

ceiv

ing

info

rmat

ion

purs

uant

to

a re

side

ntia

l cus

tom

er’s

aut

horiz

atio

n sh

all c

onta

ct t

he c

usto

mer

, at

leas

t an

nual

ly, t

o in

form

the

cu

stom

er o

f th

e au

thor

izat

ion

gran

ted

and

to p

rovi

de a

n op

port

unity

for

rev

ocat

ion.

The

con

sent

of

a no

n-re

side

ntia

l cus

tom

er

shal

l con

tinue

in t

he s

ame

way

, but

an

entit

y re

ceiv

ing

info

rmat

ion

purs

uant

to

a no

n-re

side

ntia

l cus

tom

er’s

aut

horiz

atio

n sh

all c

onta

ct t

he c

usto

mer

, to

info

rm t

he c

usto

mer

of

the

auth

oriz

atio

n gr

ante

d an

d to

pro

vide

an

oppo

rtun

ity f

or r

evoc

atio

n ei

ther

upo

n th

e te

rmin

atio

n of

the

con

trac

t, o

r an

nual

ly if

the

re is

no

cont

ract

.

Ass

essm

ent

pro

ced

ure

s A

sses

smen

t re

sult

s E

xcep

tio

ns

1. D

eter

min

e w

heth

er

cust

omer

s re

ceiv

e no

tice

and

mus

t pr

ovid

e se

para

te

auth

oriz

atio

n if

info

rmat

ion

is

bein

g us

ed f

or a

new

sec

onda

ry

purp

ose.

1.a.

Not

app

licab

le a

s S

CE

doe

s no

t vo

lunt

arily

eng

age

in s

econ

dary

pur

pose

s. S

ee a

lso

CP

UC

Rul

e 6

d (1

) Ass

essm

ent

Test

Res

ults

for

det

ails

.

2. U

nder

stan

d ho

w c

usto

mer

s ar

e no

tifie

d of

the

ir rig

ht t

o re

voke

any

pre

viou

sly

gran

ted

auth

oriz

atio

n an

d th

e pr

oces

s to

do

so.

2.a

Rev

iew

ed t

he C

ISR

For

m a

nd n

oted

tha

t in

ord

er t

o co

mpl

ete

the

form

, cus

tom

ers

mus

t pr

ovid

e ex

plic

it co

nsen

t an

d si

gn a

ckno

wle

dgem

ent

clau

se t

hat

stat

es “

[the

cus

tom

er] u

nder

stan

ds t

hat

[he/

she]

may

can

cel t

his

auth

oriz

atio

n at

any

tim

e by

sub

mitt

ing

a w

ritte

n re

ques

t."

2.b.

Rev

iew

ed t

he C

ISR

For

m a

nd n

oted

the

for

m a

llow

s fo

r th

e cu

stom

er t

o sp

ecify

wha

t ty

pes

of

Cov

ered

Info

rmat

ion

are

auth

oriz

ed f

or d

iscl

osur

e as

wel

l as

the

dura

tion

of a

utho

rizat

ion.

The

sp

ecifi

ed t

ypes

of

info

rmat

ion

incl

ude

the

optio

ns t

o re

ques

t an

d/or

rec

eive

any

:

—C

usto

mer

Bill

ing

Rec

ords

, Bill

ing

His

tory

, and

his

toric

al m

eter

usa

ge d

ata;

—C

opie

s of

cus

tom

er c

orre

spon

denc

e w

ith S

CE

—In

vest

igat

ion

of u

tility

bill

s

—S

peci

al m

eter

ing

data

in a

ssoc

iatio

n w

ith t

he a

ccou

nt

—R

ate

Ana

lysi

s in

form

atio

n

—R

ate

chan

ge in

form

atio

n

—V

erifi

catio

n of

bal

ance

s on

cus

tom

er a

ccou

nts

and

disc

ontin

uanc

e no

tices

.

The

spec

ified

dur

atio

n of

the

se r

eque

sts

are

for:

—S

ingl

e U

se A

utho

rizat

ion

—O

ne Y

ear

Aut

horiz

atio

n;

—C

usto

m A

utho

rizat

ion

up t

o a

spec

ified

dat

e (m

axim

um o

f 3

year

s).W

e al

so n

oted

tha

t a

new

CIS

R F

orm

mus

t be

sub

mitt

ed in

ord

er t

o ex

tend

or

rene

w t

he s

ame

auth

oriz

atio

n.

– 54

–

© 2

016

KP

MG

LLP

, a D

elaw

are

limite

d lia

bilit

y pa

rtne

rshi

p an

d th

e U

.S. m

embe

r fir

m o

f th

e K

PM

G n

etw

ork

of in

depe

nden

t m

embe

r fir

ms

affil

iate

d w

ith K

PM

G In

tern

atio

nal C

oope

rativ

e (“

KP

MG

Inte

rnat

iona

l”),

a S

wis

s en

tity.

All

right

s re

serv

ed. N

DP

PS

576

245

The

KP

MG

nam

e an

d lo

go a

re r

egis

tere

d tr

adem

arks

or

trad

emar

ks o

f K

PM

G In

tern

atio

nal.

2.c.

Met

with

Man

ager

, Rev

enue

Ser

vice

Ope

ratio

ns, a

nd o

bser

ved

the

proc

essi

ng o

f sa

mpl

e C

ISR

Fo

rms.

Not

ed t

hat

requ

est

for

data

is c

ompa

red

agai

nst

the

type

of

info

rmat

ion

auth

oriz

ed o

n th

e C

ISR

For

m a

nd d

ata

requ

ests

will

not

be

com

plet

ed if

not

dul

y au

thor

ized

by

the

Cus

tom

er.

CP

UC

R

ule

6

Ru

le d

escr

ipti

on

P

arit

y

Cov

ered

ent

ities

sha

ll pe

rmit

cust

omer

s to

can

cel a

utho

rizat

ion

for

any

seco

ndar

y pu

rpos

e of

the

ir co

vere

d in

form

atio

n by

th

e sa

me

mec

hani

sm in

itial

ly u

sed

to g

rant

aut

horiz

atio

n.

f Ass

essm

ent

pro

ced

ure

s A

sses

smen

t re

sult

s E

xcep

tio

ns

1. In

spec

t sa

mpl

e co

mm

unic

atio

ns t

o se

e w

heth

er

cust

omer

s ar

e no

tifie

d of

how

th

ey c

an c

ance

l aut

horiz

atio

n fo

r an

y se

cond

ary

purp

oses

.

1.a.

Rev

iew

ed t

he C

ISR

For

m a

nd n

oted

the

cus

tom

ers

mus

t ch

eck

a bo

x to

agr

ee t

hat

they

un

ders

tand

the

y “m

ay c

ance

l the

aut

horiz

atio

n at

any

tim

e by

sub

mitt

ing

a w

ritte

n re

ques

t.”

1.b.

Met

with

Prin

cipa

l Man

ager

, Bill

ing

Ope

ratio

ns M

anag

emen

t, a

nd B

usin

ess

Ana

lyst

, Bill

ing

Ope

ratio

ns M

anag

emen

t, a

nd n

oted

tha

t S

CE

cur

rent

ly d

oes

not

volu

ntar

ily e

ngag

e in

usi

ng C

over

ed

Info

rmat

ion

for

seco

ndar

y pu

rpos

es. W

e w

ere

info

rmed

tha

t S

CE

req

uire

s cu

stom

er c

onse

nt p

rior

to

disc

losu

re o

f C

over

ed In

form

atio

n fo

r se

cond

ary

purp

oses

, whi

ch w

ould

be

docu

men

ted

thro

ugh

a co

mpl

eted

and

sig

ned

Aut

horiz

atio

n to

Rec

eive

Cus

tom

er In

form

atio

n O

r A

ct U

pon

a C

usto

mer

’s

Beh

alf

(CIS

R F

orm

). S

ee a

lso

CP

UC

Rul

e 6

c (2

) Ass

essm

ent

Test

Res

ults

for

det

ails

.

1.c.

Met

with

Man

ager

, Cus

tom

er S

ervi

ce

Info

rmat

ion

Gov

erna

nce

Org

aniz

atio

n, a

nd n

oted

tha

t vi

a th

e G

reen

But

ton

Con

nect

pro

gram

, cus

tom

ers

have

acc

ess

thro

ugh

thei

r S

CE

‘My

Acc

ount

’ site

to

elec

tron

ical

ly a

utho

rize,

man

age,

and

rev

oke

acce

ss t

o th

ird p

artie

s.

CP

UC

R

ule

6

Ru

le d

escr

ipti

on

A

vaila

bili

ty o

f A

gg

reg

ated

Usa

ge

Dat

a.

Cov

ered

ent

ities

sha

ll pe

rmit

the

use

of a

ggre

gate

d us

age

data

tha

t is

rem

oved

of

all P

erso

nally

Iden

tifia

ble

info

rmat

ion

to b

e us

ed f

or a

naly

sis,

rep

ortin

g or

pro

gram

man

agem

ent

prov

ided

tha

t th

e re

leas

e of

tha

t da

ta d

oes

not

disc

lose

or

reve

al

spec

ific

cust

omer

info

rmat

ion

beca

use

of t

he s

ize

of t

he g

roup

, rat

e cl

assi

ficat

ion,

or

natu

re o

f th

e in

form

atio

n.

g

Ass

essm

ent

pro

ced

ure

s A

sses

smen

t re

sult

s E

xcep

tio

ns

1. D

eter

min

e w

heth

er S

CE

’s

Priv

acy

Not

ice

or in

tern

al p

olic

ies

addr

ess

the

use

of a

ggre

gate

in

form

atio

n.

1. E

xam

ined

the

Web

site

Priv

acy

Not

ice

and

note

d th

at t

he u

se o

f ag

greg

ate

non

Per

sona

l In

form

atio

n is

incl

uded

in t

he n

otic

e an

d st

ates

the

fol

low

ing:

"Non

Per

sona

l Inf

orm

atio

n” m

eans

in

form

atio

n th

at d

oes

not

uniq

uely

iden

tify

an in

divi

dual

or

grou

ps o

f in

divi

dual

s. T

his

Non

Per

sona

l In

form

atio

n is

mai

ntai

ned

by u

s in

the

agg

rega

te, s

o w

e do

not

kno

w t

he id

entit

y of

any

par

ticul

ar

user

or

grou

ps o

f us

ers.

"

– 55

–

© 2

016

KP

MG

LLP

, a D

elaw

are

limite

d lia

bilit

y pa

rtne

rshi

p an

d th

e U

.S. m

embe

r fir

m o

f th

e K

PM

G n

etw

ork

of in

depe

nden

t m

embe

r fir

ms

affil

iate

d w

ith K

PM

G In

tern

atio

nal C

oope

rativ

e (“

KP

MG

Inte

rnat

iona

l”),

a S

wis

s en

tity.

All

right

s re

serv

ed. N

DP

PS

576

245

The

KP

MG

nam

e an

d lo

go a

re r

egis

tere

d tr

adem

arks

or

trad

emar

ks o

f K

PM

G In

tern

atio

nal.

2. D

eter

min

e w

heth

er S

CE

has

a

proc

edur

e in

pla

ce t

o en

sure

ag

greg

ate

info

rmat

ion

does

not

di

sclo

se o

r re

veal

spe

cific

C

over

ed In

form

atio

n.

2.a.

Insp

ecte

d th

e ag

greg

ate

data

req

uest

logs

for

201

5 th

at w

ere

rece

ived

and

pro

cess

ed b

y th

e A

dvan

ced

Tech

nolo

gies

tea

m a

nd f

or a

sel

ecte

d sa

mpl

e pr

ojec

t it

was

not

ed :

Info

rmat

ion

rega

rdin

g en

ergy

con

sum

ed a

t th

e su

bsta

tion

leve

l was

pub

lishe

d fo

r th

e E

lect

ric P

ower

R

esea

rch

Inst

itute

(EP

RI).

How

ever

, rat

her

than

giv

e an

y sp

ecifi

c in

form

atio

n at

a g

ranu

lar

leve

l, th

e da

ta g

iven

was

at

the

subs

tatio

n le

vel a

nd t

here

was

no

dire

ct c

orre

latio

n to

any

spe

cific

cus

tom

er

met

ers.

2.b.

Met

with

Man

ager

, Loa

d R

esea

rch,

and

was

info

rmed

tha

t re

ques

ts f

or a

ggre

gate

bill

ing

data

in

clud

e va

rious

pre

caut

ions

to

prot

ect

the

iden

tity

of in

divi

dual

cus

tom

ers:

—id

entif

iabl

e in

form

atio

n is

rem

oved

fro

m a

ny d

ata

feed

—la

rge

cust

omer

dat

a is

agg

rega

ted

by r

ate

code

and

zip

cod

e

—fo

r zi

p co

des

with

few

er t

han

100

cust

omer

s, th

e cu

stom

er d

ata

is c

ombi

ned

with

ano

ther

zi

p co

de

2.c.

Met

with

Man

ager

, Adv

ance

d Te

chno

logi

es (T

rans

mis

sion

& D

istr

ibut

ion)

and

was

info

rmed

tha

t A

dvan

ced

Tech

nolo

gy w

ill t

ypic

ally

onl

y di

strib

ute

anon

ymiz

ed/a

ggre

gate

dat

a in

res

pons

e to

re

ques

ts f

rom

Aca

dem

ics

unle

ss t

here

is a

spe

cific

rea

son

not

to. T

he M

anag

er w

ill w

ork

with

the

Le

ader

, Priv

acy

Com

plia

nce

Pro

gram

to

valid

ate

the

requ

est

and

ensu

re t

he a

ppro

pria

te c

onse

nt

form

s ar

e co

mpl

eted

prio

r to

dis

trib

utio

n.

– 56

–

© 2

016

KP

MG

LLP

, a D

elaw

are

limite

d lia

bilit

y pa

rtne

rshi

p an

d th

e U

.S. m

embe

r fir

m o

f th

e K

PM

G n

etw

ork

of in

depe

nden

t m

embe

r fir

ms

affil

iate

d w

ith K

PM

G In

tern

atio

nal C

oope

rativ

e (“

KP

MG

Inte

rnat

iona

l”),

a S

wis

s en

tity.

All

right

s re

serv

ed. N

DP

PS

576

245

The

KP

MG

nam

e an

d lo

go a

re r

egis

tere

d tr

adem

arks

or

trad

emar

ks o

f K

PM

G In

tern

atio

nal.

CP

UC

RU

LE 7

Dat

a q

ual

ity

and

inte

gri

ty

Ove

rall

Co

ncl

usi

on

N

o e

xcep

tio

ns

no

ted

.

CP

UC

R

ule

7

Ru

le d

escr

ipti

on

C

over

ed e

ntiti

es s

hall

ensu

re t

hat

cove

red

info

rmat

ion

they

col

lect

, sto

re, u

se, a

nd d

iscl

ose

is r

easo

nabl

y ac

cura

te a

nd

com

plet

e or

oth

erw

ise

com

plia

nt w

ith a

pplic

able

rul

es a

nd t

ariff

s re

gard

ing

the

qual

ity o

f en

ergy

usa

ge d

ata.

Ass

essm

ent

pro

ced

ure

s A

sses

smen

t re

sult

s E

xcep

tio

ns

1. D

eter

min

e w

heth

er S

CE

’s

priv

acy

polic

ies

addr

ess

the

qual

ity o

f C

over

ed In

form

atio

n an

d ot

her

cust

omer

PII.

1.a.

Rev

iew

ed S

CE

Em

ploy

ee C

ode

of C

ondu

ct a

nd n

oted

SC

E e

mpl

oyee

s m

ust

alw

ays

com

plet

e an

d do

cum

ent

thei

r w

ork

accu

rate

ly a

nd in

acc

orda

nce

with

all

inte

rnal

con

trol

s an

d pr

oces

ses

as a

pa

rt o

f S

CE

’s c

omm

itmen

t to

the

pub

lic. .

1.b.

Rev

iew

ed S

CE

Priv

acy

Pro

gram

Com

plia

nce

Pro

gram

Man

ual a

nd n

oted

tha

t O

Us

are

requ

ired

to p

erio

dica

lly v

alid

ate

and

mak

e en

hanc

emen

ts f

or t

he p

rote

ctio

n, in

tegr

ity, a

nd a

vaila

bilit

y of

all

reco

rds.

1.c.

Rev

iew

ed S

CE

Sup

plie

r C

ode

of C

ondu

ct a

nd n

oted

tha

t su

pplie

rs a

re r

equi

red

to m

aint

ain

"acc

urat

e re

cord

s an

d pr

otec

t P

erso

nal I

nfor

mat

ion”

. It

indi

cate

tha

t “I

n ad

ditio

n, S

CE

req

uire

s su

pplie

rs t

o (1

) Mai

ntai

n ac

cura

te f

inan

cial

and

ope

ratio

nal r

ecor

ds, (

2) M

aint

ain,

ret

ain,

and

dis

pose

of

bus

ines

s re

cord

s as

soci

ated

with

sup

plie

r w

ork

for

SC

E in

acc

orda

nce

with

all

appl

icab

le le

gal a

nd

cont

ract

ual o

blig

atio

ns, a

nd (3

) not

ify S

CE

imm

edia

tely

reg

ardi

ng a

ny r

eque

st f

rom

a T

hird

Par

ty f

or

Edi

son

info

rmat

ion,

unl

ess

proh

ibite

d by

law

”.

1.d.

Rev

iew

ed P

rote

ctin

g P

erso

nal I

nfor

mat

ion

Pro

cedu

re p

olic

y av

aila

ble

to e

mpl

oyee

s on

the

in

tran

et a

nd n

oted

tha

t in

form

atio

n us

ed b

y em

ploy

ees

for

supp

liers

mus

t be

acc

urat

e an

d S

CE

sha

ll pr

ovid

e on

ly t

he P

erso

nal I

nfor

mat

ion

reas

onab

ly n

eces

sary

for

sup

plie

rs t

o co

mpl

ete

thei

r w

ork.

In

addi

tion,

the

doc

umen

t in

dica

tes

Per

sona

l Inf

orm

atio

n m

ust

be p

rote

cted

fro

m u

naut

horiz

ed a

cces

s,

loss

and

mis

use.

1.e.

Rev

iew

ed R

ecor

ds M

anag

emen

t P

olic

y an

d no

ted

that

the

re is

a s

peci

fic s

ectio

n de

dica

ted

to

reco

rds

qual

ity. I

t st

ates

“re

cord

s sh

all b

e co

mpl

ete,

up

to d

ate

and

accu

rate

so

that

the

y ca

n be

re

lied

on t

o su

ppor

t bu

sine

ss a

ctiv

ities

and

dec

isio

ns.”

2. In

spec

t sa

mpl

e co

mm

unic

atio

n to

cus

tom

ers

to e

nsur

e w

heth

er

SC

E p

olic

ies

incl

ude

cust

omer

da

ta in

tegr

ity.

2.a.

Rev

iew

ed S

CE

Not

ice

of A

cces

sing

, Col

lect

ing,

Sto

ring,

Usi

ng a

nd D

iscl

osin

g E

nerg

y U

sage

In

form

atio

n an

d no

ted

that

in o

rder

to

use

SC

E.c

om M

y A

ccou

nt f

eatu

res,

cus

tom

ers

are

requ

ired

to

volu

ntar

ily p

rovi

de a

nd m

aint

ain

thei

r P

erso

nal I

nfor

mat

ion

with

SC

E. T

he d

ocum

ent

also

pro

mpt

s cu

stom

ers

to c

onta

ct S

CE

sho

uld

ther

e be

any

cha

nges

and

upd

ates

to

thei

r in

form

atio

n at

:

—Te

leph

one:

180

065

545

55 (R

esid

entia

l) or

180

099

077

88

– 57

–

© 2

016

KP

MG

LLP

, a D

elaw

are

limite

d lia

bilit

y pa

rtne

rshi

p an

d th

e U

.S. m

embe

r fir

m o

f th

e K

PM

G n

etw

ork

of in

depe

nden

t m

embe

r fir

ms

affil

iate

d w

ith K

PM

G In

tern

atio

nal C

oope

rativ

e (“

KP

MG

Inte

rnat

iona

l”),

a S

wis

s en

tity.

All

right

s re

serv

ed. N

DP

PS

576

245

The

KP

MG

nam

e an

d lo

go a

re r

egis

tere

d tr

adem

arks

or

trad

emar

ks o

f K

PM

G In

tern

atio

nal.

