Skip Navigation
Decrease Normal Increase

Tacoma Power Customer Privacy Policy

Introduction

Tacoma Power values the privacy and trust of the customers it serves. Tacoma Power understands that protection of customer privacy is essential to customer trust.  All employees of Tacoma Power recognize and acknowledge that to maintain the trust of the customers we serve, we must effectively safeguard the private and personal information we manage on their behalf.

We use and manage a range of customer related information to conduct Tacoma Power’s electric utility business. Customer information or data that directly identifies or is directly associated with individual retail customers is known as personally identifying information (“PII”), which is private and defined herein as “Personal Information” (see Section I below for full definition).  We understand the value of this Personal Information and that it must be protected through the use of strong consumer data safeguards to ensure customer privacy.

This Privacy Policy affirms Tacoma Power’s commitment to secure the Personal Information of its customers with strong consumer data safeguards to prevent unauthorized disclosure.  It is Tacoma Power’s intent to implement this commitment by and through the adoption of this Policy in conformance with applicable State laws and regulations.

As required by State law[1], this Policy contains provisions designed to prevent unauthorized disclosures of Personal Information and applies to all private and proprietary customer data collected, obtained, used, or otherwise managed by Tacoma Power and/or its Business Partners (as defined below).

This Privacy Policy establishes administrative and procedural guidance to govern when and how: (i) customer consent to disclosure must be obtained, as well as the documentation and management of such customer consents; and (ii) State law exemptions to customer consent apply and the required conditions for such exemptions.  Finally, this Policy establishes procedures for the investigation and resolution of complaints by Tacoma Power’ s retail customers whose Personal Information may have been disclosed and/or used in violation of this Policy.

To help our customers better understand how Tacoma Power manages Personal Information, this Policy explains why and how such Personal Information may be collected and the ways in which we may use and disclose that information.



[1] See RCW 19.29A.100  Electric utilities – Customer information – Sale or disclosure – Requirements – Exemptions – Application of consumer protection act

Scope and Publication

This Privacy Policy applies to all Tacoma Power Officers, managers, employees, and contract personnel with access to Tacoma Power’s electrical and telecommunication systems and data.  This Policy also applies to all Department of Public Utility and City of Tacoma service level Divisions and their Officers, managers, employees and contract personnel who have access to such systems and data.

This Policy is posted on Tacoma Power’s website.  We may change this Policy at any time, and will notify customers of changes by indicating the date of last revision on the updated Policy document posted to our website.  We may also communicate with our customers about steps we have taken to enhance the security of their Personal Information, and may ask for customer cooperation in implementing certain safeguards. Customers are requested to please review this Policy whenever they visit our website in order to understand how Personal Information we collect will be used. 

NOTE TO CUSTOMERS: By using our website, or by opening and holding a TACOMA POWER account, customers consent to the information collection and use practices described in this Privacy Policy. 

I. DEFINITIONS 

Aggregated Data – as used in this Privacy Policy is information that has been combined (i.e., aggregated), or from which Personal Information has been removed, so that the resulting information does not identify any individual customer or allow an individual customer to be contacted. An example of aggregated information would be a report stating that fifty percent of website visitors use computers located within Tacoma Power’s service territory or we could summarize total energy use for all homes and businesses in a certain geographic area. Aggregated information is not "Personal Information" under this Policy. We may use aggregated information for various purposes and may disclose it to third parties without restrictions.

Business Partners (and Affiliates) For purposes of this Policy “Business Partners” means third parties that partner with Tacoma Power to offer and provide services or products to our electric retail customers. Certain Business Partners may be identified as Affiliates, which are third parties used by Tacoma Power to perform Primary Purposes (as defined below), which may include via Tacoma Power’s websites. Some examples are: (1) services offered to our customers (i.e., online bill view and payment) and (2) credit and debit card payment transaction services.  We require these third party vendors to safeguard information they receive from us.

Customer Consent means an affirmative act of a Tacoma Power customer consenting to or otherwise permitting Tacoma Power and/or a Business Partner to disclose the customer’s Personal Information.  Such consent may be in writing using a standardized Customer Consent form (see below) and/or by accepting the terms and conditions stated on Tacoma Power’s website.

