Data security, privacy, and cybersecurity
Input and correlations relevant to issue
Issue definition
Data exchange has become a permanent social and economic phenomenon. Data exchange and storage, and privacy-sensitive information, require maximum safeguards at all times.
Stakeholder expectation
Stakeholders expect us to use their data and personal details safely and carefully. Data exchange has become a permanent social and economic phenomenon. Data exchange and storage of privacy-sensitive information require maximum protection at all times.
Our long-term objective
Alliander respects the privacy of employees and customers. This means that we exercise due care in using their personal data and treat them confidentially. We meet the requirements set out in the General Data Protection Regulation (GDPR). Customers and employees can trust Alliander to protect their personal data.
Contribution from Alliander
We are obliged to meet statutory requirements for all personal data that we process (or intend to process). Pursuant to the GDPR, we have appointed a Data Protection Officer for Alliander customer data, who is responsible for monitoring GDPR compliance within the organisation. In addition, we set up a data processing register in 2019 to document all our personal data processing activities. Finally, we use Data Protection Impact Assessments (DPIA) to perform prior risk assessments whenever necessary due to the quantity or sensitivity of the data being processed. Customers can go to liander.nl to exercise their associated rights, such as the right of access, right to erasure, and right to restriction of processing.
In addition to working from home, other factors such as the increased use of employee data, more extensive deployment of contractors and intensification in the distribution of energy data led to a stronger focus on cybersecurity in 2020. In order to gain an even better understanding of the security risks at Alliander, we have reassessed the position of Chief Information Security Officer (CISO). We have also had our security processes certified by an independent external party in accordance with ISO 27001 and the Security Verified standard.
Relationship with Alliander impact model: social capital, manufactured capital
The safety and privacy risks inherent in the management of personal data by Alliander and the energy suppliers have a potentially negative impact on our social capital. The assets/systems for the mitigation of cybercrime and hacking risks make a positive contribution to our manufactured capital.
Link with strategy
Reliability
Risks
Financial risks, reputational risk, privacy of energy data