—W

eb: w

ww

.sce

.com

/con

tact

us

—M

ail:

Sou

ther

n C

alifo

rnia

Edi

son

Att

n: C

hief

Eth

ics

and

Com

plia

nce

Off

icer

Pos

t O

ffic

e B

ox 8

00

Ros

emea

d, C

A 9

1770

2.b

Rev

iew

ed t

he M

y A

ccou

nt O

nlin

e S

ervi

ces

Term

s an

d C

ondi

tions

, ava

ilabl

e pu

blic

ly o

n S

CE

.com

, an

d no

ted

that

the

doc

umen

t st

ates

it is

the

cus

tom

er’s

res

pons

ibili

ty t

o en

sure

tha

t th

eir

cont

act

info

and

oth

er r

equi

red

info

rmat

ion

is c

urre

nt, a

ccur

ate,

and

upd

ated

pro

mpt

ly.

2.c

Rev

iew

ed t

he S

etup

Pro

cess

for

Lin

king

My

Acc

ount

Dat

a to

CS

S d

ocum

ent

and

note

d th

at

cust

omer

s ar

e m

anda

ted

to p

rovi

de a

ccur

ate,

mat

chin

g in

form

atio

n th

at c

orre

spon

d to

exi

stin

g da

ta

on f

ile in

CS

S s

yste

m in

ord

er t

o lin

k th

eir

SC

E.c

om M

y A

ccou

nt t

o th

eir

CS

S r

ecor

d. D

urin

g se

tup,

cu

stom

ers

mus

t ac

cept

the

My

Acc

ount

Onl

ine

Ser

vice

s Te

rms

and

Con

ditio

ns t

hat

stat

es t

hat

it is

th

e cu

stom

er’s

res

pons

ibili

ty t

o en

sure

the

ir in

form

atio

n is

cur

rent

, acc

urat

e, a

nd u

pdat

ed p

rom

ptly

. To

com

plet

e th

e se

tup

proc

ess,

a c

onfir

mat

ion

emai

l is

sent

to

the

cust

omer

’s in

box

to v

alid

ate

corr

ect

data

ent

ry o

f em

ail a

ddre

ss.

2.d.

Lis

tene

d to

sam

ple

cust

omer

cal

ls a

t th

e S

CE

Cus

tom

er C

onta

ct C

ente

r in

Irw

inda

le, C

A, a

nd

note

d th

at C

usto

mer

Ser

vice

Rep

rese

ntat

ives

pro

mpt

ed E

diso

n cu

stom

ers

to v

alid

ate

and

/ or

com

plet

e th

eir

user

info

rmat

ion

that

is o

n re

cord

with

SC

E.

3. D

eter

min

e w

heth

er p

roce

dure

s ar

e in

pla

ce t

hat:

—ed

it an

d va

lidat

e P

erso

nal I

nfor

mat

ion

as

it is

col

lect

ed, c

reat

ed,

mai

ntai

ned,

and

up

date

d.

—sp

ecify

whe

n th

e P

erso

nal I

nfor

mat

ion

is

no lo

nger

val

id.

3.a.

Rev

iew

ed P

rivac

y C

ompl

ianc

e P

rogr

am M

anua

l and

not

ed S

CE

OU

s ar

e in

stru

cted

to

only

co

llect

, sto

re, u

se, o

r di

sclo

se o

nly

as m

uch

cust

omer

Per

sona

l Inf

orm

atio

n as

is n

eces

sary

and

re

leva

nt t

o th

e pr

ojec

t or

sys

tem

.

3.b.

Rev

iew

ed R

ecor

ds M

anag

emen

t P

olic

y av

aila

ble

to a

ll em

ploy

ees

via

the

intr

anet

and

not

ed t

hat

empl

oyee

s ar

e in

stru

cted

to

reta

in r

ecor

ds a

s lo

ng a

s ne

cess

ary

for

lega

l, re

gula

tory

and

ope

ratio

nal

purp

oses

. The

pol

icy

also

indi

cate

s to

dis

pose

rec

ords

in a

ccor

danc

e w

ith a

pplic

able

ret

entio

n sc

hedu

les.

3.c.

Met

with

Man

ager

, Cus

tom

er C

onta

ct C

ente

r, a

nd li

sten

ed in

on

sam

ple

calls

, and

not

ed t

hat

CS

Rs

auth

entic

ated

cus

tom

ers

durin

g th

e ca

ll in

take

pro

cess

. The

pro

cess

incl

uded

val

idat

ion

of

cust

omer

acc

ount

info

rmat

ion

on f

ile, s

uch

as n

ame,

pho

ne n

umbe

r an

d ad

dres

s am

ong

othe

rs.

Cus

tom

ers

are

prom

pted

to

edit

and

upda

te t

heir

info

rmat

ion

on f

ile d

urin

g th

eir

calls

to

the

Con

tact

C

ente

r. C

usto

mer

s ar

e al

so in

stru

cted

tha

t th

ey c

an m

ake

edits

onl

ine

usin

g th

e M

y A

ccou

nt p

orta

l.

3.d.

Rev

iew

ed C

usto

mer

Con

tact

Cen

ter

Aut

hent

icat

ion

Pro

cess

for

Cal

l Cen

ter

Rep

rese

ntat

ives

and

no

ted

Cus

tom

er S

ervi

ce R

epre

sent

ativ

es m

ust

auth

entic

ate

cust

omer

s du

ring

the

call

inta

ke

proc

ess.

Thi

s pr

oces

s in

clud

es a

uthe

ntic

atio

n of

cus

tom

er a

ccou

nt in

form

atio

n, s

uch

as n

ame,

se

rvic

e ad

dres

s, la

st f

our

digi

ts o

f S

SN

, or D

L #,

prio

r to

rel

ease

of

acco

unt

info

rmat

ion.

– 58

–

© 2

016

KP

MG

LLP

, a D

elaw

are

limite

d lia

bilit

y pa

rtne

rshi

p an

d th

e U

.S. m

embe

r fir

m o

f th

e K

PM

G n

etw

ork

of in

depe

nden

t m

embe

r fir

ms

affil

iate

d w

ith K

PM

G In

tern

atio

nal C

oope

rativ

e (“

KP

MG

Inte

rnat

iona

l”),

a S

wis

s en

tity.

All

right

s re

serv

ed. N

DP

PS

576

245

The

KP

MG

nam

e an

d lo

go a

re r

egis

tere

d tr

adem

arks

or

trad

emar

ks o

f K

PM

G In

tern

atio

nal.

3.e.

Met

with

Man

ager

, Cre

dit

Ope

ratio

ns, a

nd c

ondu

cted

a w

alk

thro

ugh

of t

he B

ill P

aym

ent

and

Cre

dit

Ops

Cen

ter.

Not

ed t

hat

the

depa

rtm

ent

has

data

min

imiz

atio

n po

licie

s an

d pr

oced

ures

for

di

spos

al o

f co

nfid

entia

l cus

tom

er in

form

atio

n an

d its

des

truc

tion

whe

n th

e in

form

atio

n is

no

long

er

valid

. Pol

icie

s an

d pr

oced

ures

incl

ude:

—O

nly

Cre

dit

Ope

ratio

ns a

nd B

ill P

aym

ent

staf

f ha

ve a

cces

s to

the

off

ice.

Acc

ess

to t

he

park

ing

lot

and

build

ing

is c

ontr

olle

d vi

a em

ploy

ee k

ey c

ard

and

mon

itore

d w

ith s

ecur

ity

cam

eras

.

—N

ight

ly w

alkt

hrou

ghs

are

perf

orm

ed p

rior

to t

he c

losi

ng o

f th

e fa

cilit

y to

val

idat

e no

P

erso

nal I

nfor

mat

ion

is le

ft o

n de

sks

or p

rinte

rs.

—N

ot d

ispl

ayin

g, p

rintin

g, o

r ot

herw

ise

acce

ssin

g an

y P

erso

nal I

nfor

mat

ion

that

is n

ot

esse

ntia

l in

orde

r to

per

form

ing

a bu

sine

ssre

late

d ta

sk o

r jo

b fu

nctio

n.

—A

ll P

erso

nal I

nfor

mat

ion

that

is n

ot in

imm

edia

te u

se is

sto

red

in lo

cked

file

cab

inet

s. W

hen

disp

osin

g of

Per

sona

l Inf

orm

atio

n, d

ocum

ents

are

eith

er s

hred

ded

imm

edia

tely

or

plac

ed in

a

lock

ed s

hred

bin

. Tw

o sh

redd

ers

are

loca

ted

in t

he f

acili

ty a

s w

ell a

s sh

red

bins

for

larg

er

files

.

—O

ffic

e pr

inte

r an

d fa

x m

achi

ne is

dis

able

d ov

erni

ght.

Any

prin

t jo

bs o

r fa

xes

rece

ived

aft

er

busi

ness

hou

rs a

re s

tore

d in

mem

ory

and

acce

ssed

onl

y in

the

mor

ning

by

staf

f, w

ho in

put

a P

IN t

o ac

cess

the

prin

ter

mem

ory.

3.f.

Met

with

Man

ager

, Int

erna

l Aud

it, a

nd n

oted

tha

t cu

stom

er d

ata

priv

acy

and

secu

rity

is o

ne o

f th

e ar

eas

asse

ssed

and

con

side

red

in S

CE

’s y

early

inte

rnal

ann

ual r

isk

asse

ssm

ent.

Exc

eptio

ns

iden

tifie

d ar

e ad

dres

sed

by S

CE

thr

ough

ong

oing

enh

ance

men

t of

its

Priv

acy

Com

plia

nce

grou

p

3.g.

Rev

iew

ed L

ogic

al S

ecur

ity o

n S

CE

.com

Aud

it re

port

per

form

ed b

y A

udit

Ser

vice

s du

ring

the

cove

red

perio

d an

d no

ted

that

Aud

it S

ervi

ces

conc

lude

d th

e au

dit

as “

satis

fact

ory

with

exc

eptio

ns.”

3.h.

Rev

iew

ed t

he D

ata

Priv

acy

Gov

erna

nce

Aud

it re

port

per

form

ed b

y A

udit

Ser

vice

s du

ring

the

cove

red

perio

d an

d no

ted

that

Aud

it S

ervi

ces

dete

rmin

ed t

hat

the

prog

ram

is w

ell d

esig

ned

and

impl

emen

ted

and

conc

lude

d th

e au

dit

as “

satis

fact

ory

with

exc

eptio

ns.”

3.i.

Rev

iew

ed t

he C

usto

mer

Ser

vice

– D

ata

Pro

cess

ing

Sec

urity

Aud

it re

port

per

form

ed b

y A

udit

Ser

vice

s du

ring

the

cove

red

perio

d an

d no

ted

that

Aud

it S

ervi

ces

conc

lude

d th

e au

dit

as

“sat

isfa

ctor

y w

ith e

xcep

tions

.”

In a

dditi

on, w

e no

ted

that

SC

E’s

Inte

rnal

Aud

it te

am h

as c

ondu

cted

a n

umbe

r of

aud

its r

elat

ed t

o cu

stom

er p

rivac

y an

d IT

, with

con

tent

rel

ated

to

priv

acy

and

secu

rity.

The

Inte

rnal

Aud

it te

am

mon

itors

and

tra

cks

corr

ectiv

e ac

tions

to

rem

edy

the

findi

ngs

iden

tifie

d by

man

agem

ent

on a

pe

riodi

c ba

sis.

In c

ases

whe

re t

he b

usin

ess

fails

to

com

ply

with

the

Act

ion

Pla

n, a

lert

s ar

e se

nt t

o se

nior

exe

cutiv

es w

ithin

the

bus

ines

s un

it to

esc

alat

e an

d no

tify

them

of

the

cont

inue

d ex

istin

g ga

ps.

– 59

–

© 2

016

KP

MG

LLP

, a D

elaw

are

limite

d lia

bilit

y pa

rtne

rshi

p an

d th

e U

.S. m

embe

r fir

m o

f th

e K

PM

G n

etw

ork

of in

depe

nden

t m

embe

r fir

ms

affil

iate

d w

ith K

PM

G In

tern

atio

nal C

oope

rativ

e (“

KP

MG

Inte

rnat

iona

l”),

a S

wis

s en

tity.

All

right

s re

serv

ed. N

DP

PS

576

245

The

KP

MG

nam

e an

d lo

go a

re r

egis

tere

d tr

adem

arks

or

trad

emar

ks o

f K

PM

G In

tern

atio

nal.

4. In

spec

t sa

mpl

e ev

iden

ce t

o en

sure

tha

t pr

oced

ures

are

in

plac

e th

at h

elp

ensu

re P

erso

nal

Info

rmat

ion

is s

uffic

ient

ly r

elev

ant

for

the

purp

oses

for

whi

ch it

is t

o be

use

d an

d to

min

imiz

e th

e po

ssib

ility

tha

t in

appr

opria

te

info

rmat

ion

is u

sed

to m

ake

busi

ness

dec

isio

ns a

bout

the

in

divi

dual

.

4.a.

Rev

iew

ed P

rivac

y C

ompl

ianc

e P

rogr

am M

anua

l and

not

ed S

CE

info

rms

its e

mpl

oyee

s to

lim

it th

e am

ount

of

Per

sona

l Inf

orm

atio

n to

the

leas

t am

ount

nec

essa

ry t

o co

nduc

t an

OU

’s w

ork,

and

th

at if

the

OU

doe

s no

t ne

ed t

he d

ata,

it m

ust

not

be c

olle

cted

. Thi

s is

bot

h a

risk

redu

ctio

n st

rate

gy

as w

ell a

s an

ope

ratio

ns c

onsi

dera

tion.

The

doc

umen

t no

tes

that

if p

revi

ousl

y co

llect

ed P

erso

nal

Info

rmat

ion

serv

es n

o cu

rren

t bu

sine

ss p

urpo

se, t

hen

the

Per

sona

l Inf

orm

atio

n sh

all n

o lo

nger

be

colle

cted

and

a d

ispo

sitio

n st

rate

gy m

ust

be a

sses

sed

with

the

Priv

acy

Com

plia

nce

Pro

gram

Lea

der.

4.b.

Rev

iew

ed R

ecor

ds M

anag

emen

t an

d P

rote

ctin

g P

erso

nal I

nfor

mat

ion

proc

edur

es a

vaila

ble

to

empl

oyee

s on

the

intr

anet

and

not

ed t

hat

empl

oyee

s w

ith a

cces

s to

Cov

ered

Info

rmat

ion

are

inst

ruct

ed t

hat

docu

men

ts c

onta

inin

g P

erso

nal I

nfor

mat

ion

mus

t be

sec

urel

y st

ored

and

des

troy

ed.

The

docu

men

ts n

oted

tha

t P

erso

nal I

nfor

mat

ion

is n

ot t

o be

use

d fo

r IT

sys

tem

s te

stin

g. B

oth

docu

men

ts s

tate

tha

t vi

olat

ions

of

the

proc

edur

e m

ay r

esul

t in

dis

cipl

inar

y ac

tion,

up

to a

nd in

clud

ing

term

inat

ion

of e

mpl

oym

ent

and

civi

l or

crim

inal

liab

ility

.

4.c.

Met

with

Man

ager

, Adv

ance

d Te

chno

logi

es –

Tra

nsm

issi

ons

& D

istr

ibut

ion,

Man

ager

, Rev

enue

S

ervi

ces,

and

Man

ager

, Loa

d R

esea

rch,

and

not

ed t

hat

whe

n w

orki

ng w

ith o

r pr

ovid

ing

Cov

ered

In

form

atio

n ei

ther

inte

rnal

ly a

t S

CE

and

in r

espo

ndin

g to

dat

a re

ques

ts, d

ata

anal

ysts

rev

iew

the

dat

a re

ques

t fo

r re

ason

able

ness

, and

red

act

all u

nnec

essa

ry in

form

atio

n. T

he d

ata

prov

ided

is r

evie

wed

by

man

ager

s in

ord

er t

o en

sure

the

info

rmat

ion

is b

oth

rele

vant

to

the

requ

est

and

all o

ther

in

form

atio

n is

app

ropr

iate

ly r

edac

ted.

– 60

–

© 2

016

KP

MG

LLP

, a D

elaw

are

limite

d lia

bilit

y pa

rtne

rshi

p an

d th

e U

.S. m

embe

r fir

m o

f th

e K

PM

G n

etw

ork

of in

depe

nden

t m

embe

r fir

ms

affil

iate

d w

ith K

PM

G In

tern

atio

nal C

oope

rativ

e (“

KP

MG

Inte

rnat

iona

l”),

a S

wis

s en

tity.

All

right

s re

serv

ed. N

DP

PS

576

245

The

KP

MG

nam

e an

d lo

go a

re r

egis

tere

d tr

adem

arks

or

trad

emar

ks o

f K

PM

G In

tern

atio

nal.

CP

UC

RU

LE 8

Dat

a se

curi

ty

Ove

rall

Co

ncl

usi

on

N

o e

xcep

tio

ns

no

ted

.

CP

UC

R

ule

8

Ru

le d

escr

ipti

on

G

ener

ally

Cov

ered

ent

ities

sha

ll im

plem

ent

reas

onab

le a

dmin

istr

ativ

e, t

echn

ical

, and

phy

sica

l saf

egua

rds

to p

rote

ct c

over

ed

info

rmat

ion

from

una

utho

rized

acc

ess,

des

truc

tion,

use

, mod

ifica

tion,

or

disc

losu

re.

a Ass

essm

ent

pro

ced

ure

s A

sses

smen

t re

sult

s E

xcep

tio

ns

1. D

eter

min

e w

heth

er S

CE

has

do

cum

ente

d po

licie

s ad

dres

sing

se

curit

y pr

ovis

ions

for

Cov

ered

In

form

atio

n in

clud

ing:

—R

isk

asse

ssm

ent

and

trea

tmen

t

—S

ecur

ity p

olic

y

—O

rgan

izat

ion

of

info

rmat

ion

Sec

urity

—A

sset

man

agem

ent

—H

uman

res

ourc

es

secu

rity

—P

hysi

cal a

nd

envi

ronm

enta

l sec

urity

—C

omm

unic

atio

ns a

nd

oper

atio

ns m

anag

emen

t

—A

cces

s co

ntro

l

—In

form

atio

n sy

stem

s ac

quis

ition

, de

velo

pmen

t, a

nd

mai

nten

ance

—In

form

atio

n se

curit

y in

cide

nt m

anag

emen

t

1.a.

Per

inqu

iry o

f re

leva

nt s

take

hold

ers

and

insp

ectio

n of

doc

umen

tatio

n pr

ovid

ed it

was

not

ed t

hat

the

follo

win

g cy

bers

ecur

ity p

olic

ies/

proc

edur

es/s

tand

ards

/gui

delin

es a

re in

pla

ce t

o ad

dres

s se

curit

y pr

ovis

ions

for

SC

E, i

nclu

ding

Cov

ered

Info

rmat

ion:

—R

isk

Ass

essm

ent

and

Trea

tmen

t c

ontin

uous

thr

eat

and

vuln

erab

ility

iden

tific

atio

n an

d re

med

iatio

n is

per

form

ed b

y th

e C

yber

secu

rity

and

IT C

ompl

ianc

e gr

oup.

The

thr

eat

and

vuln

erab

ility

pro

cess

is f

orm

ally

doc

umen

ted.

Cyb

erse

curit

y an

d IT

Com

plia

nce

publ

ish

mon

thly

com

plia

nce

repo

rts

for

each

ope

ratin

g un

it de

scrib

ing

prog

ress

tow

ards

re

med

iatio

n.

—S

ecur

ity P

olic

y A

Phy

sica

l Sec

urity

and

Cyb

erse

curit

y P

olic

y is

in p

lace

and

acc

essi

ble

to

all S

CE

em

ploy

ees.

Add

ition

al s

uppo

rtin

g in

form

atio

n se

curit

y po

licie

s (e

.g. a

ccep

tabl

e us

e po

licy)

, sta

ndar

ds, p

roce

dure

s, a

nd g

uide

lines

are

als

o av

aila

ble.

—O

rgan

izat

ion

of In

form

atio

n S

ecur

ity

A f

orm

al C

yber

secu

rity

and

IT C

ompl

ianc

e gr

oup,

he

aded

by

the

Sr.