  • Opt OutTacoma Power provides registered online users with opportunity to "opt-out" of having their Personal Information used for purposes not directly related to our services at the point where we ask for the Personal Information. Users may opt-out of receiving promotional e-mail from Tacoma Power by clicking on the unsubscribe option button at the bottom of the email they received and entering their email address.
  • Procedure for Documenting and Managing Customer Consent: Tacoma Power will require affirmative Customer Consent for each instance of the release of Personal Information for Secondary Purposes. Tacoma Power will require the following elements to document Customer Consent to the release of his or her information:
  • The date or date period for which the consent is granted;
  • The party or parties to whom the customer has authorized the release of his or her information, including any affiliates or third parties;
  • Tacoma Power will validate that the individual providing consent matches the name, service address and account number of the customer of record in Tacoma Power’s customer information system, or the customer information will not be released;
  • Tacoma Power will keep a record for each instance that the customer has given written or electronic consent, following applicable records retention guidelines.

NOTE: Attachment #1 to this Policy, is a sample form entitled “Customer Authorization to Release Information.” This “CARI” form is designed to standardize and document how Customer Consent is obtained for disclosures of Personal Information involving Secondary Purposes

Personal Information - which includes PII (“Personally Identifying Information”), means and includes, but is not limited to: A customer’s: name, street address, mailing address, telephone number(s), email address(s), birthdate, social security number, account number(s) - including Tacoma Power and/or other Tacoma Public Utility account(s), bank account(s) and credit card account(s) numbers, passwords, utility account balances and payment history, any information we receive for identification purposes (such as a driver’s license, passport, or information collected to establish creditworthiness), income, household information collected when applying for a low-income or other discount rate program(s), energy conservation program information including one or more of the foregoing, and meter identifiers and interval/utility usage data that is combined with any of the other information set forth above.

As used in this Privacy Policy, the terms "Private” and “Proprietary” customer information are defined by State law in RCW 19.29A.010 as follows:  “Private customer information[1] includes a retail electric customer's name, address, telephone number, and other personally identifying information; and "Proprietary customer information[2] means: (a) Information that relates to the source, technical configuration, destination, and amount of electricity used by a retail electric customer, a retail electric customer's payment history, and household data that is made available by the customer solely by virtue of the utility-customer relationship; and (b) information contained in a retail electric customer's bill.

Except as set forth in this Policy, Personal Information is considered confidential information and will not be disclosed to third parties without customer consent.

This Policy does not apply to Personal Information Tacoma Power collects in its capacity as an employer; employment information is covered under separate policies. 

II.    PROHIBITED, PERMISSIVE, and REQUIRED DISCLOSURES

A.    PROHIBITED Disclosure

Tacoma Power does not sell the Personal Information of its customers and, pursuant to this Privacy Policy, shall not sell that Personal Information for marketing purposes or otherwise.  We will not otherwise disclose Personal Information without Customer Consent or unless (i) permitted by State law, such as for Primary Purposes (as described and conditioned below) pursuant to RCW 19.29A.100 or as otherwise legally permissible; or (ii) required by State law, such as pursuant to the Washington State Public Records Act (Chapter 42.56 et seq.) or as otherwise legally required.

B.    PERMISSIVE Disclosures (by consent or with conditions)

Tacoma Power does and may disclose Personal Information for purposes directly related to the conduct of Tacoma Power’s electric utility business. These purposes are referred to in this Policy as “Primary Purposes.” We do not release Personal Information to a third party for other purposes (see “Secondary Purposes” described below) without customer consent, except for information that is reasonably necessary to meet Tacoma Power’s business needs.

