Customer Privacy

Customer information, also called Personally Identifiable Information (Pll as defined below) is collected and used to perform essential business functions such as verifying customer identity, operating and maintaining the system, managing outages, processing customer bills and payments, credit and collections, conservation and usage management, etc. The District is committed to protecting the security and privacy of all customer data, and will conform to applicable laws and regulations, as well as internal standards and policies which are intended to keep this information private and secure.

  1. Names
  2. Street addresses
  3. Telephone numbers
  4. Email addresses
  5. Social Security numbers
  6. Account numbers (including Benton PUD account numbers, credit card numbers, bank account numbers)
  7. Account balances
  8. Any information received to identify the customer, such as driver's license, passport, or information collected to establish their credit worthiness.

Meter identifier and meter interval/electricity use data that is released in combination with any information included with items # 1-8 above.

Benton PUD only shares customer information with third parties in order to conduct essential business functions (such as bill processing services).  We do not sell our customer’s information.  Our vendors are held accountable to the same security standards regarding customer information shared with them.

Benton PUD uses a centralized Payment Gateway that is designed to transmit, process, and store credit card data in a Payment Card Industry (PCI) compliant environment. This process encrypts all financial data immediately at the time of entry and remains encrypted through processing with the payment vendor.   

Yes. Benton PUD uses several security measures which have been identified as industry best practices to protect customer personal information and log in credentials, including:

  • Password data is stored in an encrypted format
  • Auto login has been disallowed
  • The system will lockout after a set number of failed login attempts
  • The system requires that the password be complex
  • The system requires a security question at SmartHub registration and to retrieve a forgotten password
  • A customer can opt in for notifications when login credentials have been changed or any personal or payment information has been updated

Yes. Benton PUD is compliant with the most current version of the Payment Card Industry-Data Security Standards (PCI DSS) -version 3.2.  Certification of compliancy is performed on an annual basis.   Benton PUD most recently received PCI certification in June, 2017.

The PCI DSS is a set of security standards established by credit card companies that are designed to ensure that ALL businesses that accept, process, store or transmit credit card information maintain a secure environment. 
 

Customer data is retained in a restricted access data repository and is destroyed according to Washington State local government retention schedules.

Benton PUD uses a multi-layered, defense-in-depth strategy to safeguard customer data, including:

  • Encryption of sensitive data while at rest and in transit
  • Frequent vulnerability scanning and assessments
  • Modern firewalls employed with least privilege access principles
  • Frequent Security Awareness training
  • Conducting third-party security assessments of Benton PUD networks, software systems, and infrastructure

If Benton PUD customer information has been acquired by an unauthorized person and is likely to subject a customer to risk or harm, Benton PUD will notify customers by written or electronic notice.