Man

ager

, Cyb

erse

curit

y, p

erfo

rms

gove

rnan

ce a

ctiv

ities

and

adh

eres

to

stan

dard

s; p

erfo

rms

risk

asse

ssm

ents

to

help

mai

ntai

n th

e ris

k re

gist

er; p

rovi

des

gove

rnan

ce o

ver

the

Vul

nera

bilit

y A

sses

smen

t pr

ogra

m; a

nd p

erfo

rms

inqu

iries

with

va

rious

par

ts o

f th

e bu

sine

ss t

o ve

t co

mpl

ianc

e w

ith s

tand

ards

; and

per

form

s a

stan

dard

s ex

cept

ion

proc

ess.

—A

sset

Man

agem

ent

Per

insp

ectio

n of

the

IT H

ardw

are

Ass

et M

anag

emen

t P

roce

ss

Doc

umen

t it

was

not

ed t

hat

all i

nfor

mat

ion

asse

ts m

ust

be a

ssig

ned

an o

wne

r, w

hich

is

trac

ked

by t

he IT

Ass

et a

nd C

onfig

urat

ion

Man

agem

ent

Team

. Ass

et o

wne

rs a

re

resp

onsi

ble

for

impl

emen

ting

and

mon

itorin

g se

curit

y an

d m

aint

enan

ce c

ontr

ols

arou

nd

thei

r as

sign

ed a

sset

s. A

ll as

sets

mus

t be

insp

ecte

d by

the

IT A

sset

and

Con

figur

atio

n M

anag

emen

t Te

am b

efor

e be

ing

disp

osed

of.

—H

uman

Res

ourc

es S

ecur

ity

The

requ

irem

ent

of b

ackg

roun

d ch

ecks

bef

ore

exte

rnal

ca

ndid

ates

can

be

hire

d by

SC

E is

a p

olic

y fo

r th

e H

R D

epar

tmen

t.

– 61

–

© 2

016

KP

MG

LLP

, a D

elaw

are

limite

d lia

bilit

y pa

rtne

rshi

p an

d th

e U

.S. m

embe

r fir

m o

f th

e K

PM

G n

etw

ork

of in

depe

nden

t m

embe

r fir

ms

affil

iate

d w

ith K

PM

G In

tern

atio

nal C

oope

rativ

e (“

KP

MG

Inte

rnat

iona

l”),

a S

wis

s en

tity.

All

right

s re

serv

ed. N

DP

PS

576

245

The

KP

MG

nam

e an

d lo

go a

re r

egis

tere

d tr

adem

arks

or

trad

emar

ks o

f K

PM

G In

tern

atio

nal.

—B

usin

ess

cont

inui

ty

man

agem

ent

—C

ompl

ianc

e

—P

hysi

cal a

nd E

nviro

nmen

tal S

ecur

ity

Phy

sica

l sec

urity

req

uire

men

t ar

e fo

rmal

ly

docu

men

ted

in t

he P

hysi

cal S

ecur

ity a

nd C

yber

secu

rity

Pol

icy

and

envi

ronm

enta

l sa

fegu

ards

wer

e co

nfirm

ed d

urin

g th

e si

te w

alkt

hrou

ghs.

—C

omm

unic

atio

ns a

nd O

pera

tions

Man

agem

ent

Enc

rypt

ion

requ

irem

ents

are

for

mal

ly

docu

men

ted

in t

he S

yste

ms

and

Com

mun

icat

ions

Pro

tect

ion

stan

dard

. Net

wor

k se

curit

y re

quire

men

ts a

re f

orm

ally

doc

umen

ted

in t

he C

ontr

ol S

yste

m N

etw

ork

Sta

ndar

d. R

emot

e ac

cess

req

uire

men

ts a

re f

orm

ally

doc

umen

ted

in t

he A

cces

s C

ontr

ol Id

entif

icat

ion

and

Aut

hent

icat

ion

Sta

ndar

d.

—A

cces

s C

ontr

ol

Acc

ess

Con

trol

req

uire

men

ts a

re f

orm

ally

doc

umen

ted

in t

he A

cces

s C

ontr

ol Id

entif

icat

ion

and

Aut

hent

icat

ion

Sta

ndar

d, a

s w

ell a

s B

usin

ess

Req

uire

men

ts f

or

Acc

ess

Con

trol

.

—In

form

atio

n S

yste

ms

Acq

uisi

tion,

Dev

elop

men

t, a

nd M

aint

enan

ce (S

DLC

) In

form

atio

n S

yste

m A

cqui

sitio

n, D

evel

opm

ent,

and

Mai

nten

ance

has

bee

n fo

rmal

ly d

ocum

ente

d in

the

S

yste

m a

nd S

ervi

ces

Acq

uisi

tion

Sta

ndar

d.

—In

form

atio

n S

ecur

ity In

cide

nt M

anag

emen

t In

form

atio

n S

ecur

ity In

cide

nt M

anag

emen

t ha

s be

en f

orm

ally

doc

umen

ted

in t

he C

yber

secu

rity

Inci

dent

Res

pons

e S

tand

ard

and

the

Phy

sica

l Sec

urity

and

Cyb

erse

curit

y P

olic

y.

—B

usin

ess

Con

tinui

ty M

anag

emen

t B

usin

ess

Con

tinui

ty M

anag

emen

t ha

s be

en f

orm

ally

do

cum

ente

d in

the

Dis

aste

r R

ecov

ery

Sta

ndar

d

—C

ompl

ianc

e T

he r

equi

rem

ent

for

com

plia

nce

with

app

licab

le p

rivac

y le

gisl

atio

n an

d re

gula

tions

has

bee

n fo

rmal

ly d

ocum

ente

d in

the

Priv

acy

Pol

icy.

2. D

eter

min

e w

heth

er S

CE

’s

priv

acy

polic

ies

and

proc

edur

es

cove

r pr

otec

tion

of e

lect

roni

c an

d pr

int

med

ia c

onta

inin

g C

over

ed

Info

rmat

ion

from

una

utho

rized

ac

cess

, des

truc

tion,

use

m

odifi

catio

n or

dis

clos

ure.

2.a.

Per

inqu

iry w

ith r

elev

ant

stak

ehol

ders

and

insp

ectio

n of

doc

umen

tatio

n re

ceiv

ed it

was

not

ed

that

the

re a

re p

olic

ies

and

proc

edur

es in

pla

ce t

o he

lp e

nsur

e pr

otec

tion

of e

lect

roni

c an

d pr

int

med

ia c

onta

inin

g C

over

ed In

form

atio

n fr

om u

naut

horiz

ed a

cces

s, d

estr

uctio

n, u

se m

odifi

catio

n or

di

sclo

sure

.

2.b.

Rev

iew

ed t

he C

lass

ifica

tion

and

Acc

ess

Pro

cedu

re s

tand

ard

and

note

d th

at t

he C

over

ed

Info

rmat

ion

clas

sific

atio

n is

labe

led

as C

onfid

entia

l.

2.c.

Rev

iew

ed t

he A

cces

s C

ontr

ol Id

entif

icat

ion

and

Aut

hent

icat

ion

stan

dard

, and

not

ed t

hat

ther

e ar

e fo

rmal

pol

icie

s ar

ound

acc

essi

ng, u

sing

, mod

ifyin

g, a

nd d

iscl

osin

g pr

int

and

elec

tron

ic d

ata.

3. D

eter

min

e w

heth

er a

m

anag

emen

t pr

oced

ure

exis

ts t

o m

onito

r co

mpl

ianc

e w

ith t

he

secu

rity

prov

isio

ns in

the

pol

icy

and

inst

ance

s of

non

com

plia

nce

are

iden

tifie

d an

d re

med

iate

d.

3.a.

Per

inqu

iry w

ith r

elev

ant

stak

ehol

ders

and

insp

ectio

n of

doc

umen

tatio

n re

ceiv

ed it

was

not

ed

that

a m

anag

emen

t pr

oced

ure

exis

ts t

o m

onito

r co

mpl

ianc

e w

ith t

he s

ecur

ity p

rovi

sion

s in

the

po

licy

and

inst

ance

s of

non

com

plia

nce

are

iden

tifie

d an

d re

med

iate

d.

3.b.

Met

with

Sr.

Man

ager

, Cyb

erse

curit

y, a

nd n

oted

tha

t th

ere

are

tech

nica

l con

trol

s an

d pr

oced

ures

in p

lace

to

mon

itor

atte

mpt

ed e

xfilt

ratio

n of

Cov

ered

Info

rmat

ion,

as

wel

l as

proc

edur

es

for

how

to

rem

edia

te id

entif

ied

inst

ance

s of

non

com

plia

nce.

– 62

–

© 2

016

KP

MG

LLP

, a D

elaw

are

limite

d lia

bilit

y pa

rtne

rshi

p an

d th

e U

.S. m

embe

r fir

m o

f th

e K

PM

G n

etw

ork

of in

depe

nden

t m

embe

r fir

ms

affil

iate

d w

ith K

PM

G In

tern

atio

nal C

oope

rativ

e (“

KP

MG

Inte

rnat

iona

l”),

a S

wis

s en

tity.

All

right

s re

serv

ed. N

DP

PS

576

245

The

KP

MG

nam

e an

d lo

go a

re r

egis

tere

d tr

adem

arks

or

trad

emar

ks o

f K

PM

G In

tern

atio

nal.

3.c.

Rev

iew

ed t

he R

isk

Ass

essm

ent

stan

dard

and

not

ed t

hat

it pr

ovid

es g

uide

lines

for

mon

itorin

g co

mpl

ianc

e of

sec

urity

pro

visi

ons

thro

ugh

inqu

iries

with

bus

ines

s un

its, r

isk

asse

ssm

ents

, and

vu

lner

abili

ty s

cann

ing.

4. R

evie

w e

vide

nce

of S

CE

pr

ovid

ing

cust

omer

s w

ith n

otic

e on

the

sec

urity

mec

hani

sms

used

by

the

Com

pany

to

prot

ect

thei

r C

over

ed In

form

atio

n.

4.a.

Per

inqu

iry o

f re

leva

nt s

take

hold

ers

and

insp

ectio

n of

doc

umen

tatio

n pr

ovid

ed it

was

not

ed t

hat

the

follo

win

g pr

oced

ures

are

in p

lace

to

addr

ess

prov

idin

g cu

stom

ers

with

not

ice

on t

he s

ecur

ity

mec

hani

sms

used

to

prot

ect

thei

r C

over

ed In

form

atio

n:

4.b.

Rev

iew

ed t

he S

CE

Web

site

Priv

acy

Not

ice

and

note

d th

at it

add

ress

es t

he s

ecur

ity

mec

hani

sms

used

by

SC

E t

o pr

otec

t C

over

ed In

form

atio

n.

4.c.

Rev

iew

ed t

he n

ew C

usto

mer

Wel

com

e M

aile

r an

d th

e N

ew C

usto

mer

Em

ail a

nd n

oted

tha

t cu

stom

ers

will

rec

eive

bot

h an

em

ail o

r w

elco

me

mai

ler

that

ref

eren

ces

the

Priv

acy

Not

ice

and

secu

rity

mea

sure

s to

pro

tect

the

ir da

ta.

5. R

evie

w e

vide

nce

that

SC

E’s

po

licie

s on

Dat

a S

ecur

ity a

re

com

mun

icat

ed t

o in

tern

al

empl

oyee

s an

d co

ntra

ctor

s w

ho

have

acc

ess

to C

over

ed

Info

rmat

ion.

5.a.

Per

insp

ectio

n of

the

sup

port

ing

docu

men

tatio

n re

late

d to

the

com

mun

icat

ion

of d

ata

secu

rity

polic

ies

to t

hose

who

hav

e ac

cess

to

Cov

ered

Info

rmat

ion

it w

as n

oted

tha

t th

e fo

llow

ing

notic

es

has

been

iden

tifie

d an

d fo

rmal

ly d

ocum

ente

d:

5.b.

Rev

iew

ed t

he P

hysi

cal S

ecur

ity a

nd C

yber

secu

rity

Pol

icy

and

the

Dat

a P

rote

ctio

n S

tand

ard

and

note

d th

at it

is p

ublis

hed

on t

he S

CE

intr

anet

site

, whi

ch is

acc

essi

ble

by a

ll S

CE

em

ploy

ees,

and

th

at it

pro

vide

s em

ploy

ees

with

gui

danc

e on

the

dat

a pr

ivac

y po

licy

for

SC

E.

5.c.

Rev

iew

ed t

he P

orta

l Pag

e S

cree

nsho

ts, w

hich

sho

w li

nks

to t

he P

rivac

y an

d C

yber

secu

rity

tabs

an

d as

soci

ated

pol

icie

s/st

anda

rds.

5.d.

Met

with

Priv

acy

Com

plia

nce

Pro

gram

Lea

der,

and

per

form

ed a

Sha

reP

oint

wal

kthr

ough

tha

t w

alke

d th

roug

h w

here

all

of t

he P

rivac

y an

d C

yber

secu

rity

Pol

icie

s ar

e lo

cate

d.

6. D

eter

min

e w

heth

er a

m

anag

emen

t pr

oced

ure

is in

pl

ace

to m

onito

r w

heth

er t

he

Com

pany

man

ages

its

secu

rity

prog

ram

to

help

ens

ure

the

prot

ectio

n of

Cov

ered

In

form

atio

n.

6.a.

Per

inqu

iry o

f re

leva

nt s

take

hold

ers

and

insp

ectio

n of

doc

umen

tatio

n pr

ovid

ed it

was

not

ed t

hat

the

follo

win

g pr

oced

ures

are

in p

lace

to

addr

ess

secu

rity

inco

rpor

atio

n in

the

SD

LC f

or S

CE

:

6.b.

Rev

iew

ed t

he A

pplic

atio

n S

ecur

ity S

tand

ards

, and

not

ed t

hat

all p

roje

cts/

appl

icat

ion

mus

t co

mpl

y w

ith S

ecur

e D

evel

opm

ent

stan

dard

s, a

nd a

ll of

the

Cyb

erse

curit

y P

olic

ies

and

stan

dard

s.

The

App

licat

ion

secu

rity

stan

dard

s pr

ovid

e gu

idan

ce f

or s

ecur

e co

ding

and

dev

elop

men

t, a

pplic

atio

n pa

rtiti

onin

g, a

pplic

atio

n se

curit

y te

stin

g, a

nd s

ecur

ity f

unct

ion

isol

atio

n.

6.c.

Met

with

Pro

gram

Ana

lyst

, IT

and

Cyb

erse

curit

y R

isk

Man

agem

ent,

and

not

ed t

hat

Pro

gram

m

anag

ers

may

con

tact

Cyb

erse

curit

y R

isk

Man

agem

ent

at t

he b

egin

ning

of

the

proj

ect

for

a ris

k as

sess

men

t. C

yber

secu

rity

Ris

k M

anag

emen

t w

orks

to

see

wha

t ty

pe o

f da

ta is

invo

lved

(Dat

a cr

itica

lity)

bas

ed o

n th

e se

curit

y re

quire

men

ts t

o en

sure

the

pro

ject

adh

eres

to

the

Com

pany

’s

Cyb

erse

curit

y S

tand

ards

. Tes

ting

is p

erfo

rmed

to

ensu

re c

yber

secu

rity

stan

dard

s ar

e m

et. F

or

repo

rted

non

com

plia

nce

item

s, a

ny u

nre

med

iate

d ris

ks m

ust

be a

ppro

ved

and

acce

pted

by

seni

or

man

agem

ent

and

IT.

– 63

–

© 2

016

KP

MG

LLP

, a D

elaw

are

limite

d lia

bilit

y pa

rtne

rshi

p an

d th

e U

.S. m

embe

r fir

m o

f th

e K

PM

G n

etw

ork

of in

depe

nden

t m

embe

r fir

ms

affil

iate

d w

ith K

PM

G In

tern

atio

nal C

oope

rativ

e (“

KP

MG

Inte

rnat

iona

l”),

a S

wis

s en

tity.

All

right

s re

serv

ed. N

DP

PS

576

245

The

KP

MG

nam

e an

d lo

go a

re r

egis

tere

d tr

adem

arks

or

trad

emar

ks o

f K

PM

G In

tern

atio

nal.

7. R

evie

w S

CE

’s r

elev

ant

polic

ies

to d

eter

min

e if

Com

pany

in

corp

orat

es s

ecur

ity in

to t

heir

SD

LC.

7.a.

Per

inqu

iry o

f re

leva

nt s

take

hold

ers

and

insp

ectio

n of

doc

umen

tatio

n pr

ovid

ed it

was

not

ed t

hat

the

follo

win

g pr

oced

ures

are

in p

lace

to

addr

ess

secu

rity

inco

rpor

atio

n in

the

SD

LC f

or S

CE

:

7.b.

Rev

iew

ed t

he A

pplic

atio

n S

ecur

ity S

tand

ards

, and

not

ed t

hat

all p

roje

cts/

appl

icat

ion

mus

t co

mpl

y w

ith S

ecur

e D

evel

opm

ent

stan

dard

s, a

nd a

ll of

the

Cyb

erse

curit

y P

olic

ies

and

stan

dard

s.

The

App

licat

ion

secu

rity

stan

dard

s pr

ovid

e gu

idan

ce f

or s

ecur

e co

ding

and

dev

elop

men

t, a

pplic

atio

n pa

rtiti

onin

g, a

pplic

atio

n se

curit

y te

stin

g, a

nd s

ecur

ity f

unct

ion

isol

atio

n.

7.c.

See

CP

UC

Rul

e 8a

Ass

essm

ent

Test

Res

ult

6.c.

for

det

ails

.

8. D

eter

min

e w

heth

er S

CE

use

s ap

prop

riate

fac

ility

ent

ry c

ontr

ols

to li

mit

and

mon

itor

phys

ical

ac

cess

to

syst

ems

and

loca

tions

w

here

Cov

ered

Info

rmat

ion

is

proc

esse

d an

d st

ored

.

8. P

er o

bser

vatio

n du

ring

site

wal

kthr

ough

s an

d in

quiry

with

rel

evan

t st

akeh

olde

rs it

was

not

ed t

hat

the

follo

win

g st

anda

rd is

in p

lace

to

addr

ess

phys

ical

con

trol

s fo

r C

over

ed In

form

atio

n fo

r S

CE

:

8.b.

Per

form

ed a

wal

kthr

ough

of

a D

ata

Cen

ter,

a C

usto

mer

Con

tact

Cen

ter,

Bill

Sup

port

Cre

dit

Col

lect

ions

Cen

ter,

a C

usto

mer

Ser

vice

Cen

ter,

and

the

Thi

rd P

arty

CIS

R d

esk

and

note

d th

at

phys

ical

acc

ess

cont

rols

diff

er f

rom

a r

estr

icte

d ar

ea v

s. n

onre

stric

ted

area

s, s

peci

fical

ly in

the

fo

llow

ing

way

s:

—A

cces

s is

con

trol

led

by b

adge

acc

ess

read

ers

to r

estr

icte

d ar

eas

—C

over

ed In

form

atio

n is

lock

ed in

to c

abin

ets

whe

n no

t in

use

or

at t

he e

nd o

f sh

ifts

—A

ll lo

catio

ns d

eplo

y a

man

tra

p an

d ha

ve s

ecur

ity g

uard

s at

ent

ry p

oint

s, a

nd u

se v

isito

r lo

g in

she

ets

at t

he lo

bby

to r

egis

ter

the

gues

ts c

omin

g in

to t

he f

acili

ty

8.c.

Obs

erve

d du

ring

the

Dat

a C

ente

r, a

Cus

tom

er C

onta

ct C

ente

r, B

ill S

uppo

rt C

redi

t C

olle

ctio

ns

Cen

ter,

a C

usto

mer

Ser

vice

Cen

ter,

and

a T

hird

Par

ty C

ISR

des

k W

alkt

hrou

ghs

the

follo

win

g ph

ysic

al c

ontr

ols

arou

nd P

erso

nal I

nfor

mat

ion:

—A

cces

s C

ontr

ol r

eade

rs a

t fr

ont

entr

ance

and

res

tric

ted

area

s

—V

isito

r Lo

g

—E

scor

ted

Acc

ess

to R

estr

icte

d A

reas

—V

ideo

Mon

itorin

g

—C

lean

Des

k/C

lear

Scr

een

Pol

icy

—M

aske

d In

form

atio

n on

Com

pute

rs

Wor

ksta

tion

Scr

een

Lock

s ar

e in

pla

ce w

hen

empl

oyee

s st

ep a

way

fro

m t

heir

desk

s.