1. Disclosure for Primary Purposes includes Personal Information and related data released for Tacoma Power’s essential business functions including, but not limited to:

  • Billing, invoicing, and payment processing
  • To inform customers about their energy usage
  • To maintain or operate our safe and reliable electric system or grid operations
  • To plan, implement, or evaluate energy use programs, such as energy management, demand response or energy efficiency
  • Low-Income and other discount rate or payment assistance programs, such as to other public agencies for eligibility evaluations;
  • Energy efficiency program validation or administration (such as to Bonneville Power Administration “BPA” (or other regulatory agencies and conservation performance evaluators) and program education and marketing regarding Tacoma Power conservation programs;
  • Tacoma Power program education and/or customer participation
  • Marketing services and product offering that are directly related to the conduct of Tacoma Power’s businesses
  • Such as marketing and service or product offerings that directly related to energy conservation programs
    • Customer care or customer satisfaction surveys

Pursuant to RCW 19.29A100(5): When Personal Information is released to one of our Business Partners to provide services and products that are of a Primary Purpose, Tacoma Power will ensure a contract or a Non-disclosure Agreement  has been signed with the Business Partner. Such contracts or NDAs shall include provisions that include consumer data safeguards, such as express prohibitions against: (i) selling the data for any purpose; (ii) using the data for marketing related to secondary purposes (defined below), and (iii) further disclosure to anyone else that is not under a similar contract with Tacoma Power or its Business Partners.

2. Disclosure for Secondary Purposes includes Personal Information and related data released for marketing services and/or product offering a Tacoma Power customer does not already subscribe to. Tacoma Power will require affirmative Customer Consent for each instance of requested use and release of Personal Information for Secondary Purposes, which includes requests:

  • By customers for their Personal Information to be shared directly with a third-party vendor
  • From a third-party vendor asking for Personal Information for the vendor’s own marketing purposes
  • From Tacoma Power staff working with a third-party to market a new product or service.
  • To promote marketing of services and products that are not directly related to the conduct of Tacoma Power’s electric utility business operations
  • For Example: When Tacoma Power contracts with third party vendors to implement energy efficiency programs that result in energy savings for Tacoma Power, we consider these services and products to be directly related to the conduct of Tacoma Power’s business (i.e. Primary Purposes)

3. Disclosure for Legal Needs and Purposes. Personal Information may be released without prior Customer Consent when necessary to perform and protect Tacoma Power’s lawful business functions. We reserve the right to share Personal Information with third parties to initiate and render our services; to bill and collect for amounts owed to us; or if in our good faith judgment, such disclosure is reasonably necessary to protect us, our customers or the public from fraudulent, abusive or unlawful use of our services or our website(s); to comply with the legal process; to respond to any claims, or to protect the rights, property or safety of Tacoma Power, its employees, its customers, or the public.

We are permitted to disclose Personal Information to comply with a law, regulation, legal process or governmental request, such as a properly supported request from law enforcement, or a governmental agency when necessary and permitted for the performance of official duties, or in accordance with a court order.

As authorized by State law[3], we may use and disclose customer records such as essential terms and conditions of special contracts, we may insert marketing information into our retail electrical customer billing packages, and we may disclose Aggregated Data (as Defined in Section I above) to manage, provide, and improve our services and business operations.

In addition, information about users of our website, including Personal Information, may be disclosed the third-parties as part of transactions involving the sale, acquisition, merger, or lease of business assets or property, and other transfers of control or management of business operations. Such disclosure may also be needed for debt financing purposes or in the event of insolvency, bankruptcy or receivership proceedings.

C.    REQUIRED Disclosures.  As a public agency, Tacoma Power may be required to disclose certain Personal Information to the public, to law enforcement, or to other agencies as directed by State law and the courts.

  1. Public Records Requests.   A typical example would be public disclosure requests made pursuant to the Washington State Public Records Act.  Not all customer Personal Information, however, must be released and we work hard to safeguard data that is exempt from disclosure under the Act which includes a customer’s address and contact information, financial account or other sensitive information such as social security numbers, birthdates, credit card and bank information. We also take care to utilize an exemption applicable to energy usage and billing information in increments smaller than a month or a billing cycle.
  1. Law Enforcement and other Agency Requests: Other examples of required disclosure of customer Personal Information that apply to Tacoma Power as a public agency and utility include, but are not limited to, requests by (i) local, state and federal law enforcement agencies conducting criminal investigations and made under the Public Records Act[4] or in the form of a subpoena, search warrant, or other court order; (ii) energy and utility regulatory agencies; and/or (iii) state and other government auditors.  These requests may require release of Personal Information involving current and/or former customers. 