9. D

eter

min

e w

heth

er S

CE

has

im

plem

ente

d pr

oced

ures

for

pr

otec

ting

Cov

ered

Info

rmat

ion

incl

udin

g co

ntro

ls f

or p

hysi

cally

se

curin

g al

l med

ia.

Rev

iew

ed t

he P

rote

ctin

g P

erso

nal I

nfor

mat

ion

proc

edur

e it

was

not

ed t

hat

ther

e ar

e pr

oced

ures

in

plac

e fo

r pr

otec

ting

Cov

ered

Info

rmat

ion,

incl

udin

g co

ntro

ls f

or p

hysi

cally

sec

urin

g al

l med

ia,

spec

ifica

lly a

t th

eir

desk

s an

d pr

inte

rs w

hen

away

.

– 64

–

© 2

016

KP

MG

LLP

, a D

elaw

are

limite

d lia

bilit

y pa

rtne

rshi

p an

d th

e U

.S. m

embe

r fir

m o

f th

e K

PM

G n

etw

ork

of in

depe

nden

t m

embe

r fir

ms

affil

iate

d w

ith K

PM

G In

tern

atio

nal C

oope

rativ

e (“

KP

MG

Inte

rnat

iona

l”),

a S

wis

s en

tity.

All

right

s re

serv

ed. N

DP

PS

576

245

The

KP

MG

nam

e an

d lo

go a

re r

egis

tere

d tr

adem

arks

or

trad

emar

ks o

f K

PM

G In

tern

atio

nal.

10. I

nspe

ct w

heth

er p

hysi

cal

reco

rds

cont

aini

ng C

over

ed

Info

rmat

ion

are

stor

ed in

lock

ed

cabi

nets

or

room

s re

stric

ting

unau

thor

ized

acc

ess.

10. P

er in

spec

tion

of t

he p

hysi

cal c

ontr

ols

used

to

prot

ect

phys

ical

rec

ords

con

tain

ing

Per

sona

l In

form

atio

n du

ring

the

site

wal

kthr

ough

it w

as n

oted

tha

t th

e fo

llow

ing

phys

ical

con

trol

s ar

e in

pla

ce

like

acce

ss c

ontr

olle

d fe

nce,

gua

rds

and

badg

e ac

cess

rea

ders

.

11. I

nqui

re o

f S

CE

’s p

erso

nnel

to

gain

an

unde

rsta

ndin

g of

the

lo

gica

l con

trol

pro

cedu

res

in p

lace

to

pre

vent

una

utho

rized

acc

ess

to

Cov

ered

Info

rmat

ion.

11.a

. Rev

iew

ed t

he A

cces

s C

ontr

ols

Sta

ndar

d an

d no

ted

that

for

mal

pro

cedu

res

to h

elp

ensu

re

auth

oriz

ed a

cces

s an

d pr

even

t un

auth

oriz

ed a

cces

s ar

e in

pla

ce a

nd d

ocum

ente

d.

11.b

. Rev

iew

ed t

he S

afeg

uard

Con

fiden

tial I

nfor

mat

ion

Whe

n P

rintin

g Jo

b A

id a

nd n

oted

tha

t sa

fegu

ards

are

doc

umen

ted

and

in p

lace

to

prot

ect

the

secu

rity

of P

erso

nal I

nfor

mat

ion

whe

n pr

intin

g.

11.c

. Rev

iew

ed t

he U

ser

Acc

ess

Man

agem

ent

Sta

ndar

d an

d no

ted

that

it r

equi

res

that

for

mal

pr

oced

ures

are

in p

lace

to

help

ens

ure

auth

oriz

ed a

cces

s an

d pr

even

t un

auth

oriz

ed a

cces

s.

11.d

. Inq

uire

d of

SC

E s

yste

m o

wne

rs o

f th

e sy

stem

s ha

ndlin

g C

over

ed In

form

atio

n an

d w

as

info

rmed

tha

t ac

cess

con

trol

s, p

roce

sses

to

gran

t ac

cess

, per

iodi

c re

view

s of

gra

nted

acc

ess

and

term

inat

ion

of a

cces

s pr

oces

s ex

ist

for

all i

nsc

ope

syst

ems.

12. I

nspe

ct e

vide

nce

that

logi

cal

cont

rols

are

in p

lace

to

prev

ent

unau

thor

ized

acc

ess

to C

over

ed

Info

rmat

ion

incl

udin

g us

er a

cces

s pr

ovis

ioni

ng a

nd d

epro

visi

onin

g.

Rev

iew

ed lo

gica

l con

trol

sam

ples

for

2 o

f th

e 14

insc

ope

syst

ems

and

note

d th

e fo

llow

ing:

—S

yste

m A

dmin

istr

ator

s w

ill o

nly

gran

t us

er a

cces

s af

ter

appr

opria

te m

anag

emen

t ap

prov

al.

—U

ser

acco

unt

acce

ss c

ompl

y w

ith s

ecur

ity c

ontr

ols

regu

late

d by

the

Com

pany

in a

dditi

on t

o ha

ving

app

rove

d ac

cess

to

spec

ifica

lly s

ecur

ed m

embe

rshi

p gr

oups

.

—U

ser

acco

unt

acce

ss w

as r

evie

wed

qua

rter

ly.

13. R

evie

w S

CE

’s r

elev

ant

polic

ies

to d

eter

min

e if

phys

ical

co

ntro

ls a

re in

pla

ce p

rote

ctin

g C

over

ed In

form

atio

n.

13.a

. Per

insp

ectio

n of

the

sup

port

ing

docu

men

tatio

n re

late

d to

the

phy

sica

l con

trol

s th

at p

rote

ct

Cov

ered

Info

rmat

ion

it w

as n

oted

tha

t th

e fo

llow

ing

man

agem

ent

proc

edur

e ha

s be

en id

entif

ied

and

form

ally

doc

umen

ted:

13.b

. Rev

iew

ed t

he P

hysi

cal S

ecur

ity a

nd C

yber

secu

rity

Pol

icy

and

note

d th

at t

here

are

con

trol

s in

pl

ace

arou

nd t

he p

hysi

cal p

rote

ctio

n of

Cov

ered

Info

rmat

ion

and

arou

nd v

isito

rs e

nter

ing

area

s w

here

Cov

ered

Info

rmat

ion

is s

tore

d.

13.c

. Val

idat

ed t

hrou

gh o

nsite

wal

kthr

ough

tha

t th

ese

phys

ical

acc

ess

cont

rols

in p

olic

y ar

e in

pla

ce.

14. I

nqui

re o

f S

CE

’s p

erso

nnel

to

gain

an

unde

rsta

ndin

g of

the

co

ntro

ls p

rote

ctin

g ph

ysic

al

acce

ss t

o sy

stem

s st

orin

g C

over

ed In

form

atio

n.

14.a

. Per

inqu

iry o

f th

e re

leva

nt s

take

hold

ers

and

insp

ectio

n of

the

phy

sica

l con

trol

s us

ed t

o pr

otec

t ph

ysic

al r

ecor

ds c

onta

inin

g C

over

ed In

form

atio

n du

ring

the

site

wal

kthr

ough

it w

as n

oted

tha

t th

e fo

llow

ing

phys

ical

con

trol

s ar

e in

pla

ce.

14.b

. Ins

pect

ed S

yste

m P

rofil

e Q

uest

ionn

aire

s fo

r sy

stem

s st

orin

g C

over

ed In

form

atio

n an

d no

ted

that

phy

sica

l con

trol

s ar

e in

pla

ce r

estr

ictin

g ac

cess

to

thes

e sy

stem

s.

14.c

. See

CP

UC

Rul

e 8a

10

Ass

essm

ent

Test

Res

ults

for

det

ails

– 65

–

© 2

016

KP

MG

LLP

, a D

elaw

are

limite

d lia

bilit

y pa

rtne

rshi

p an

d th

e U

.S. m

embe

r fir

m o

f th

e K

PM

G n

etw

ork

of in

depe

nden

t m

embe

r fir

ms

affil

iate

d w

ith K

PM

G In

tern

atio

nal C

oope

rativ

e (“

KP

MG

Inte

rnat

iona

l”),

a S

wis

s en

tity.

All

right

s re

serv

ed. N

DP

PS

576

245

The

KP

MG

nam

e an

d lo

go a

re r

egis

tere

d tr

adem

arks

or

trad

emar

ks o

f K

PM

G In

tern

atio

nal.

15. I

nspe

ct e

vide

nce

that

phy

sica

l ac

cess

to

site

s an

d sy

stem

s st

orin

g C

over

ed In

form

atio

n is

m

onito

red

and

rest

ricte

d.

15. P

er in

quiry

dur

ing

the

Dat

a C

ente

r si

te w

alkt

hrou

gh o

f th

e D

ata

Cen

ter

obse

rved

sev

eral

phy

sica

l se

curit

y ac

cess

con

trol

s lim

iting

acc

ess

to t

he f

acili

ty a

nd C

over

ed In

form

atio

n sy

stem

s.

16. R

evie

w S

CE

’s r

elev

ant

polic

ies

to d

eter

min

e if

envi

ronm

enta

l con

trol

s ar

e in

pl

ace.

16. S

ee C

PU

C R

ule

8 a

(1) A

sses

smen

t Te

st R

esul

ts.

17. I

nqui

re o

f S

CE

’s p

erso

nnel

to

gain

an

unde

rsta

ndin

g of

the

en

viro

nmen

tal c

ontr

ols

to p

rote

ct

syst

ems

stor

ing

Cov

ered

In

form

atio

n fr

om n

atur

al d

isas

ters

an

d en

viro

nmen

tal d

isas

ters

(suc

h as

fire

or

flood

ing)

.

17. P

er in

quiry

dur

ing

the

Dat

a C

ente

r si

te w

alkt

hrou

ghs

obse

rved

sev

eral

env

ironm

enta

l con

trol

s to

pr

otec

t sy

stem

s st

orin

g C

over

ed In

form

atio

n fr

om n

atur

al d

isas

ters

and

env

ironm

enta

l dis

aste

rs

such

as

fire

or f

lood

ing

18. I

nspe

ct w

heth

er S

CE

has

the

ab

ility

to

send

larg

e fil

es t

o 3r

d pa

rtie

s us

ing

Sec

ure

FTP

. File

s sh

ould

be

chec

ked

for

conf

iden

tial

data

prio

r to

be

tran

sfer

red.

18.a

. Rev

iew

ed t

he S

yste

m P

rofil

e Q

uest

ionn

aire

s an

d m

ost

appl

icat

ions

do

not

send

Cov

ered

In

form

atio

n to

thi

rd p

artie

s.

18.b

. Obs

erve

d em

ails

sen

t fr

om t

he T

hird

Par

ty C

ISR

des

k an

d no

ted

that

em

ails

con

tain

ing

Cov

ered

Info

rmat

ion

are

sent

via

enc

rypt

ed m

ail.

18.c

. Rev

iew

ed t

he P

rote

ctin

g P

erso

nal I

nfor

mat

ion

proc

edur

e an

d no

ted

that

the

re a

re g

uide

lines

fo

r se

ndin

g co

nfid

entia

l inf

orm

atio

n to

sup

plie

rs o

r th

ird p

artie

s. "E

mai

ls c

onta

inin

g P

erso

nal

Info

rmat

ion,

per

mitt

ed t

o be

sen

t ou

tsid

e th

e C

ompa

ny’s

em

ail s

yste

m, s

hall

be c

lass

ified

as

“con

fiden

tial”

and

pro

tect

ed u

sing

Com

pany

app

rove

d en

cryp

tion

tech

nolo

gy o

r an

othe

r se

cure

d m

etho

d."

19. I

nspe

ct w

heth

er S

CE

has

de

ploy

ed a

n au

tom

ated

too

l on

netw

ork

perim

eter

s th

at m

onito

rs

for

Cus

tom

er P

II, k

eyw

ords

, and

ot

her

docu

men

t ch

arac

teris

tics

to

disc

over

una

utho

rized

att

empt

s to

ex

filtr

ate

data

acr

oss

netw

ork

boun

darie

s an

d bl

ock

such

tr

ansf

ers

whi

le a

lert

ing

info

rmat

ion

secu

rity

pers

onne

l

19. a

. Per

inqu

iry o

f re

leva

nt s

take

hold

ers

it w

as n

oted

tha

t th

e fo

llow

ing

stan

dard

s ar

e in

pla

ce t

o ad

dres

s au

tom

ated

too

ls u

sed

to d

etec

t un

auth

oriz

ed d

ata

exfil

trat

ion

acro

ss n

etw

ork

boun

darie

s fo

r S

CE

: —D

ata

Loss

Pre

vent

ion

(DLP

) too

l is

depl

oyed

on

the

SC

E n

etw

ork

and

endp

oint

s, a

nd is

co

nfig

ured

to

mon

itor

all d

ata

cros

sing

the

net

wor

k bo

unda

ry.

—Th

e to

ol is

con

figur

ed t

o m

onito

r th

e co

nten

ts o

f al

l em

ails

and

file

s se

nt a

cros

s th

e ne

twor

k, in

clud

ing

all e

mai

l att

achm

ents

usi

ng c

usto

m m

ade

polic

ies

whi

ch s

earc

h fo

r sp

ecifi

c ty

pes

of s

ensi

tive

data

—Th

e to

ol is

con

figur

ed t

o de

tect

and

log

data

exf

iltra

tion

atte

mpt

s. T

he D

LP t

ool c

an

how

ever

not

blo

ck d

ata

exfil

trat

ion

but

does

sen

d no

tific

atio

ns.

– 66

–

© 2

016

KP

MG

LLP

, a D

elaw

are

limite

d lia

bilit

y pa

rtne

rshi

p an

d th

e U

.S. m

embe

r fir

m o

f th

e K

PM

G n

etw

ork

of in

depe

nden

t m

embe

r fir

ms

affil

iate

d w

ith K

PM

G In

tern

atio

nal C

oope

rativ

e (“

KP

MG

Inte

rnat

iona

l”),

a S

wis

s en

tity.

All

right

s re

serv

ed. N

DP

PS

576

245

The

KP

MG

nam

e an

d lo

go a

re r

egis

tere

d tr

adem

arks

or

trad

emar

ks o

f K

PM

G In

tern

atio

nal.

—A

ll da

ta e

xfilt

ratio

n at

tem

pts

are

logg

ed in

the

DLP

too

l log

ging

dat

abas

e.

20. I

nspe

ct w

heth

er S

CE

has

de

ploy

ed a

n au

tom

ated

too

l on

wor

ksta

tions

tha

t m

onito

rs f

or

Cus

tom

er P

II, k

eyw

ords

, and

ot

her

docu

men

t ch

arac

teris

tics

to

disc

over

una

utho

rized

att

empt

s to

ex

filtr

ate

data

to

rem

ovab

le m

edia

an

d bl

ock

such

tra

nsfe

rs w

hile

al

ertin

g in

form

atio

n se

curit

y pe

rson

nel

20. P

er in

quiry

of

rele

vant

sta

keho

lder

s it

was

not

ed t

hat

the

follo

win

g st

anda

rds

are

in p

lace

to

addr

ess

auto

mat

ed t

ools

on

wor

ksta

tions

whi

ch m

onito

rs f

or C

usto

mer

PII,

key

wor

ds, a

nd o

ther

do

cum

ent

char

acte

ristic

s to

dis

cove

r un

auth

oriz

ed a

ttem

pts

to e

xfilt

rate

dat

a to

rem

ovab

le m

edia

:

—Th

e D

LP t

ool i

s de

ploy

ed o

n al

l SC

E w

orks

tatio

ns, a

nd is

con

figur

ed t

o m

onito

r al

l dat

a be

ing

save

d on

rem

ovab

le m

edia

dev

ices

.

—P

oten

tial d

ata

exfil

trat

ion

even

ts a

re lo

gged

in t

he D

LP t

ool l

og a

nd r

evie

wed

by

the

Info

rmat

ion

Sec

urity

tea

m d

aily

. Inc

iden

ts a

re f

ollo

wed

up

on b

y th

e In

form

atio

n S

ecur

ity

mon

itorin

g te

am a

nd t

rack

ed in

the

tic

ketin

g sy

stem

if it

is a

tru

e po

sitiv

e in

cide

nt u

ntil

reso

lved

.

21. D

eter

min

e w

heth

er t

he

Com

pany

und

erst

ands

the

cur

rent

th

reat

land

scap

e an

d po

tent

ial

thre

ats

to t

he o

rgan

izat

ion

by

leve

ragi

ng m

ultip

le t

hrea

t fe

eds.

21. P

er in

quiry

of

rele

vant

sta

keho

lder

s it

was

not

ed t

hat

the

follo

win

g po

licie

s ar

e in

pla

ce t

o ad

dres

s th

e th

reat

land

scap

e fo

r S

CE

:

—P

er in

quiry

of

Sr.

Man

ager

, Cyb

erse

curit

y, it

was

not

ed t

hat

thre

at m

anag

emen

t is

a

cont

inuo

us p

roce

ss t

hat

is p

erfo

rmed

usi

ng a

com

bina

tion

of t

ools

and

pro

cedu

res.

Leg

acy

vend

or r

elat

ions

hips

rel

y on

a t

hrea

t la

ndsc

ape

that

is d

ated

. The

Cyb

erse

curit

y te

am w

orks

w

ith s

olut

ion

arch

itect

s an

d pu

ts t

hem

thr

ough

the

exc

eptio

n pr

oces

s. T

hey

have

to

acce

pt

risk

on b

ehal

f of

bus

ines

s. T

hey

use

the

met

hodo

logy

of

risk

asse

ssm

ents

(Low

, Med

ium

, an

d H

igh)

to

dete

rmin

e ap

prop

riate

leve

l of

man

agem

ent.

—C

ontin

uous

vul

nera

bilit

y sc

ans

are

perf

orm

ed o

n al

l ass

ets.

Hig

h le

vel v

ulne

rabi

lity

scan

re

sults

are

rep

orte

d to

the

CIO

.

22 In

spec

t w

heth

er t

he C

ompa

ny

scan

s so

urce

cod

e fo

r bu

gs a

nd

vuln

erab

ilitie

s be

fore

mov

ing

it in

to p

rodu

ctio

n

22. P

er in

quiry

of

rele

vant

sta

keho

lder

s an

d in

spec

tion

of d

ocum

ents

pro

vide

d it

was

not

ed t

hat

the

follo

win

g po

licie

s ar

e in

pla

ce t

o ad

dres

s th

e sy

stem

s de

velo

pmen

t lif

e cy

cle

for

SC

E.

—R

evie

wed

the

App

licat

ion

Sec

urity

Sta

ndar

d an

d de

term

ined

tha

t vu

lner

abili

ty s

cans

mus

t be

per

form

ed o

n al

l Com

pany

Com

putin

g S

yste

ms

prio

r to

dep

loym

ent

for

prod

uctio

n op

erat

ions

. “V

ery

Hig

h”, “

Hig

h”, o

r “M

oder

ate”

impa

ct v

ulne

rabi

litie

s di

scov

ered

dur

ing

the

afor

emen

tione

d sc

an m

ust

be m

itiga

ted

prio

r to

dep

loym

ent

of t

he s

yste

m f

or

prod

uctio

n op

erat

ions

. Low

or

Info

rmat

iona

l im

pact

vul

nera

bilit

ies

disc

over

ed m

ust

have

m

itiga

tion

plan

s de

velo

ped

prio

r to

pro

duct

ion

depl

oym

ent.

—M

et w

ith M

anag

er, C

yber

secu

rity,

and

was

not

ed t

hat

test

ing

is p

erfo

rmed

to

ensu

re t

hey

are

in c

ompl

ianc

e w

ith c

yber

secu

rity

stan

dard

s an

d a

form

al r

isk

acce

ptan

ce is

gra

nted

be

fore

any

sys

tem

is m

oved

into

pro

duct

ion.

23. I

nspe

ct w

heth

er S

CE

’s

deve

lopm

ent/

test

env

ironm

ents

ar

e se

para

te f

rom

the

pro

duct

ion

23. P

er r

evie

w o

f do

cum

ente

d po

licy

it w

as n

oted

tha

t th

e fo

llow

ing

polic

ies

are

in p

lace

to

addr

ess

the

syst

ems

deve

lopm

ent

life

cycl

e.

– 67

–

© 2

016

KP

MG

LLP

, a D

elaw

are

limite

d lia

bilit

y pa

rtne

rshi

p an

d th

e U

.S. m

embe

r fir

m o

f th

e K

PM

G n

etw

ork

of in

depe

nden

t m

embe

r fir

ms

affil

iate

d w

ith K

PM

G In

tern

atio

nal C

oope

rativ

e (“

KP

MG

Inte

rnat

iona

l”),

a S

wis

s en

tity.

All

right

s re

serv

ed. N

DP

PS

576

245

The

KP

MG

nam

e an

d lo

go a

re r

egis

tere

d tr

adem

arks

or

trad

emar

ks o

f K

PM

G In

tern

atio

nal.

envi

ronm

ent,

with

acc

ess

cont

rol

in p

lace

to

enfo

rce

the

sepa

ratio

n.

—R

evie

wed

the

App

licat

ion

Sec

urity

Sta

ndar

d an

d no

ted

that

pro

duct

ion

envi

ronm

ents

mus

t be

isol

ated

fro

m o

ther

env

ironm

ents

(e.g

. dev

elop

men

t, s

tagi

ng o

r te

stin

g en

viro

nmen

ts)

for

all a

pplic

atio

ns. A

lso,

not

ed t

hat

acce

ss t

o ap

plic

atio

n so

urce

cod

e is

res

tric

ted

to o

nly

indi

vidu

als

that

are

aut

horiz

ed.

24. D

eter

min

e w

heth

er S

CE

doe

s no

t us

e P

rodu

ctio

n C

over

ed

Info

rmat

ion

for

test

ing

or

deve

lopm

ent.

Tes

t da

ta a

nd

acco

unts

are

rem

oved

bef

ore

a pr

oduc

tion

syst

em b

ecom

es

activ

e.

24. R

evie

wed

the

App

licat

ion

Sec

urity

Sta

ndar

d an

d no

ted

that

pro

duct

ion

data

can

not

be c

opie

d in

to t

est

or s

tage

env

ironm

ents

with

out

adeq

uate

pro

tect

ion

of c

onfid

entia

l inf

orm

atio

n as

def

ined

by

the

Com

pany

’s R

ecor

ds M

anag

emen

t P

olic

y.

25. I

nspe

ct w

heth

er S

CE

util

izes

a

Dat

a M

aski

ng t

ool t

o lim

it ac

cess

to

and

pro

tect

Cov

ered

In

form

atio

n an

d ot

her

PII.

25. O

bser

ved

at t

he C

usto

mer

Con

tact

Cen

ter

and

at t

he C

usto

mer

Ser

vice

cen

ter

that

Soc

ial

Sec

urity

num

bers

and

Ban

k N

umbe

rs a

re m

aske

d on

the

scr

eens

.

26. I

nspe

ct w

heth

er S

CE

’s w

eb

appl

icat

ions

sho

uld

use

encr

yptio

n w

hen

tran

smitt

ing

sens

itive

dat

a ac

ross

the

net

wor

k.

26.a

. Rev

iew

ed t

he D

ata

Pro

tect

ion

Sta

ndar

d, w

hich

out

lines

the

enc

rypt

ion

for

diff

eren

t cl

assi

ficat

ions

of

data

at

rest

and

in t

rans

it.

26.b

. Rev

iew

ed t

he P

erso

nal C

ompu

ting

Dev

ice

Sta

ndar

d, w

hich

req

uire

s al

l per

sona

l com

putin

g de

vice

s to

ena

ble

encr

yptio

n of

SC

E d

ata

in t

rans

it an

d at

res

t.

26.c

. Rev

iew

ed t

he S

yste

m a

nd C

omm

unic

atio

ns P

rote

ctio

n S

tand

ard,

whi

ch o

utlin

es S

ecur

e S

ocke

t La

yer

(SS

L) V

irtua

l Priv

ate

Net

wor

k (V

PN

) con

nect

ions

to

SC

E n

etw

orks

and

the

re

quire

men

ts.

26.d

. Obs

erve

d em

ails

sen

t fr

om t

he T

hird

Par

ty C

ISR

des

k an

d no

ted

that

em

ails

con

tain

ing

Cov

ered

Info

rmat

ion

are

sent

via

enc

rypt

ed m

ail

27. D

eter

min

e w

heth

er S

CE

has

im

plem

ente

d an

Intr

usio

n D

etec

tion

syst

em w

ithin

the

en

viro

nmen

t to

det

ect

and

gene

rate

log

mes

sage

s de

taili

ng

even

ts.

27. M

et w

ith M

anag

er, C

yber

secu

rity,

and

con

firm

ed t

hat

SC

E h

as a

IDS

/IPS

whi

ch f

eeds

into

the

S

IEM

too

l for

logg

ing

and

mon

itorin

g.

280.

Det

erm

ine

whe

ther

SC

E h

as

impl

emen

ted

an In

trus

ion

Pre

vent

ion

syst

em w

ithin

the

28. M

et w

ith M

anag

er, C

yber

secu

rity,

and

con

firm

ed t

hat

SC

E h

as a

IDS

/IPS

whi

ch f

eeds

into

the

S

IEM

too

l for

logg

ing

and

mon

itorin

g.

– 68

–

© 2

016

KP

MG

LLP

, a D

elaw

are

limite

d lia

bilit

y pa

rtne

rshi

p an

d th

e U

.S. m

embe

r fir

m o

f th

e K

PM

G n

etw

ork

of in

depe

nden

t m

embe

r fir

ms

affil

iate

d w

ith K

PM

G In

tern

atio

nal C

oope

rativ

e (“

KP

MG

Inte

rnat

iona

l”),

a S

wis

s en

tity.

All

right

s re

serv

ed. N

DP

PS

576

245

The

KP

MG

nam

e an

d lo

go a

re r

egis

tere

d tr

adem

arks

or

trad

emar

ks o

f K

PM

G In

tern

atio

nal.

envi

ronm

ent

to d

etec

t ev

ents

and

re

ject

pac

kets

.

29. I

nspe

ct w

heth

er S

CE

onl

y al

low

s lim

ited

acce

ss t

o ne

twor

k re

sour

ce t

o ve

ndor

s an

d 3r

d pa

rtie

s.

29. R

evie

wed

the

Thi

rd P

arty

Pro

vide

r S

tand

ard

and

note

d th

at a

cces

s to

SC

E s

yste

ms

and

netw

orks

by

third

par

ties

or c

ontr

acto

rs m

ust

go t

hrou

gh f

ull m

anag

emen

t re

view

. Als

o no

ted

the

follo

win

g:

—A

cces

s to

the

Com

pany

Com

putin

g S

yste

ms

mus

t us

e S

CE

’s s

ecur

e vi

rtua

l clie

nt.

—P

erso

nnel

with

acc

ess

to S

CE

’s C

ompa

ny C

ompu

ting

Sys

tem

s m

ust

not

shar

e ac

coun

ts o

r pa

ssw

ords

use

d to

acc

ess

the

SC

E’s

Com

pany

Com

putin

g S

yste

ms.

—S

CE

use

r ac

coun

ts p

rovi

ded

to S

ervi

ce P

rovi

der

pers

onne

l mus

t in

divi

dual

ly id

entif

y th

e pe

rson

with

acc

ess

to e

nsur

e no

nrep

udia

tion

of a

ll us

er a

ccou

nt a

ctiv

ity.

—U

pon

pers

onne

l ter

min

atio

n, lo

gica

l acc

ess

to S

CE

Com

pany

Com

putin

g S

yste

ms

mus

t be

re

voke

d w

ithin

24

hour

s of

the

ter

min

atio

n ac

tion.

—N

onS

CE

dev

ices

con

nect

ed t

o S

CE

Com

pany

Com

putin

g S

yste

ms

shal

l con

nect

fro

m a

n is

olat

ed n

etw

ork

encl

ave

that

onl

y pe

rmits

con

nect

ions

via

the

sec

ure

virt

ual d

eskt

op.

—C

onne

ctio

ns o

rigin

atin

g fr

om o

utsi

de S

CE

con

trol

led

netw

orks

req

uire

tw

ofa

ctor

au

then

ticat

ion.

30. D

eter

min

e w

heth

er S

CE

has

a

form

al p

roce

ss f

or a

ppro

ving

and

te

stin

g al

l net

wor

k co

nnec

tions

an

d ch

ange

s to

the

fire

wal

l and

ro

uter

con

figur

atio

ns

30. S

CE

has

a f

orm

al c

hang

e m

anag

emen

t pr

oces

s th

roug

h w

hich

net

wor

k an

d fir

ewal

l cha

nges

are

m

onito

red

and

appr

oved

.

31. I

nspe

ct w

heth

er S

CE

has

im

plem

ente

d a

DM

Z to

lim

it in

boun

d tr

affic

to

only

sys

tem

co

mpo

nent

s th

at p

rovi

de

auth

oriz

ed p

ublic

ly a

cces

sibl

e se

rvic

es, p

roto

cols

, and

por

ts.

31. P

er r

evie

w o

f th

e C

ontr

ol S

yste

m N

etw

ork

and

Sys

tem

and

Com

mun

icat

ions

Pro

tect

ion

stan

dard

s, it

was

not

ed t

hat

a D

MZ

is in

pla

ce t

o lim

it in

boun

d tr

affic

to

only

sys

tem

com

pone

nts

that

pro

vide

aut

horiz

ed p

ublic

ally

acc

essi

ble

serv

ices

, pro

toco

ls, a

nd p

orts

.

– 69

–

© 2

016

KP

MG

LLP

, a D

elaw

are

limite

d lia

bilit

y pa

rtne

rshi

p an

d th

e U

.S. m

embe

r fir

m o

f th

e K

PM

G n

etw

ork

of in

depe

nden

t m

embe

r fir

ms

affil

iate

d w

ith K

PM

G In

tern

atio

nal C

oope

rativ

e (“

KP

MG

Inte

rnat

iona

l”),

a S

wis

s en

tity.

All

right

s re

serv

ed. N

DP

PS

576

245

The

KP

MG

nam

e an

d lo

go a

re r

egis

tere

d tr

adem

arks

or

trad

emar

ks o

f K

PM

G In

tern

atio

nal.

CP

UC

R

ule

8

Ru

le d

escr

ipti

on

N

oti

fica

tio

n o

f B

reac

h:

A c

over

ed T

hird

Par

ty s

hall

notif

y th

e co

vere

d el

ectr

ical

/gas

cor

pora

tion

that

is t

he s

ourc

e of

the

cov

ered

dat

a w

ithin

one

w

eek

of t

he d

etec

tion

of a

bre

ach.

Upo

n a

brea

ch a

ffec

ting

1,00

0 or

mor

e cu

stom

ers,

whe

ther

by

a co

vere

d el

ectr

ical

/gas

co

rpor

atio

n or

by

a co

vere

d Th

ird P

arty

, the

cov

ered

ele

ctric

al/g

as c

orpo

ratio

n sh

all n

otify

the

Com

mis

sion

’s E

xecu

tive

Dire

ctor

of

secu

rity

brea

ches

of

cove

red

info

rmat

ion

with

in t

wo

wee

ks o

f th

e de

tect

ion

of a

bre

ach

or w

ithin

one

wee

k of

no

tific

atio

n by

a c

over

ed T

hird

Par

ty o

f su

ch a

bre

ach.

Upo

n re

ques

t by

the

Com

mis

sion

, ele

ctric

al/g

as c

orpo

ratio

ns s

hall

notif

y th

e C

omm

issi

on’s

Exe

cutiv

e D

irect

or o

f se

curit

y br

each

es o

f co

vere

d in

form

atio

n.

b

Ass

essm

ent

pro

ced

ure

s A

sses

smen

t re

sult

s E

xcep

tio

ns

1. D

eter

min

e w

heth

er S

CE

has

do

cum

ente

d in

cide

nt r

espo

nse

and

brea

ch m

anag

emen

t pr

oced

ures

in p

lace

incl

udin

g ro

les

and

resp

onsi

bilit

ies,

tes

ting

and

trai

ning

, inc

iden

t cl

assi

ficat

ion

and

logg

ing,

re

med

iatio

n, a

nd p

rogr

am

upda

tes.

1.a.

Rev

iew

ed t

he P

rivac

y B

reac

h N

otifi

catio

n pr

oced

ure

and

note

d th

at it

cov

ers

the

pote

ntia

l no

tific

atio

n in

the

eve

nt o

f a

brea

ch in

clud

ing

the

affe

cted

par

ties,

lang

uage

, and

met

hods

of

notif

icat

ion.

1.b.

Rev

iew

ed t

he P

rivac

y In

cide

nt R

espo

nse

Che

cklis

t an

d no

ted

that

it in

clud

es a

def

initi

on o

f P

II da

ta e

lem

ents

and

the

rel

evan

t st

eps

of a

n in

cide

nt r

espo

nse

and

the

resp

onsi

ble

part

y:

—In

cide

nt d

escr

iptio

n

—In

cide

nt e

valu

atio

n

—In

tern

al s

take

hold

er n

otifi

catio

n

—E

xter

nal s

take

hold

er n

otifi

catio

n

—B

reac

h no

tific

atio

n as

sess

men

t

—M

itiga

tion/

Follo

wup

1.c.

Rev

iew

ed t

he P

rivac

y In

cide

nt R

espo

nse

proc

ess

flow

and

not

ed t

hat

it pr

ovid

es s

teps

fro

m t

he

initi

al id

entif

icat

ion

of a

pot

entia

l inc

iden

t th

roug

h th

e in

take

and

tra

ckin

g, a

sses

smen

t, e

xter

nal

notif

icat

ion,

rem

edia

tion,

and

clo

sure

pro

cess

and

iden

tifie

s th

e re

leva

nt d

epar

tmen

ts t

hrou

ghou

t th

e C

ompa

ny r

espo

nsib

le f

or e

ach

activ

ity.

1.d.

Rev

iew

ed t

he Id

entit

y Th

eft

Pre

vent

ion

proc

edur

e an

d no

ted

that

it a

ddre

sses

pot

entia

l red

fla

gs t

hat

may

indi

cate

a s

uspe

cted

dat

a in

cide

nt a

nd t

he a

ppro

pria

te s

teps

to

resp

ond.

1.e.

Obs

erve

d th

roug

h an

ove

rth

esh

ould

er o

f th

e S

CE

Sha

reP

oint

and

not

ed t

hat

it in

clud

es

info

rmat

ion

rela

ted

to t

he H

elpL

ine.

Em

ploy

ees

are

inst

ruct

ed t

o ca

ll th

e H

elpL

ine

if th

ey s

uspe

ct a

da

ta in

cide

nt.

1.f.

Rev

iew

ed e

vide

nce

of a

cyb

er t

able

top

exer

cise

per

form

ed in

Oct

ober

201

5 th

at in

volv

ed t

he

unau

thor

ized

acc

ess

of C

over

ed In

form

atio

n th

roug

h a

com

prom

ise

of e

mpl

oyee

cre

dent

ials

se

para

te p

hish

ing

and

key

logg

ing

activ

ities

. Doc

umen

ts r

evie

wed

incl

ude

the

scop

e of

the

bre

ach

and

actio

ns t

aken

by

the

Com

pany

to

addr

ess

the

inci

dent

.

1.g.

Rev

iew

ed s

cree

nsho

ts o

f th

e C

yber

secu

rity

depa

rtm

ent’

s in

cide

nt t

icke

t sy

stem

use

d to

tra

ck

deta

ils s

uppo

rtin

g th

e in

vest

igat

ion

of a

dat

a in

cide

nt.

– 70

–

© 2

016

KP

MG

LLP

, a D

elaw

are

limite

d lia

bilit

y pa

rtne

rshi

p an

d th

e U

.S. m

embe

r fir

m o

f th

e K

PM

G n

etw

ork

of in

depe

nden

t m

embe

r fir

ms

affil

iate

d w

ith K

PM

G In

tern

atio

nal C

oope

rativ

e (“

KP

MG

Inte

rnat

iona

l”),

a S

wis

s en

tity.

All

right

s re

serv

ed. N

DP

PS

576

245

The

KP

MG

nam

e an

d lo

go a

re r

egis

tere

d tr

adem

arks

or

trad

emar

ks o

f K

PM

G In

tern

atio

nal.

1.h.

Met

with

Priv

acy

Com

plia

nce

Pro

gram

Lea

der,

and

was

info

rmed

tha

t S

CE

wor

ked

with

an

exte

rnal

ser

vice

pro

vide

r to

dev

elop

inci

dent

res

pons

e ch

eckl

ists

dur

ing

the

cove

red

perio

d th

at

iden

tify

role

s an

d re

spon

sibi

litie

s in

res

pond

ing

to a

sus

pect

ed d

ata

inci

dent

.

1.i.

Met

with

Sr.

Att

orne

y, L

aw D

epar

tmen

t, a

nd w

as in

form

ed t

hat

the

Law

Dep

artm

ent

will

hel

p in

th

e in

cide

nt r

espo

nse

proc

ess

to d

eter

min

e w

heth

er b

reac

h no

tific

atio

n is

req

uire

d an

d w

heth

er t

he

resp

onse

sho

uld

be h

andl

ed u

nder

AC

priv

ilege

.

1.j.

Met

with

Pro

gram

Man

ager

, Cyb

erse

curit

y In

cide

nt R

espo

nse,

and

was

info

rmed

tha

t th

e C

ompa

ny u

ses

a va

riety

of

tool

s to

det

ect

thre

ats

and

pote

ntia

l inc

iden

ts w

ithin

the

env

ironm

ent

incl

udin

g D

LP a

nd a

SIE

M. I

n th

e ev

ent

of a

sus

pect

ed b

reac

h, t

he C

yber

secu

rity

Inci

dent

Res

pons

e Te

am w

ill p

rovi

de E

thic

s an

d C

ompl

ianc

e an

d th

e La

w D

epar

tmen

t w

ith in

form

atio

n to

hel

p de

term

ine

sour

ces

of e

xfilt

ratio

n an

d vo

lum

e of

rec

ords

or

tota

l am

ount

of

data

.

2. D

eter

min

e w

heth

er t

he

Com

pany

’s m

anag

emen

t ha

s ad

equa

tely

rev

iew

ed t

he in

cide

nt

revi

ew p

roce

ss in

pla

ce.

2.a.

Rev

iew

ed t

he P

rivac

y In

cide

nt R

espo

nse

proc

edur

e (2

016)

and

not

ed t

hat

the

Com

pany

in

trod

uced

a n

ew p

olic

y in

Jan

uary

201

6 th

at s

uper

sede

s th

e ex

istin

g po

licy

that

was

in e

ffec

t th

roug

hout

the

cov

ered

per

iod.

The

pub

lishi

ng o

ffic

e w

as E

thic

s an

d C

ompl

ianc

e.

2.b.

Rev

iew

ed C

PU

C S

mar

t G

rid D

ata

Priv

acy

Dec

isio

n R

equi

rem

ents

Tra

ckin

g sh

eet

and

note

d th

at

the

Lead

er, P

rivac

y C

ompl

ianc

e P

rogr

am is

res

pons

ible

for

impl

emen

ting

cont

rols

ass

ocia

ted

with

da

ta in

cide

nts

invo

lvin

g cu

stom

er C

over

ed In

form

atio

n an

d ta

king

app

ropr

iate

ste

ps in

the

eve

nt o

f a

data

bre

ach.

The

con

trol

wen

t in

to e

ffec

t st

artin

g 7/

29/2

011.

3. D

eter

min

e w

heth

er t

he

Com

pany

can

per

form

for

ensi

c an

alys

is in

the

inst

ance

of

a C

usto

mer

PII

brea

ch.

3. S

CE

has

a r

etai

ner

with

an

outs

ide

com

pany

to

prov

ide

fore

nsic

ana

lysi

s se

rvic

es a

s ne

eded

.

4. In

spec

t sa

mpl

e ev

iden

ce o

f br

each

inci

dent

s fo

r th

e la

st 1

2 m

onth

s.

4.a.

Rev

iew

ed li

st o

f 20

15 P

rivac

y In

cide

nts

and

note

d th

e in

cide

nt d

escr

iptio

n, in

volv

ed p

artie

s, a

nd

ultim

ate

reso

lutio

n.

4.b.