As a public agency, Tacoma Power must release customer information to the public to comply with local, state and federal laws governing public records.  We do, however, seek to reasonably protect the privacy of our customers’ Personal Information when fulfilling public and law enforcement records requests.

 

III.   WHAT PERSONAL INFORMATION DOES TACOMA POWER COLLECT?

We may collect any or all Personal Information defined in Section I of this Policy.  We may collect Personal Information in various contexts, including on our website, having to do with our business relationship with customers and their use of our utility services.  Personal Information that we may collect from website activities includes, but is not limited to: information that may be used to identify customers personally or to contact customers; income, household information collected when applying for a low-income discount or to participate in Tacoma Power’s energy conservation programs; and/or other information that reveals details, patterns or other insights into a customer’s personal life or activities. 

The following summarizes the Personal Information we collect and describes how we collect it.

 

  1. A.   Active collection of information

 Account Establishment and Website Registration

Tacoma Power requires certain information in order to establish a customer’s electrical service utility account, and to access some features and services through Tacoma Power’s website.  To establish an account, we will require the customer’s address and telephone number, the service address, birthdate, email address, and valid identification information. We also collect and retain on file financial information such as payment data, account balances, credit history, and social security number, which is used solely to validate identity. We may also collect information we receive from a consumer reporting agency, or information we obtain from verifications of employment or income, or other forms or applications that customers provide to Tacoma Power or the various public assistance agencies Tacoma Power contracts with to evaluate or otherwise process applications for the discount rate, energy assistance, and energy conservation programs offered by Tacoma Power.

Account registration also is required to access some features and services on our website. During the registration process, we may ask a customer for a username, password, and other Personal Information in order to verify the customer’s identity, establish customer account(s), promote security, and to provide appropriate access to features. Personal Information provided by a customer during online account registration may be linked to their utility account information in our system in order to provide the customer with simplified online access to their utility account information or to provide other services related to the customer’s utility account.

Tacoma Power and/or one of the public assistance agencies it contracts with may also collect information about a customer’s service premises as part of their participation in one of Tacoma Power’s energy efficiency programs, such as the amount of insulation in a customer’s service premises, type of windows, model of customers heating system, or similar information.  Unless the information we collect is likely to reveal details, patterns or other insights into the customer’s personal life or activities, it is not considered Personal Information.

Identity Verification

As part of its identity theft prevention program that is required by law, Tacoma Power uses Social Security Numbers (SSN) to validate the identity of residential customers who open accounts online, by fax, or over the telephone. Customer SSNs are maintained in a secure environment. Customers wishing to use other government-issued identification are welcome to apply for service in person at TPU’s Customer Services Division’s office. To apply in person, please bring two pieces of unexpired, government-issued identification, one of which must contain a photograph. Tacoma Power will accept all forms of identification approved by the U.S. Department of Homeland Security and/or the U.S. Transportation Security Administration.

Usage Information

When customers use electricity, usage data is collected via our metering systems, and is used for billing purposes.  We may also collect usage history information when customers choose to take part in one of our energy efficiency or other energy management programs. 

Advanced metering infrastructure (“AMI”) and other emerging smart grid technologies have the potential to dramatically change the ways in which utilities provide service to their customers in the future.  AMI enables the collection and reporting of granular data about customer usage and demand (“Advanced Meter Data”). Together with other distribution automation and improved communications technology, these advances in technology help improve reliable utility service, provide better customer service, streamline utility operations, and help consumers make informed choices that could reduce their consumption. 

The granular level of usage information could be used as a source of behavioral information on residential customer households.  Third parties will be or are developing innovative consumer products to give customers more insight and control over their energy usage. Note that no personal customer information is stored on the meter or is transmitted by the meter. 

In the future, we may offer products and services that take advantage of advanced meter data to provide customers enhanced capabilities to monitor and control their energy usage.  Customer consent may be required for these services. Use and disclosure of Personal Information related to AMI functions typically involve Primary Purposes. However, we will require customers to provide consent if they request to have a third party vendor use Tacoma Power’s advanced meter data to provide such services. While there is little privacy concern over aggregated or de-identified Advanced Meter Data, privacy concerns do arise if advanced meter data linked to a residential customer could be used without the knowledge of the customer for purposes that are not authorized by that customer. 

Online Customer and Energy Service Features

We may offer Customer Service and/or Conservation Resource Management features on our website. If customers use these features, we may ask for their address, account number, and location during use of some features, and other information, just as we would if we were speaking to customers over the phone or in person.  We also may offer services such as online rebate applications and payments which utilize some Personal Information.  We collect this Personal Information in order to customize the information and services that we provide to customers within and in connection with these features, to provide the services, to authenticate customers as a security measure and to monitor and improve the website and our services.

Surveys, Contests and Promotions

We may offer surveys, contests and other promotions from time to time. Participation is completely voluntary. Information requested may include contact information (such as name and address, etc.) and demographic information (such as ZIP code, age, and income). Contact information will be used to notify the winners and award prizes. Survey information will be used to help us monitor and improve our website and services and to help us develop future service offerings.

Third Party Vendors

Tacoma Power’s website includes certain co-branded pages.  A co-branded page provides a link to the website of one of our Business Partners to allow our customers to find additional information about available services or products that relate to a Tacoma Power program. The linked website may collect certain contact, demographic, energy use and other information from customers on our behalf. These third party vendors may use this information to allow them, customers and/or Tacoma Power to run Tacoma Power program related features, calculators, or to complete application and contract forms, sign up for electronic newsletters, and use other tools or services. All information collected by these vendors on our behalf is the sole property of Tacoma Power and is governed by this Privacy Policy.

Tacoma Power contracts with Business Partners and other third party vendors to implement some of its energy efficiency and conservation programs.  These third party vendors may collect contact, demographic, and energy use information, or information about customer service premises.  If customers participate in these programs, the third party vendor will use the information to provide the services to customers. 

Like all third parties that provide services on our behalf, we require these businesses to protect Personal Information that is disclosed to them, to not use or disclose our users' Personal Information in a manner inconsistent with the purpose for which it was provided, and to not sell or disclose Personal Information to another party.

Additionally, as noted above, information collected by third party Vendors on behalf of Tacoma Power on its website or on co-branded pages is the sole property of Tacoma Power but may be used by these businesses for the purpose(s) for which it was collected.

 

  1. B.   Passive Collection

 

Our software automatically collects certain information from a customer’s computer during access and use of our website. This information is not linked to other Personal Information customers provide to us and is not used to identify customers personally. The two main ways in which this general information is collected are through "log files" and "cookies."

 

(i) Log Files

Our website's log files contain our users' Internet service providers, Web browsers, the times of their visits and the pages visited, and the IP addresses of their computers. We use this information to analyze trends, to improve the security and efficiency of our website and online services, and to otherwise administer and improve our website and our services.

 

(ii) Cookies

A "cookie" (including or related to “pixels” or “ad tags”) is a small file, stored on customer hard drive, which contains information about customer computer and/or tracks customer on-line activities. Cookies cannot execute code or deliver a virus to a customer computer. We do not link cookies to Personal Information. We may use cookies to keep users logged in to the website, serve pages to users more quickly on subsequent visits, understand users' interaction with our website, track users' paths for security purposes, and customize our users' experiences on our website.

If customers wish to block, erase or be warned of cookies, customers should refer to their browser instructions or help file. A customer may still use our website if they block cookies, but customer use may be limited and their browser may behave strangely. Please also note that some of our business partners may use cookies on our website. We have no access to or control over these cookies outside of the websites Tacoma Power/TPU manages (Tacomapower.com and MyTPU.org).