Rev

iew

ed t

he 2

015

Priv

acy

Com

plia

nce

Pos

ture

rep

ort

and

note

d th

at t

he C

ompa

ny t

rack

s in

cide

nts

and

thos

e re

quiri

ng b

reac

h no

tific

atio

n.

4.c.

Rev

iew

ed c

orre

spon

denc

e pr

ovid

ed t

o cu

stom

ers

in S

epte

mbe

r 20

15 in

form

ing

them

of

an

inci

dent

invo

lvin

g po

tent

ial u

naut

horiz

ed d

ata

disc

losu

re a

nd t

he s

teps

tak

en t

o pr

otec

t th

eir

acco

unt

info

rmat

ion.

The

inte

rnal

inve

stig

atio

n de

term

ined

tha

t di

sclo

sed

info

rmat

ion

did

not

rise

to t

he le

vel

of a

bre

ach

requ

iring

not

ifica

tion

unde

r C

alifo

rnia

law

but

did

rep

rese

nt a

bre

ach

unde

r th

e C

PU

C

Priv

acy

Dec

isio

n. T

he in

cide

nt w

as in

clud

ed in

the

Com

pany

’s 2

015

Ann

ual P

rivac

y R

epor

t.

– 71

–

© 2

016

KP

MG

LLP

, a D

elaw

are

limite

d lia

bilit

y pa

rtne

rshi

p an

d th

e U

.S. m

embe

r fir

m o

f th

e K

PM

G n

etw

ork

of in

depe

nden

t m

embe

r fir

ms

affil

iate

d w

ith K

PM

G In

tern

atio

nal C

oope

rativ

e (“

KP

MG

Inte

rnat

iona

l”),

a S

wis

s en

tity.

All

right

s re

serv

ed. N

DP

PS

576

245

The

KP

MG

nam

e an

d lo

go a

re r

egis

tere

d tr

adem

arks

or

trad

emar

ks o

f K

PM

G In

tern

atio

nal.

CP

UC

R

ule

8

Ru

le d

escr

ipti

on

A

nn

ual

Rep

ort

of

Bre

ach

es:

In a

dditi

on, e

lect

rical

cor

pora

tions

sha

ll fil

e an

ann

ual r

epor

t w

ith t

he C

omm

issi

on’s

Exe

cutiv

e D

irect

or, c

omm

enci

ng w

ith

the

cale

ndar

yea

r 20

12, t

hat

is d

ue w

ithin

120

day

s of

the

end

of

the

cale

ndar

yea

r an

d no

tifie

s th

e C

omm

issi

on o

f al

l se

curit

y br

each

es w

ithin

the

cal

enda

r ye

ar a

ffec

ting

cove

red

info

rmat

ion,

whe

ther

by

the

cove

red

elec

tric

al c

orpo

ratio

n or

by

a Th

ird P

arty

.

c Ass

essm

ent

pro

ced

ure

s A

sses

smen

t re

sult

s E

xcep

tio

ns

1. D

eter

min

e w

heth

er S

CE

tra

cks

the

repo

rtin

g re

quire

men

t an

d as

sign

s co

mpl

ianc

e to

the

ap

prop

riate

dep

artm

ent.

1.a.

Met

with

Priv

acy

Com

plia

nce

Pro

gram

Lea

der,

and

Sr.

Att

orne

y, L

aw D

epar

tmen

t, a

nd w

as

info

rmed

tha

t as

par

t of

the

Priv

acy

Com

plia

nce

Pro

gram

, the

Priv

acy

Com

plia

nce

and

the

Law

D

epar

tmen

t te

ams

are

invo

lved

in m

onito

ring

com

plia

nce

requ

irem

ents

fro

m t

he C

PU

C t

hrou

gh

dire

ct c

onta

ct f

rom

the

CP

UC

, ind

ustr

y tr

ade

grou

ps, a

nd in

tera

ctio

n w

ith o

ther

util

ities

. Com

plia

nce

and

repo

rtin

g re

quire

men

ts a

re in

putt

ed b

y th

e Le

ader

of

Priv

acy

Com

plia

nce

Pro

gram

and

ver

ified

by

the

Law

Dep

artm

ent

via

the

EC

MS

sys

tem

, whi

ch a

ssig

ns a

uni

que

proc

ess

owne

r an

d id

entif

ies

rele

vant

con

trol

s in

ord

er t

o en

sure

com

plia

nce.

1.b.

Rev

iew

ed In

tern

al U

sage

Bre

ach

Det

ails

for

201

5 an

d no

ted

that

SC

E t

rack

s th

e de

tails

of

each

in

cide

nt in

clud

ing

date

s, a

sum

mar

y de

scrip

tion,

and

whe

ther

it is

a r

epor

tabl

e pr

ivac

y in

cide

nt in

ac

cord

ance

with

bot

h th

e C

A B

reac

h La

ws

and

CP

UC

Sm

art

Grid

dec

isio

n. N

oted

tha

t th

ere

was

on

e pr

ivac

y br

each

in 2

015

affe

ctin

g el

even

SC

E c

usto

mer

acc

ount

s on

Aug

ust

28, 2

015.

2. D

eter

min

e w

heth

er S

CE

file

d its

Ann

ual R

epor

t to

the

CP

UC

as

requ

ired

by t

he P

rivac

y D

ecis

ion.

1) R

evie

wed

the

Com

pany

’s 2

015

Ann

ual P

rivac

y R

epor

t an

d no

ted

that

it w

as s

ubm

itted

to

the

CP

UC

on

Apr

il 28

, 201

6 by

SC

E’s

Dep

uty

Eth

ics

and

Com

plia

nce

Off

icer

. The

rep

ort

iden

tifie

d:

—N

o re

port

ed p

rivac

y br

each

es a

ffec

ting

1,00

0 or

mor

e cu

stom

ers.

—O

ne r

epor

t of

bre

ach

with

in t

he 2

015

cale

ndar

yea

r af

fect

ing

Cov

ered

Info

rmat

ion

on 1

1 C

usto

mer

Acc

ount

s.

– 72

–

© 2

016

KP

MG

LLP

, a D

elaw

are

limite

d lia

bilit

y pa

rtne

rshi

p an

d th

e U

.S. m

embe

r fir

m o

f th

e K

PM

G n

etw

ork

of in

depe

nden

t m

embe

r fir

ms

affil

iate

d w

ith K

PM

G In

tern

atio

nal C

oope

rativ

e (“

KP

MG

Inte

rnat

iona

l”),

a S

wis

s en

tity.

All

right

s re

serv

ed. N

DP

PS

576

245

The

KP

MG

nam

e an

d lo

go a

re r

egis

tere

d tr

adem

arks

or

trad

emar

ks o

f K

PM

G In

tern

atio

nal.

CP

UC

RU

LE 9

Acc

ou

nta

bili

ty a

nd

au

dit

ing

Ove

rall

Co

ncl

usi

on

O

ne

exce

pti

on

no

ted

:

(c) T

rain

ing.

Cov

ered

ent

ities

sha

ll pr

ovid

e re

ason

able

tra

inin

g to

all

empl

oyee

s an

d co

ntra

ctor

s w

ho u

se, s

tore

or

proc

ess

cove

red

info

rmat

ion.

Inte

rnal

Dat

a P

riva

cy T

rain

ing

:

SC

E d

oes

not

prov

ide

CE

UD

rela

ted

trai

ning

nor

rec

eive

aff

irmat

ions

fro

m c

ontr

acto

rs a

nd t

hird

par

ties

rega

rdin

g th

e pe

rfor

man

ce o

f re

quire

d P

rivac

y Tr

aini

ng.

CP

UC

R

ule

9

Ru

le d

escr

ipti

on

A

vaila

bili

ty:

Cov

ered

ent

ities

sha

ll be

acc

ount

able

for

com

plyi

ng w

ith t

he r

equi

rem

ents

her

ein,

and

mus

t m

ake

avai

labl

e to

the

C

omm

issi

on u

pon

requ

est

or a

udit:

(1) t

he p

rivac

y no

tices

tha

t th

ey p

rovi

de t

o cu

stom

ers,

(2) t

heir

inte

rnal

priv

acy

and

data

sec

urity

pol

icie

s,

(3) t

he c

ateg

orie

s of

age

nts,

con

trac

tors

and

oth

er t

hird

par

ties

to w

hich

the

y di

sclo

se c

over

ed in

form

atio

n fo

r a

prim

ary

purp

ose,

the

iden

titie

s of

age

nts,

con

trac

tors

and

oth

er t

hird

par

ties

to w

hich

the

y di

sclo

se c

over

ed in

form

atio

n fo

r a

seco

ndar

y pu

rpos

e, t

he p

urpo

ses

for

whi

ch a

ll su

ch in

form

atio

n is

dis

clos

ed, i

ndic

atin

g fo

r ea

ch c

ateg

ory

of d

iscl

osur

e w

heth

er it

is f

or a

prim

ary

purp

ose

or a

sec

onda

ry p

urpo

se. (

A c

over

ed e

ntity

sha

ll re

tain

and

mak

e av

aila

ble

to t

he

Com

mis

sion

upo

n re

ques

t in

form

atio

n co

ncer

ning

who

has

rec

eive

d co

vere

d in

form

atio

n fr

om t

he c

over

ed e

ntity

.), a

nd

(4) c

opie

s of

any

sec

onda

ryus

e au

thor

izat

ion

form

s by

whi

ch t

he c

over

ed p

arty

sec

ures

cus

tom

er a

utho

rizat

ion

for

seco

ndar

y us

es o

f co

vere

d da

ta.

a Ass

essm

ent

pro

ced

ure

s A

sses

smen

t re

sult

s E

xcep

tio

ns

1. D

eter

min

e w

heth

er S

CE

has

a

proc

ess

in p

lace

to

prov

ide

the

Com

mis

sion

with

the

ann

ual

Priv

acy

Rep

ort

or a

ny o

ther

re

ques

ted

docu

men

tatio

n:

1.a.

Rev

iew

ed t

he C

PU

C S

mar

t G

rid D

ata

Priv

acy

Dec

isio

n R

equi

rem

ents

Tra

ckin

g sh

eet

and

note

d th

at t

he P

rivac

y C

ompl

ianc

e P

rogr

am is

res

pons

ible

for

wor

king

with

the

app

ropr

iate

org

aniz

atio

nal

units

to

com

plet

e th

e A

nnua

l Priv

acy

Rep

ort

and

subm

it it

on t

ime

to t

he C

PU

C.

1.b.

Met

with

Priv

acy

Com

plia

nce

Pro

gram

Lea

der,

and

was

info

rmed

tha

t th

e A

nnua

l Priv

acy

Rep

ort

cove

ring

the

prio

r ye

ar is

dra

fted

in M

arch

and

fin

aliz

ed b

y th

e A

pril

30 s

ubm

issi

on d

eadl

ine.

1.c.

Obs

erve

d ev

iden

ce o

f th

e C

ompa

ny’s

fili

ng o

f th

e 20

15 A

nnua

l Priv

acy

Rep

ort

for

the

cove

red

perio

d.

– 73

–

© 2

016

KP

MG

LLP

, a D

elaw

are

limite

d lia

bilit

y pa

rtne

rshi

p an

d th

e U

.S. m

embe

r fir

m o

f th

e K

PM

G n

etw

ork

of in

depe

nden

t m

embe

r fir

ms

affil

iate

d w

ith K

PM

G In

tern

atio

nal C

oope

rativ

e (“

KP

MG

Inte

rnat

iona

l”),

a S

wis

s en

tity.

All

right

s re

serv

ed. N

DP

PS

576

245

The

KP

MG

nam

e an

d lo

go a

re r

egis

tere

d tr

adem

arks

or

trad

emar

ks o

f K

PM

G In

tern

atio

nal.

CP

UC

R

ule

9

Ru

le d

escr

ipti

on

C

ust

om

er C

om

pla

ints

:

Cov

ered

ent

ities

sha

ll pr

ovid

e cu

stom

ers

with

a p

roce

ss f

or r

easo

nabl

e ac

cess

to

cove

red

info

rmat

ion,

for

cor

rect

ion

of

inac

cura

te c

over

ed in

form

atio

n, a

nd f

or a

ddre

ssin

g cu

stom

er c

ompl

aint

s re

gard

ing

cove

red

info

rmat

ion

unde

r th

ese

rule

s.

b

Ass

essm

ent

pro

ced

ure

s A

sses

smen

t re

sult

s E

xcep

tio

ns

1. A

sses

s w

heth

er S

CE

pro

vide

s no

tice

to it

s cu

stom

ers

on h

ow

they

cus

tom

ers

can

cont

act

the

Com

pany

for

inqu

iries

, com

plai

nts

or d

ispu

tes

rela

ted

to t

heir

Per

sona

l Inf

orm

atio

n.

1. R

evie

wed

the

Not

ice

of A

cces

sing

, Col

lect

ing,

Sto

ring,

Usi

ng a

nd D

iscl

osin

g E

nerg

y U

sage

In

form

atio

n an

d no

ted

that

it in

clud

es a

tel

epho

ne n

umbe

r, w

eb m

ail U

RL,

and

pos

tal a

ddre

ss f

or

cust

omer

s to

con

tact

the

Com

pany

or

disp

ute

thei

r C

over

ed In

form

atio

n.

2. A

sses

s w

heth

er S

CE

has

a

docu

men

ted

proc

ess

to r

ecei

ve

cust

omer

dis

pute

s, c

ompl

aint

s,

and

inqu

iries

, add

ress

es a

nd

reso

lve

com

plai

nts,

and

co

mm

unic

ate

reso

lutio

n ba

ck t

o th

e cu

stom

er in

a t

imel

y an

d sa

tisfa

ctor

y m

anne

r.

2.a.

Rev

iew

ed t

he C

onsu

mer

Aff

airs

– C

ompl

aint

Res

olut

ion

- Con

fiden

tial T

reat

men

t of

Rec

ords

P

olic

y an

d no

ted

that

a p

olic

y is

in p

lace

gov

erni

ng t

he r

ecei

pt a

nd s

afeg

uard

ing

of in

form

atio

n re

late

d to

a c

usto

mer

com

plai

nt t

hrou

ghou

t th

e re

solu

tion

proc

ess.

2.b.

Met

with

Man

ager

, Con

sum

er A

ffai

rs, a

nd w

as in

form

ed t

hat

Con

sum

er A

ffai

rs r

ecei

ves

cust

omer

com

plai

nts

via

the

CP

UC

thr

ough

tw

o m

eans

: (1)

Cus

tom

ers

file

a fo

rmal

com

plai

nt w

ith

the

CP

UC

’s C

AB

Off

ice

whi

ch t

hen

sets

up

a co

nfer

ence

incl

udin

g th

e C

PU

CS

CE

Cus

tom

er t

o di

scus

s th

e cu

stom

er’s

com

plai

nt, a

nd (2

) Cus

tom

ers

file

info

rmal

com

plai

nts

usin

g th

e C

PU

C C

IM

syst

em w

here

a S

CE

Con

sum

er A

ffai

rs r

epre

sent

ativ

e pr

oces

ses

com

plai

nts

by lo

ggin

g in

to t

he

CIM

.

2.c.

Met

with

Man

ager

, Org

aniz

atio

nal P

erfo

rman

ce, a

nd w

as in

form

ed t

hat

durin

g th

e co

vere

d pe

riod,

ano

ther

med

ium

for

rec

eivi

ng c

ompl

aint

s w

as t

he L

ocal

Pub

lic A

ffai

rs (L

PA

) dep

artm

ent.

The

gr

oup

inte

rfac

es w

ith g

over

nmen

t an

d co

mm

unity

off

icia

ls w

ho m

ay b

ring

the

com

plai

nt t

o S

CE

on

beha

lf of

a c

usto

mer

. The

LP

A d

epar

tmen

t w

ould

per

form

inta

ke a

nd t

rans

fer

the

cust

omer

to

the

appr

opria

te in

tern

al d

epar

tmen

t w

ithin

Cus

tom

er S

ervi

ce t

o pr

oces

s an

d re

spon

d to

the

com

plai

nt.

2.d.

Met

with

Man

ager

, Ext

erna

l Rel

atio

ns

Reg

ulat

ory

Ope

ratio

ns, a

nd w

as in

form

ed t

hat

cust

omer

s ca

n al

so b

ring

com

plai

nts

to S

CE

thr

ough

the

CP

UC

. For

mal

Com

plai

nts

go d

irect

ly t

o th

e La

w D

epar

tmen

t fo

r re

spon

se. I

nfor

mal

Com

plai

nts

are

hand

led

thro

ugh

Con

sum

er A

ffai

rs, a

nd t

he

Com

pany

has

20

days

to

resp

ond.

The

rel

evan

t V

P w

ill s

ign

off

on a

n in

form

al c

ompl

aint

and

the

n th

e La

w D

epar

tmen

t w

ill o

ffic

ially

file

with

the

CP

UC

.

– 74

–

© 2

016

KP

MG

LLP

, a D

elaw

are

limite

d lia

bilit

y pa

rtne

rshi

p an

d th

e U

.S. m

embe

r fir

m o

f th

e K

PM

G n

etw

ork

of in

depe

nden

t m

embe

r fir

ms

affil

iate

d w

ith K

PM

G In

tern

atio

nal C

oope

rativ

e (“

KP

MG

Inte

rnat

iona

l”),

a S

wis

s en

tity.

All

right

s re

serv

ed. N

DP

PS

576

245

The

KP

MG

nam

e an

d lo

go a

re r

egis

tere

d tr

adem

arks

or

trad

emar

ks o

f K

PM

G In

tern

atio

nal.

3. A

sses

s w

heth

er S

CE

has

a

proc

ess

to e

scal

ate

disp

utes

, co

mpl

aint

s, a

nd in

quiri

es t

o he

lp

ensu

res

reso

lutio

n w

ithin

a t

imel

y m

anne

r.

3.a.

Rev

iew

ed t

he R

esid

entia

l Cus

tom

er C

all H

andl

ing

Pro

cess

for

the

Loc

al P

ublic

Aff

airs

de

part

men

t (L

PA

) and

not

ed t

hat

with

in L

PA

the

re is

a p

roce

ss is

in p

lace

to

esca

late

res

iden

tial

cust

omer

cal

ls t

o C

onsu

mer

Aff

airs

. A f

eedb

ack

proc

ess

is in

pla

ce w

here

Con

sum

er A

ffai

rs w

ill

repo

rt c

usto

mer

res

olut

ion

resu

lts t

o LP

A a

nd L

PA

will

info

rm L

ocal

gov

ernm

ent

offic

ials

who

no

tifie

d S

CE

of

the

com

plai

nt.

3.b.

Met

with

Man

ager

, Con

sum

er A

ffai

rs, a

nd w

as in

form

ed t

hat

Con

sum

er A

ffai

rs u

ses

a C

ompl

aint

s Tr

acki

ng S

yste

m f

or c

ompl

aint

inta

ke a

nd t

o tr

ack

com

plai

nt s

tatu

s in

clud

ing

(1)

Cus

tom

er N

ame

/ Num

ber,

(2) C

ompl

aint

Num

ber,

(3) C

ompl

aint

Sou

rce,

(4) C

ompl

aint

Cla

ss,

Cat

egor

y, a

nd P

riorit

y, a

nd (5

) Roo

t C

ause

.

4. In

spec

t ev

iden

ce t

hat

SC

E t

rack

s an

d re

solv

es c

usto

mer

com

plai

nts

cons

iste

nt w

ith S

CE

’s p

olic

ies.

4.a.

Rev

iew

ed a

sam

ple

cust

omer

com

plai

nt r

ecei

ved

thro

ugh

the

Edi

son

Hel

pLin

e re

late

d to

a s

olar

co

mpa

ny a

ctin

g on

beh

alf

of S

CE

and

pro

vidi

ng t

he C

ompa

ny w

ith t

he c

usto

mer

’s p

hone

num

ber.

Th

e co

mpl

aint

was

ass

igne

d to

a C

onsu

mer

Aff

airs

man

ager

who

res

pond

ed t

o th

e cu

stom

er w

ithin

fo

ur d

ays

and

clos

ed t

he c

ompl

aint

.

4.b.

Rev

iew

ed a

sam

ple

cust

omer

inqu

iry r

ecei

ved

in J

uly

30, 2

015

and

cont

inui

ng t

hrou

gh O

ctob

er

2015

. The

cus

tom

er a

nd S

CE

fai

led

to r

each

an

agre

emen

t, b

ut S

CE

act

ed in

com

plia

nce

with

its

tarif

fs.