 

IV.        HOW WE USE PERSONAL INFORMATION WE COLLECT

We use Personal Information to authenticate and administer customer accounts and inform customers about their utility usage.  We also use it to manage and improve our services and business operations.  For example, we may use Personal Information that customers provide to us in the following ways:

To prepare each customer’s billing statement and in connection with billing and payment on their account;

  • To enable customers to see their energy usage data via secure access on our website;
  • To provide customers with other products and services customers choose to have Tacoma Power provide;
  • To communicate with customers about their electric utility and/or online account, energy  account, the website and our other products and services;
  • To respond to customer comments or requests;
  • To develop and improve the website and our products and services;
  • To obtain customer satisfaction data;
  • To inform customers about Tacoma Power service and product offers and promotions that we believe customers may find of interest;
  • To administer contests or similar promotions in which customers have entered their name; and
  • For the purpose for which the information was provided.

Once again, Tacoma Power will not sell Personal Information about our customers and we will only share or allow that information to be used by others in accordance with this Privacy Policy. Consistent with State law, this Policy requires Customer Consent before we share Personal Information unless disclosure is permitted without that consent – in which case, we follow best practices to ensure the conditions of such permitted use are met.

A common example of this kind of permissive disclosure is when we disclose Personal Information to independent contractors, service providers, and consultants who provide services to us or help us perform functions necessary to operate our businesses. For example, we may use credit card processing companies to process payments for goods and services and shipping companies to ship orders. We also may use service providers to deliver Tacoma Power’s energy efficiency programs.

To protect the Personal Information disclosed to these third-parties, Tacoma Power requires the third-party to sign a written contract with conditions that prohibit the sell, use or further disclosure of such Personal Information in any manner inconsistent with the purpose for which it was provided to them or in violation of this Policy.  

V.        Customer right to access and correct usage information

Tacoma Power customers have the right to access and correct their Personal Information at any time by contacting our Customer Service Division located at 3628 South 35th Street, Tacoma WA 98409 or by telephone at (253) 502-8600 or toll-free at (800) 752-6745

Updating customer information

We provide access to Personal Information that we collect and give users the opportunity to update and make corrections to it. If customers have registered for an online account, customers may access and edit the Personal Information provided during registration by accessing online customer account on the Site. To access or update other Personal Information customers have provided to Tacoma Power, including via website or otherwise, please contact our Customer Services Division at cservice@cityoftacoma.org.

If customers have an advanced meter, Tacoma Power will make reasonable efforts to ensure customers have access to any interval meter data after it has been collected and verified, in a readable format that is as detailed as the information we use in providing our services to customers.  Unless disclosure of the data is permitted or required to be disclosed, we will require customers to consent if customers wish to have Tacoma Power disclose the advanced meter data to a third party vendor with whom customers choose to do business.

 

  VI.       How Tacoma Power protects Personal Information

A. Consumer Data Safeguards

As specified in Section II of this Privacy Policy, Tacoma Power will disclose Personal Information to third-parties only when permitted or required by law. Per State law, Tacoma Power is permitted to disclose Personal Information to third-parties without Customer Consent so long as (i) disclosure is for Primary Purposes and (ii) there is a written contract signed by the third-parties that safeguards the information we have shared.

In compliance with State law, Tacoma Power shares Personal Information only with third-parties that have signed a written contract with conditions that prohibit the sell, use, or further disclosure of such shared information in any manner inconsistent with this Policy.

To ensure such contracts and consumer data safeguard conditions are used, this Policy includes a standardize review procedure and sample form to be used as part of that procedure.

Pre-Disclosure Review Procedure.  No employee shall release customer Personal Information to a third-party vendor[5] (per vendor request or otherwise) unless business purpose for such release is identified and the following review steps have been taken to determine the scope of disclosure necessary to meet that business objective.

The employee who proposes release of Personal Information, will serve as the “Contract Work Manager” (CWM) and shall be responsible for contract administration including this completion of this review procedure.

  1. Release for Primary Purpose
  • The request or identified need to release Personal Information to the Vendor requires approval from the Manager of the Section or Division that performs the release.
  • An approval is required only for the initial disclosure determination as that approval will require execution of a written contract with required conditions to govern third-party Vendor use of information released. Subsequent approval is only required if additional types of Personal Information are requested or will be provided to the Vendor.
  • It is up to the CWM to reduce the amount of Personal Information to be or that is released, where possible, by questioning the purpose and need of the Vendor to receive all information they are requesting.
  • The third-party Vendor must provide a specific timeline in which the Personal Information will be used and a scope that defines the manner in which the data will be used.  The Vendor must further comply with contract requirements that will address the disposition of Personal Information upon contract expiration or termination.
  • The CWM is also responsible for communicating contract terms and conditions to the Vendor, finalizing and routing a final written contract for full execution, and actual transmittal or delivery of approved information to the third-party Vendor.