4.c.

Rev

iew

ed f

our

sam

ple

Con

sum

er A

ffai

rs D

ashb

oard

s fr

om t

he c

over

ed p

erio

d an

d ob

serv

ed

that

sta

tistic

s re

late

d to

com

plai

nts

and

inqu

iries

(lik

e vo

lum

e, t

ype,

sou

rce,

tre

nds)

wer

e tr

acke

d an

d re

port

ed t

o m

anag

emen

t.

4.d.

Rev

iew

ed f

our

sam

ple

Con

sum

er A

ffai

rs D

aily

Rep

orts

tha

t id

entif

ies

pend

ing

com

plai

nts

with

th

e as

sign

ed r

esou

rce

and

the

resp

onse

sta

tus

of e

ach

com

plai

nt.

4.e.

Rev

iew

ed lo

g of

201

5 fo

rmal

cus

tom

er c

ompl

aint

s fil

ed w

ith t

he C

PU

C a

nd n

oted

tha

t th

e da

te,

com

plai

nant

, rea

son,

SC

E r

ep, a

nd d

ecis

ion

num

ber

wer

e tr

acke

d.

– 75

–

© 2

016

KP

MG

LLP

, a D

elaw

are

limite

d lia

bilit

y pa

rtne

rshi

p an

d th

e U

.S. m

embe

r fir

m o

f th

e K

PM

G n

etw

ork

of in

depe

nden

t m

embe

r fir

ms

affil

iate

d w

ith K

PM

G In

tern

atio

nal C

oope

rativ

e (“

KP

MG

Inte

rnat

iona

l”),

a S

wis

s en

tity.

All

right

s re

serv

ed. N

DP

PS

576

245

The

KP

MG

nam

e an

d lo

go a

re r

egis

tere

d tr

adem

arks

or

trad

emar

ks o

f K

PM

G In

tern

atio

nal.

CP

UC

R

ule

9

Ru

le d

escr

ipti

on

T

rain

ing

:

Cov

ered

ent

ities

sha

ll pr

ovid

e re

ason

able

tra

inin

g to

all

empl

oyee

s an

d co

ntra

ctor

s w

ho u

se, s

tore

or

proc

ess

cove

red

info

rmat

ion.

c A

sses

smen

t p

roce

du

res

Ass

essm

ent

resu

lts

Exc

eptio

ns

1. R

evie

w S

CE

’s d

ocum

ente

d pr

ivac

y aw

aren

ess

prog

ram

m

ater

ials

to

iden

tify

pers

onne

l w

ho h

andl

e an

d st

ore

acce

ss t

o C

EU

D.

1.a.

Rev

iew

ed S

CE

Org

aniz

atio

nal U

nits

with

Acc

ess

to C

EU

D d

ated

Jan

uary

19,

201

6 an

d va

lidat

ed

by O

U c

onta

cts,

and

not

ed t

hat

the

Aud

it S

ervi

ces,

Cus

tom

er S

ervi

ce, F

inan

cial

& O

pera

tions

S

ervi

ces,

Info

rmat

ion

Tech

nolo

gy, L

egal

, Pow

er S

uppl

y, R

egul

ator

y A

ffai

rs (L

oad

Res

earc

h), a

nd

Tran

smis

sion

& D

istr

ibut

ion

OU

s ha

ve a

cces

s to

Cov

ered

Info

rmat

ion.

1.b

Rev

iew

ed a

list

of

16 c

ontr

acto

rs w

ith a

cces

s to

Cov

ered

Info

rmat

ion

durin

g 20

15.

1.c.

Met

with

Priv

acy

Com

plia

nce

Pro

gram

Lea

der,

Rev

enue

Ser

vice

Ope

ratio

ns; M

anag

er,

Cus

tom

er C

onta

ct C

ente

r; M

anag

er, A

dvan

ced

Tech

nolo

gies

(Tra

nsm

issi

on &

Dis

trib

utio

n);

Man

ager

, Inf

orm

atio

n G

over

nanc

e, M

anag

er, L

ocal

Pub

lic A

ffai

rs, M

anag

er, L

oad

Res

earc

h,

Man

ager

; Pow

er a

nd S

uppl

y; M

anag

er, B

usin

ess

Cus

tom

er D

ivis

ion;

Man

ager

, Cre

dit

Ope

ratio

ns;

and

Man

ager

, Cus

tom

er C

hoic

e S

ervi

ces

and

note

d th

at e

mpl

oyee

acc

ess

to s

yste

ms

cont

aini

ng

Cov

ered

Info

rmat

ion

is a

utom

atic

ally

pro

vide

d or

rev

oked

via

SA

P w

hen

an e

mpl

oyee

join

s or

leav

es

a ne

w d

epar

tmen

t, a

s w

ell a

s m

anua

lly r

evie

wed

on

an a

nnua

l bas

is t

o va

lidat

e a

busi

ness

nee

d an

d re

voke

unn

eces

sary

acc

ess

to s

yste

ms.

1.d.

Met

with

Man

ager

, Acq

uisi

tion

Pla

nnin

g &

Pro

cure

men

t an

d M

anag

er, C

yber

secu

rity,

and

not

ed

that

dur

ing

the

supp

lier

onbo

ardi

ng p

roce

ss, t

he n

eed

for

a co

ntra

ctor

to

acce

ss P

erso

nal

Info

rmat

ion

is id

entif

ied

as a

par

amet

er f

or e

valu

atin

g th

e ris

k of

tha

t co

ntra

ct. O

U P

rocu

rem

ent

man

ager

s ha

ve t

he o

ptio

n to

con

tact

SC

E’s

Cyb

erse

curit

y de

part

men

t in

ord

er t

o pe

rfor

m a

cy

bers

ecur

ity r

isk

asse

ssm

ent

as a

par

t of

thi

s pr

oces

s.

SC

E d

oes

not

prov

ide

CE

UD

rela

ted

trai

ning

no

r re

ceiv

e af

firm

atio

ns f

rom

co

ntra

ctor

s an

d th

ird

part

ies

rega

rdin

g th

e pe

rfor

man

ce o

f re

quire

d P

rivac

y Tr

aini

ng.

Hig

hle

vel g

uida

nce

is

prov

ided

for

ven

dors

an

d co

ntra

ctor

s th

roug

h th

e S

uppl

ier

Cod

e of

Con

duct

.

2. U

nder

stan

d th

e aw

aren

ess

mat

eria

l and

com

mun

icat

ions

to

SC

E p

erso

nnel

to

dete

rmin

e ho

w

inte

rnal

priv

acy

polic

ies

are

com

mun

icat

ed t

o as

soci

ates

.

2.a.

Rev

iew

ed S

CE

’s t

rain

ings

, aw

aren

ess

prog

ram

s an

d co

mm

unic

atio

ns s

ent

to e

mpl

oyee

s w

ith

cust

omer

priv

acy

cont

ent

and

note

d th

at d

urin

g th

e co

vere

d pe

riod,

inte

rnal

priv

acy

polic

ies

wer

e co

mm

unic

ated

thr

ough

the

Em

ploy

ee P

rivac

y Tr

aini

ng, w

hich

is r

equi

red

from

all

SC

E e

mpl

oyee

s w

ho a

cces

s P

erso

nal I

nfor

mat

ion.

In a

dditi

on, t

here

wer

e m

ultip

le c

omm

unic

atio

n ef

fort

s to

SC

E’s

pe

rson

nel r

egar

ding

cus

tom

er p

rivac

y, in

clud

ing

the

follo

win

g:

2.a.

i In

tern

al C

omm

unic

atio

ns:

—P

orta

l Art

icle

s, a

n in

tern

al w

ebpa

ge w

hich

hos

ts p

erio

dic

artic

les

conc

erni

ng r

elev

ant

priv

acy

issu

es a

nd t

rain

ing.

In 2

015,

tw

o ar

ticle

s ap

pear

ed c

once

rnin

g “D

ata

Min

imiz

atio

n”

as w

ell a

s a

rem

inde

r fo

r “I

nfor

mat

ion

Sha

ring

Inte

rnal

ly”.

2.a.

ii E

vent

s an

d P

rogr

ams:

– 76

–

© 2

016

KP

MG

LLP

, a D

elaw

are

limite

d lia

bilit

y pa

rtne

rshi

p an

d th

e U

.S. m

embe

r fir

m o

f th

e K

PM

G n

etw

ork

of in

depe

nden

t m

embe

r fir

ms

affil

iate

d w

ith K

PM

G In

tern

atio

nal C

oope

rativ

e (“

KP

MG

Inte

rnat

iona

l”),

a S

wis

s en

tity.

All

right

s re

serv

ed. N

DP

PS

576

245

The

KP

MG

nam

e an

d lo

go a

re r

egis

tere

d tr

adem

arks

or

trad

emar

ks o

f K

PM

G In

tern

atio

nal.

—R

evie

wed

201

5 P

rivac

y C

omm

unic

atio

ns a

nd O

utre

ach

trac

king

log

whi

ch d

etai

led

over

40

indi

vidu

al p

rivac

y m

eetin

gs, p

rese

ntat

ions

, or

open

invi

te e

vent

s to

pro

vide

info

rmat

ion

and

awar

enes

s co

ncer

ning

priv

acy.

2.b.

Met

with

Vic

e P

resi

dent

, Eth

ics

and

Com

plia

nce,

and

dis

cuss

ed t

rain

ing

cont

ent,

req

uire

men

ts,

and

freq

uenc

y. N

oted

tha

t fo

r 20

15, t

he E

mpl

oyee

Priv

acy

Trai

ning

was

onl

y re

quire

d fo

r em

ploy

ees

who

acc

esse

d P

erso

nal I

nfor

mat

ion,

but

SC

E w

ill b

e m

akin

g th

is m

anda

tory

acr

oss

the

entir

e or

gani

zatio

n du

ring

the

next

tra

inin

g cy

cle.

Not

ed t

hat

data

priv

acy

and

prot

ectio

n w

as a

key

are

a of

fo

cus

in b

oth

2015

and

201

6, a

nd t

hrou

gh t

rain

ing,

roa

d sh

ows,

and

reg

ular

dai

ly in

tera

ctio

ns w

ith

empl

oyee

s, S

CE

man

ager

s ke

ep a

hig

h de

gree

of

focu

s on

dat

a pr

ivac

y.

2.c.

Rev

iew

ed S

CE

’s P

orta

l int

rane

t w

ebpa

ge a

nd n

oted

tha

t it

prov

ides

em

ploy

ees

with

mea

ns t

o ai

d in

mai

ntai

ning

info

rmat

ion

secu

red

and

cust

omer

dat

a pr

ivac

y th

roug

h a

varie

ty o

f lin

ks. T

he

web

site

incl

udes

the

fol

low

ing:

—P

rivac

y C

ompl

ianc

e W

ebpa

ge: C

onta

ins

both

inte

rnal

and

ext

erna

l lin

ks a

nd in

form

atio

n re

gard

ing

appl

icab

le p

olic

ies,

pro

cedu

res,

and

reg

ulat

ions

SC

E e

mpl

oyee

s ar

e su

bjec

t to

. in

tern

al li

nks

prov

ide

acce

ss t

o in

form

atio

n or

res

ourc

es t

o as

sist

SC

E e

mpl

oyee

s in

un

ders

tand

ing

wha

t co

nstit

utes

Per

sona

l Inf

orm

atio

n; t

ips

for

secu

ring

Per

sona

l In

form

atio

n; C

PU

C R

ule

25 (C

PU

C S

mar

t G

rid D

ata

Priv

acy

Rul

ing)

; and

rel

evan

t S

CE

po

licie

s co

ncer

ning

priv

acy,

whi

ch in

clud

e th

e fo

llow

ing

docu

men

ts:

Priv

acy

Pol

icy

Iden

tity

Thef

t P

rote

ctio

n P

olic

y

Priv

acy

Inci

dent

Res

pons

e P

olic

y

Pro

tect

ing

Per

sona

l Inf

orm

atio

n P

olic

y

Priv

acy

FAQ

s

—O

ur P

olic

ies

Land

ing

Pag

e: C

onta

ins

rele

vant

SC

E e

mpl

oyee

pol

icie

s, in

clud

ing

the

Em

ploy

ee C

ode

of C

ondu

ct a

nd C

ore

Pol

icy

Ref

eren

ce G

uide

. We

note

d th

at b

oth

Priv

acy

and

Phy

sica

l Sec

urity

and

Cyb

erse

curit

y ar

e de

fined

as

Cor

e P

olic

ies.

—N

oted

the

Edi

son

Hel

pLin

e lin

k av

aila

ble

thro

ugho

ut S

CE

’s in

tran

et a

nd d

ispl

ayed

pr

omin

ently

on

the

Por

tal l

andi

ng p

age.

Not

ed S

CE

em

ploy

ees

are

enco

urag

ed t

o “s

eek

advi

ce a

nd r

epor

t co

ncer

ns”

by c

onta

ctin

g 1

800

877

7069

and

may

cho

ose

to d

iscl

ose

or

not

disc

lose

the

ir id

entit

y.

—Tr

aini

ng &

Qua

lific

atio

ns la

ndin

g pa

ge, a

cces

sed

thro

ugh

the

men

u ba

r un

der

the

“Abo

ut

Me”

sec

tion,

whi

ch p

rovi

des

empl

oyee

s a

pers

onal

ized

“M

y Tr

aini

ng”

sum

mar

y of

co

mpl

eted

, out

stan

ding

, and

ava

ilabl

e tr

aini

ng a

vaila

ble

to e

mpl

oyee

s an

d di

rect

rep

orts

ba

sed

on t

heir

SA

Pde

sign

ated

job

func

tion.

– 77

–

© 2

016

KP

MG

LLP

, a D

elaw

are

limite

d lia

bilit

y pa

rtne

rshi

p an

d th

e U

.S. m

embe

r fir

m o

f th

e K

PM

G n

etw

ork

of in

depe

nden

t m

embe

r fir

ms

affil

iate

d w

ith K

PM

G In

tern

atio

nal C

oope

rativ

e (“

KP

MG

Inte

rnat

iona

l”),

a S

wis

s en

tity.

All

right

s re

serv

ed. N

DP

PS

576

245

The

KP

MG

nam

e an

d lo

go a

re r

egis

tere

d tr

adem

arks

or

trad

emar

ks o

f K

PM

G In

tern

atio

nal.

2.d.

Met

with

Priv

acy

Com

plia

nce

Pro

gram

Lea

der,

and

obs

erve

d a

wal

kth

roug

h of

SC

E’s

intr

anet

pa

ge f

or P

rivac

y, a

cces

sibl

e to

all

SC

E e

mpl

oyee

s, a

nd n

oted

doc

umen

tatio

n av

aila

ble

for

view

ing

incl

uded

Per

sona

l Inf

orm

atio

nre

late

d po

licie

s an

d pr

oced

ures

for

: (1)

Priv

acy

Pol

icy,

(2) I

dent

ity

Thef

t P

reve

ntio

n, (3

) Priv

acy

Inci

dent

Res

pons

e, (4

) Pro

tect

ing

Per

sona

l Inf

orm

atio

n, a

nd (5

) Priv

acy

FAQ

s. T

hese

doc

umen

ts w

ere

avai

labl

e to

be

acce

ssed

eith

er t

hrou

gh t

he In

tran

et P

olic

y se

ctio

n,

Priv

acy

Com

plia

nce

Pro

gram

hom

epag

e, o

r vi

a do

cum

ent

sear

ch, a

nd n

ote

spec

ific

proc

edur

es f

or

prot

ectin

g, d

iscl

osin

g, o

r us

ing

Cov

ered

Info

rmat

ion.

3. U

nder

stan

d S

CE

’s s

peci

fic

trai

ning

mat

eria

ls t

o as

sess

w

heth

er t

hey

adeq

uate

ly

com

mun

icat

e/tr

ain

empl

oyee

s on

ho

w t

o ha

ndle

Cov

ered

In

form

atio

n.

3.a.

Rev

iew

ed a

nd v

iew

ed t

he C

ompa

ny’s

Em

ploy

ee P

rivac

y Tr

aini

ng a

nd n

oted

tha

t it

is a

n en

terp

rise

wid

e tr

aini

ng w

hich

is m

anda

tory

for

all

SC

E m

anag

emen

t an

d em

ploy

ees

with

acc

ess

to

Cov

ered

Info

rmat

ion.

Thi

s tr

aini

ng is

trig

gere

d au

tom

atic

ally

by

SC

E’s

com

plia

nce

syst

em f

or t

hese

em

ploy

ees.

SC

E in

clud

es C

EU

D in

its

defin

ition

of

Edi

son

Per

sona

l Inf

orm

atio

n (E

PI).

Man

ager

s ar

e no

tifie

d if

thei

r di

rect

rep

orts

had

not

com

plet

ed t

he t

rain

ing

wee

ks p

rior

to d

ue d

ate.

The

tra

inin

g in

clud

es t

arge

ted

guid

ance

cov

erin

g to

pics

suc

h as

:

—Th

e ty

pes

of d

ata

that

con

stitu

te E

PI;

—H

ow E

PI s

houl

d be

han

dled

, sto

red,

and

des

troy

ed;

—P

oten

tial c

onse

quen

ces

for

faili

ng t

o ke

ep E

PI s

ecur

e;

—R

efer

ence

s to

SC

E P

olic

ies

and

Res

ourc

es t

hat

gove

rn P

rivac

y an

d C

ompl

ianc

e in

reg

ards

to

EP

I.

—S

peci

fic r

efer

ence

to

CE

UD

, inc

ludi

ng w

hat

type

s of

dat

a co

nstit

ute

CE

UD

, and

wha

t S

CE

’s

oblig

atio

ns a

re p

er C

PU

C R

egul

atio

ns.

3.b.

Met

with

Priv

acy

Com

plia

nce

Pro

gram

Lea

der,

and

Vic

e P

resi

dent

, Eth

ics

and

Com

plia

nce,

and

no

ted

that

in a

dditi

on t

o C

ompa

nyw

ide

and

targ

eted

priv

acy

trai

ning

s, t

he d

epar

tmen

t al

so c

ondu

cts

priv

acy

awar

enes

s ro

ad s

how

s ac

ross

all

SC

E s

ervi

ce t

errit

orie

s. T

hese

tra

inin

gs a

re t

ailo

red

tow

ards

th

e sp

ecifi

c fu

nctio

ns a

nd a

re in

tend

ed t

o ed

ucat

e th

ese

empl

oyee

s on

mai

ntai

ning

priv

acy

of

Per

sona

l Inf

orm

atio

n.

3.c.

Rev

iew

ed P

rivac

y Tr

aini

ng R

oads

how

tra

inin

g pr

esen

tatio

ns p

rese

nted

at

sate

llite

SC

E o

ffic

es

thro

ugho

ut S

CE

’s s

ervi

ce t

errit

ory

by L

eade

r, P

rivac

y C

ompl

ianc

e P

rogr

am, a

nd V

ice

Pre

side

nt,

Eth

ics

and

Com

plia

nce,

and

not

ed t

arge

ted

trai

ning

and

rem

inde

rs t

o S

CE

em

ploy

ees

rega

rdin

g th

e ac

cess

, use

, pro

cess

ing,

and

dis

posa

l of

Per

sona

l Inf

orm

atio

n, a

s w

ell a

s re

fere

nces

to

rele

vant

SC

E

guid

elin

es, p

olic

ies,

and

pro

cedu

res.

Not

ed t

hat

this

tra

inin

g w

as m

ade

in a

var

iety

of

met

hods

, in

clud

ing

smal

l mee

tings

, lar

ge p

rese

ntat

ions

, and

aw

aren

ess

boot

h pr

esen

tatio

ns.

3.d.

Met

with

Man

ager

, Cus

tom

er C

onta

ct C

ente

r, a

nd r

evie

wed

Cus

tom

er C

onta

ct C

ente

r N

ew

Hire

Tra

inin

g an

d no

ted

that

Cus

tom

er S

ervi

ce R

epre

sent

ativ

es (C

SR

) are

not

allo

wed

to

begi

n pe

rfor

min

g th

eir

job

func

tions

unt

il th

ey h

ave

com

plet

ed t

heir

job

trai

ning

as

wel

l as

pass

ed

back

grou

nd s

cree

ning

. Not

ed C

SR

s ar

e re

quire

d to

tak

e E

mpl

oyee

Priv

acy

Trai

ning

in a

dditi

on t

o C

CC

tra

inin

g. C

CC

Tra

inin

g fo

cuse

s on

aut

hent

icat

ing

cust

omer

s an

d pr

epar

ing

CS

Rs

to a

void

– 78

–

© 2

016

KP

MG

LLP

, a D

elaw

are

limite

d lia

bilit

y pa

rtne

rshi

p an

d th

e U

.S. m

embe

r fir

m o

f th

e K

PM

G n

etw

ork

of in

depe

nden

t m

embe

r fir

ms

affil

iate

d w

ith K

PM

G In

tern

atio

nal C

oope

rativ

e (“

KP

MG

Inte

rnat

iona

l”),

a S

wis

s en

tity.

All

right

s re

serv

ed. N

DP

PS

576

245

The

KP

MG

nam

e an

d lo

go a

re r

egis

tere

d tr

adem

arks

or

trad

emar

ks o

f K

PM

G In

tern

atio

nal.

disc

losi

ng P

II as

soci

ated

with

the

acc

ount

unl

ess

talk

ing

to t

he a

ccou

nt h

olde

r or

aut

horiz

ed

repr

esen

tativ

e.

4. In

spec

t ev

iden

ce t

hat

empl

oyee

s an

d co

ntra

ctor

s ha

ve

com

plet

ed p

rivac

y an

d se

curit

y tr

aini

ng r

equi

rem

ents

(e.g

. tr

aini

ng lo

gs, c

ertif

icat

ions

of

com

plia

nce,

etc

.).

4. M

et w

ith P

rivac

y C

ompl

ianc

e P

rogr

am L

eade

r, a

nd n

oted

tha

t al

l con

trac

tors

who

will

hav

e ac

cess

to

Cov

ered

Info

rmat

ion

are

dele

gate

d in

divi

dual

tra

inin

g re

spon

sibi

litie

s th

roug

h th

e E

diso

n P

erso

nal

Info

rmat

ion

Exh

ibit

whi

ch is

att

ache

d to

eac

h M

SA

whe

n pe

rfor

min

g w

ork.

The

re a

re n

o ad

ditio

nal

proc

esse

s id

entif

ied

for

verif

ying

Thi

rd P

arty

tra

inin

g fo

r pe

rson

nel w

ith a

cces

s to

Cov

ered

In

form

atio

n.

5. U

nder

stan

d th

e pr

ivac

y tr

aini

ng

requ

ired

of t

hird

par

ties

acce

ssin

g C

over

ed In

form

atio

n in

ord

er t

o de

term

ine

whe

ther

the

y ar

e ad

equa

tely

equ

ippe

d to

han

dle

Cov

ered

Info

rmat

ion.

5.a.

Rev

iew

ed t

he E

diso

n P

erso

nal I

nfor

mat

ion

Exh

ibit

3, w

hich

is a

ttac

hed

to c

ontr

acto

r’s

MS

A

whe

n pe

rfor

min

g w

ork

that

req

uire

s P

erso

nal I

nfor

mat

ion.

Not

ed t

hat

the

exhi

bit

requ

ires

"Sec

urity

E

duca

tion"

by

vend

or s

taff

to

be c

ompl

eted

ann

ually

for

pro

tect

ing

Cov

ered

Info

rmat

ion.

5.b.

Rev

iew

ed S

CE

Sup

plie

r C

ode

of C

ondu

ct p

ublic

ly a

vaila

ble

at s

ce.c

om a

nd n

oted

tha

t it

requ

ires

supp

liers

to

safe

guar

d an

d pr

otec

t in

form

atio

n co

vere

d by

priv

acy

law

s an

d/or

res

tric

ted

by E

diso

n’s

polic

ies

and

proc

edur

es. T

he p

olic

y no

tes

seve

ral w

ays

to r

epor

t pr

ivac

y co

ncer

ns v

ia t

he E

diso

n H

elpL

ine

or v

ia r

egul

ar b

usin

ess

chan

nels

thr

ough

em

ploy

ee m

anag

ers.

5.c.

Met

with

Vic

e P

resi

dent

, Eth

ics

and

Com

plia

nce,

and

not

ed t

hat

SC

E d

oes

not

deliv

er p

rivac

yre

late

d tr

aini

ngs

to t

hird

par

ties,

sug

gest

any

priv

acy

rela

ted

trai

ning

s, o

r va

lidat

e w

heth

er T

hird

Par

ty

priv

acy

trai

ning

s to

ok p

lace

. SC

E r

elie

s on

the

con

trac

tual

rel

atio

nshi

p w

ith t

he t

hird

par

ties

to

ensu

re t

hat

Third

Par

ty e

mpl

oyee

s ar

e pr

oper

ty t

rain

ed a

nd e

duca

ted

on h

ow t

o ha

ndle

Cov

ered

In

form

atio

n.

5.d.

Met

with

Priv

acy

Com

plia

nce

Pro

gram

Lea

der,

who

not

ed t

hat

othe

r th

an t

he p

rovi

sion

s pr

esen

t in

the

Edi

son

Per

sona

l Inf

orm

atio

n E

xhib

it 3,

the

re a

re n

o ot

her

cont

rols

or

chec

ks t

o ve

rify

Third

P

arty

tra

inin

g co

mpl

ianc

e.

5.e.

Met

with

Vic

e P

resi

dent

, Eth

ics

and

Com

plia

nce,

and

not

ed t

hat

Third

Par

ty c

ompl

ianc

e is

one

of

the

mai

n ar

eas

of f

ocus

for

SC

E in

bot

h 20

15 a

nd 2

016.

Spe

cific

ally

, SC

E h

as f

ocus

ed o

n fr

ont

end

risk

asse

ssm

ents

, con

trac

t co

mpl

ianc

e, a

nd d

ata

min

imiz

atio

n w

ith c

ontr

acto

rs. F

urth

er, S

CE

is

wor

king

to

deve

lop

and

refin

e a

tiere

dsu

pplie

r sy

stem

to

enco

mpa

ss t

he r

isk

prof

ile o

f co

ntra

ctor

s ba

sed

upon

whe

ther

the

y re

ceiv

e P

erso

nal I

nfor

mat

ion.

5.f.

Insp

ecte

d a

sam

ple

of T

hird

Par

ty c

ontr

acts

and

not

ed t

hat

thes

e do

cum

ents

con

tain

tra

inin

g pr

ovis

ions

as

note

d in

the

MS

A C

ontr

act

Tem

plat

e, w

hich

sta

tes

“Exc

ept

as o

ther

wis

e ex

pres

sly

prov

ided

in t

he A

gree

men

t, C

ontr

acto

r sh

all b

e re

spon

sibl

e fo

r pr

ovid

ing

the

faci

litie

s, p

erso

nnel

, m

ater

ial,

soft

war

e, e

quip

men

t, t

echn

ical

kno

wle

dge,

tra

inin

g, e

xper

tise,

and

all

othe

r re

sour

ces

nece

ssar

y fo

r th

e pr

oper

per

form

ance

and

pro

visi

on o

f th

e S

ervi

ces

and

Del

iver

able

s.”

5.g.

Rev

iew

ed M

SA

Con

trac

t Te

mpl

ate

Exh

ibit

3 an

d no

ted

SC

E in

clud

es s

peci

fic la

ngua

ge r

equi

ring

Con

trac

tors

to

prov

ide

spec

ific

Sec

urity

Edu

catio

n on

the

em

ploy

ee’s

con

fiden

tialit

y an

d no

ndi

sclo

sure

obl

igat

ions

in r

egar

ds t

o th

e us

e an

d op

erat

ion

of S

CE

’s c

ompu

ting

syst

ems

and

Cov

ered

– 79

–

© 2

016

KP

MG

LLP

, a D

elaw

are

limite

d lia

bilit

y pa

rtne

rshi

p an

d th

e U

.S. m

embe

r fir

m o

f th

e K

PM

G n

etw

ork

of in

depe

nden

t m

embe

r fir

ms

affil

iate

d w

ith K

PM

G In

tern

atio

nal C

oope

rativ

e (“

KP

MG

Inte

rnat

iona

l”),

a S

wis

s en

tity.

All

right

s re

serv

ed. N

DP

PS

576

245

The

KP

MG

nam

e an

d lo

go a

re r

egis

tere

d tr

adem

arks

or

trad

emar

ks o

f K

PM

G In

tern

atio

nal.

Info

rmat

ion.

Thi

s tr

aini

ng m

ust

be c

ompl

eted

bef

ore

a ne

w e

mpl

oyee

of

the

Con

trac

tor

or a

ny

Sub

cont

ract

or b

egin

s to

use

Cov

ered

Info

rmat

ion

and

mus

t be

ren

ewed

ann

ually

the

reaf

ter

and

whe

neve

r an

y A

pplic

able

Law

s or

rel

evan

t E

diso

n po

licie

s m

ater

ially

cha

nge.

CP

UC

R

ule

9

Ru

le d

escr

ipti

on

R

epo

rtin

g R

equ

irem

ents

:

On

an a

nnua

l bas

is, e

ach

elec

tric

al/g

as c

orpo

ratio

n sh

all d

iscl

ose

to t

he C

omm

issi

on a

s pa

rt o

f an

ann

ual r

epor

t re

quire

d by

R

ule

8.b,

the

fol

low

ing

info

rmat

ion:

(1) t

he n

umbe

r of

aut

horiz

ed t

hird

par

ties

acce

ssin

g co

vere

d in

form

atio

n,

(2) t

he n

umbe

r of

non

com

plia

nces

with

thi

s ru

le o

r w

ith c

ontr

actu

al p

rovi

sion

s re

quire

d by

thi

s ru

le e

xper

ienc

ed b

y th

e U

tility

, and

the

num

ber

of c

usto

mer

s af

fect

ed b

y ea

ch n

onco

mpl

ianc

e an

d a

deta

iled

desc

riptio

n of

eac

h no

nco

mpl

ianc

e.

e Ass

essm

ent

pro

ced

ure

s A

sses

smen

t re

sult

s E

xcep

tio

ns

1. D

eter

min

e w

heth

er it

tra

cks

the

repo

rtin

g re

quire

men

t an

d as

sign

s co

mpl

ianc

e to

the

ap

prop

riate

dep

artm

ent(

s).

1. S

ee C

PU

C R

ule

8 c

Ass

essm

ent

Test

Res

ults

for

det

ails

2. D

eter

min

e w

heth

er t

he

Com

pany

file

d its

Ann

ual R

epor

t to

the

CP

UC

as

requ

ired

by t

he

Priv

acy

Dec

isio

n.

1.a.

Rev

iew

ed t

he C

ompa

ny’s

201

5 A

nnua

l Priv

acy

Rep

ort

and

note

d th

at it

was

sub

mitt

ed t

o th

e C

PU

C o

n A

pril

28, 2

016

by t

he D

irect

or, C

ompl

ianc

e, P

olic

ies

& In

form

atio

n G

over

nanc

e. T

he r

epor

t in

dica

ted:

—14

7 C

usto

mer

Aut

horiz

ed t

hird

par

ties

acce

ssin

g C

over

ed In

form

atio

n

—16

Ven

dors

und

er c

ontr

act

by S

CE

acc

essi

ng C

over

ed In

form

atio

n

—1

Ene

rgy

Dat

a C

ente

r

—Ze

ro (0

) ins

tanc

es o

f no

nco

mpl

ianc

e w

ith t

he P

rivac

y R

ules

or

with

con

trac

tual

pro

visi

ons

requ

ired

by t

he P

rivac

y R

ules

whi

ch b

ecom

e kn

own

to S

CE

thr

ough

its

daily

ope

ratio

ns a

nd

zero

(0) c

usto

mer

s w

ere

affe

cted

.

– 80

–

© 2

016

KP

MG

LLP

, a D

elaw

are

limite

d lia

bilit

y pa

rtne

rshi

p an

d th

e U

.S. m

embe

r fir

m o

f th

e K

PM

G n

etw

ork

of in

depe

nden

t m

embe

r fir

ms

affil

iate

d w

ith K

PM

G In

tern

atio

nal C

oope

rativ

e (“

KP

MG

Inte

rnat

iona

l”),

a S

wis

s en

tity.

All

right

s re

serv

ed. N

DP

PS

576

245

The

KP

MG

nam

e an

d lo

go a

re r

egis

tere

d tr

adem

arks

or

trad

emar

ks o

f K

PM

G In

tern

atio

nal.

Appe

ndix

1 Abb

revia

tions

use

d in

this

repo

rt

Ab

bre

viat

ion

Fu

ll n

ame

AIC

PA

A

mer

ican

Inst

itute

of

Cer

tifie

d P

ublic

Acc

ount

ants

AM

I A

dvan

ced

Met

erin

g In

fras

truc

ture

CA

B

Con

sum

er A

ffai

rs B

urea

u

CC

A

Com

mun

ity C

hoic

e A

ggre

gato

r

CC

C

Cus

tom

er C

onta

ct C

ente

r

CE

UD

C

usto

mer

Inte

rval

Ene

rgy

Usa

ge D

ata

CIS

R

Cus

tom

er In

form

atio

n S

tand

ardi

zed

Req

uest

CP

UC

C

alifo

rnia

Pub

lic U

tiliti

es C

omm

issi

on

CS

R

Cus

tom

er S

ervi

ce R

epre

sent

ativ

e

CS

S

Cus

tom

er S

ervi

ce S

yste

m

DLP

D

ata

Loss

Pre

vent

ion

EC

MS

E

nter

pris

e C

ompl

ianc

e M

anag

emen

t S

yste

m

ED

I E

lect

roni

c D

ata

Inte

rcha

nge

EP

I E

diso

n P

erso

nal I

nfor

mat

ion

EP

RI

Ele

ctric

Pow

er R

esea

rch

Inst

itute

ES

P

Ele

ctric

Ser

vice

Pro

vide

r

– 81

–

© 2

016

KP

MG

LLP

, a D

elaw

are

limite

d lia

bilit

y pa

rtne

rshi

p an

d th

e U

.S. m

embe

r fir

m o

f th

e K

PM

G n

etw

ork

of in

depe

nden

t m

embe

r fir

ms

affil

iate

d w

ith K

PM

G In

tern

atio

nal C

oope

rativ

e (“

KP

MG

Inte

rnat

iona

l”),

a S

wis

s en

tity.

All

right

s re

serv

ed. N

DP

PS

576

245

The

KP

MG

nam

e an

d lo

go a

re r

egis

tere

d tr

adem

arks

or

trad

emar

ks o

f K

PM

G In

tern

atio

nal.

Ab

bre

viat

ion

Fu

ll n

ame

FIP

P

Fair

Info

rmat

ion

Pra

ctic

e P

rinci

ples

GA

PP

G

ener

ally

Acc

epte

d P

rivac

y P

rinci

ples

IA

Inte

rnal

Aud

it

IG

Info

rmat

ion

Gov

erna

nce

IT

Info

rmat

ion

Tech

nolo

gy

LPA

Lo

cal P

ublic

Aff

airs

MS

A

Mas

ter

Ser

vice

s A

gree

men

t

OU

O

rgan

izat

iona

l Uni

t

PI

Per

sona

l Inf

orm

atio

n

PII

Per

sona

lly Id

entif

iabl

e In

form

atio

n

PP

M

Pro

ject

Por

tfol

io M

anag

emen

t

RM

R

evie

w M

anag

er

RS

O

Rev

enue

Ser

vice

s O

rgan

izat

ion

SC

E

Sou

ther

n C

alifo

rnia

Edi

son

Com

pany

– 82

–

© 2

016

KP

MG

LLP

, a D

elaw

are

limite

d lia

bilit

y pa

rtne

rshi

p an

d th

e U

.S. m

embe

r fir

m o

f th

e K

PM

G n

etw

ork

of in

depe

nden

t m

embe

r fir

ms

affil

iate

d w

ith K

PM

G In

tern

atio

nal C

oope

rativ

e (“

KP

MG

Inte

rnat

iona

l”),

a S

wis

s en

tity.

All

right

s re

serv

ed. N

DP

PS

576

245

The

KP

MG

nam

e an

d lo

go a

re r

egis

tere

d tr

adem

arks

or

trad

emar

ks o

f K

PM

G In

tern

atio

nal.

Appe

ndix

2 St

akeh

older

s int

ervie

wed

# T

itle

D

epar

tmen

t D

ate*

1C

usto

mer

Ser

vice

Rep

rese

ntat

ive

Cus

tom

er S

ervi

ce

3/15

/201

6 2

Prin

cipa

l Man

ager

E

thic

s an

d C

ompl

ianc

e 2/

1/20

16

3P

rogr

am A

naly

st

Info

rmat

ion

Tech

nolo

gy

3/9/

2016

4

Prin

cipa

l Man

ager

P

ower

Sup

ply

& O

pera

tiona

l Ser

vice

s 3/

1/20

16

5Pr

ivac

y C

ompl

ianc

e Pr

ogra

m L

eade

r E

thic

s an

d C

ompl

ianc

e 2/

1/20

16*

6M

anag

er

Cus

tom

er S

ervi

ce

3/21

/201

6 7

Man

ager

R

egul

ator

y A

ffairs

2/

4/20

16

8M

anag

er

Cus

tom

er S

ervi

ce

3/21

/201

6 9

Prin

cipa

l Man

ager

C

usto

mer

Ser

vice

2/

18/2

016*

10

Sr.

Man

ager

In

form

atio

n Te

chno

logy

2/

24/2

016*

11

Dire

ctor

Et

hics

and

Com

plia

nce

4/13

/201

6*

12A

naly

st

Cus

tom

er S

ervi

ce

3/21

/201

6 13

Man

ager

C

usto

mer

Ser

vice

2/

2/20

16

14M

anag

er

Hum

an R

esou

rces

2/

10/2

016

15M

anag

er

Gov

ernm

ent A

ffairs

2/

3/20

16

16M

anag

er

Info

rmat

ion

Tech

nolo

gy

2/25

/201

6*

17In

form

atio

n S

tew

ard

Cus

tom

er S

ervi

ce

2/2/

2016

18

Prin

cipa

l Man

ager

C

usto

mer

Ser

vice

3/

9/20

16

19B

usin

ess

Ana

lyst

C

usto

mer

Ser

vice

2/

18/2

016*

20

Man

ager

C

usto

mer

Ser

vice

2/

25/2

016

– 83

–

© 2

016

KP

MG

LLP

, a D

elaw

are

limite

d lia

bilit

y pa

rtne

rshi

p an

d th

e U

.S. m

embe

r fir

m o

f th

e K

PM

G n

etw

ork

of in

depe

nden

t m

embe

r fir

ms

affil

iate

d w

ith K

PM

G In

tern

atio

nal C

oope

rativ

e (“

KP

MG

Inte

rnat

iona

l”),

a S

wis

s en

tity.

All

right

s re

serv

ed. N

DP

PS

576

245

The

KP

MG

nam

e an

d lo

go a

re r

egis

tere

d tr

adem

arks

or

trad

emar

ks o

f K

PM

G In

tern

atio

nal.

# T

itle

D

epar

tmen

t D

ate*

21V

ice

Pre

side

nt

Eth

ics

and

Com

plia

nce

3/10

/201

6*

22S

r. M

anag

er

Cus

tom

er S

ervi

ce

3/9/

2016

* 23

Sr.

Atto

rney

L

aw D

epar

tmen

t 2/

1/20

16*

24M

anag

er

Reg

ulat

ory

Affa

irs

2/9/

2016

25

Sr.

Pro

gram

Man

ager

In

form

atio

n Te

chno

logy

2/

24/2

016

26M

anag

er

Tran

smis

sion

s &

Dis

tribu

tion

3/1/

2016

* 27

Man

ager

C

usto

mer

Ser

vice

3/

15/2

016

28M

anag

er

Info

rmat

ion

Tech

nolo

gy

2/24

/201

6*

29M

anag

er

Ene

rgy

Pro

cure

men

t & M

anag

emen

t 2/

17/2

016

30M

anag

er

Aud

it S

ervi

ces

3/24

/201

6

Contact us

Doron Rotman Managing Director 408 367 7607 [email protected]

Douglas Farrow Partner 213 955 8389 [email protected]

www.kpmg.com

Documents

Administrative & General (A&G) Volume 1 – Ethics and ......Sep 01, 2016 · Volume 1 – Ethics and Compliance Before the Public Utilities Commission of the State of California