To facilitate this review, the CWM is to use the Non-Disclosure Agreement Checklist form in Attachment #2 (or a substantially similar form) and route it through the standard contract approval process (with an accompanying contract recommendation memorandum when applicable).

 

  1. Release for Secondary Purpose

 

  • The CWM must obtain completed CARI forms from each customer whose data will be shared.   Copies of the forms must accompany the contract recommendation memorandum.
  • The third party Vendor working with the CWM will be required to sign a Confidentiality and Non-Disclosure Agreement or other contract containing equivalent consumer data safeguards and conditions governing use of Personal Information for Secondary Purposes

 

  1. Transmittal of Personal Information to Third-Party Vendor

All files and forms of data provided to a Vendor to be used for Primary and/or Secondary purposes must be sent via secure FTP or be encrypted.   Email or hard copies should not be used to share customer Personal Information with a Vendor.

Customer Service Policies & Practices to Secure Account Information Access

In addition to this Policy, requests and disclosure practices involving customer account information are governed by TPU’s Customer Services Policies (Section 4.2.9). Except as set forth above, Personal Information (such as account information) is ordinarily shared only with the person or persons listed on the account. 

An account holder requesting his or her information must show identification if in-person at the TPU Customer Services office located at 3628 South 35th Street, Tacoma WA 98409, or when requesting by telephone a customer is required to provide two forms of identification which will be validated against account records. TPU Customer Services will supply the information by mail, upon request, by using the documented mailing address.  Requests for customer information from third parties will be individually reviewed to determine whether the law authorizes disclosure. 

We restrict access to confidential information about customers to employees who have a specific need to know. Maintaining confidentiality and customer privacy is a priority for us.

We have implemented appropriate administrative, physical, technical and logical safeguards to protect the confidentiality, integrity and availability of Personal Information that we collect, and prevent loss, theft, misuse, unauthorized access, disclosure, alteration or destruction.

We take measures to limit access to all categories of Personal Information – not just "sensitive" information – to authorized employees and contractors.  For example, our customer information system has access controls designed to ensure that only those Tacoma Power and Customer Service Division employees who have a business need to work with Personal Information will have access to it, and they will have only the limited amount of access that they need to perform their jobs.  Social Security numbers are used within a secure environment, and Tacoma Power has in place a federally required identity theft prevention program. 

To protect customer privacy, we encrypt or use an alternate method to protect any data that we forward to third parties.

When we request sensitive information (such as credit card number and/or social security number) on the website, we use Secure Socket Layer (SSL) encryption to protect it from unauthorized access while in transit.

Despite our security safeguards, however, we cannot guarantee that Personal Information will be protected from interception, misappropriation, misuse or alteration, or that it will not be disclosed or accessed by accidental circumstances or by unauthorized actions.   We are required by law to notify customers if we become aware of a security breach that has the potential to affect customer Personal Information (RCW 42.56.590). 

B.        Security Measures

Social Networking Services (aka Social Media Sites)

We have no control over the security of other sites customers might visit, interact with or do business with.   For example, when customers post on a social media site (for example Facebook®) social networking service, the Personal Information customers share is visible to other users and can be read, collected or used by them. Customers are responsible for Personal Information they choose to share on social media. Please take care when using these features.

Links

Customers may find links to co-branded sites on our website pages Tacomapower.org and/or at MyTPU.org. Co-branded sites are those where customers will see Tacoma Power name and logo as well as the name and logo of the service provider.  

In addition, some pages of our website and mobile website offer customers the ability to link to and view pages of websites not operated or controlled by Tacoma Power. Often, but not always, customers can tell that they have linked to a non-Tacoma Power website because a separate browser window will open. If customers use such links, customers will leave Tacoma Power website. Links by Tacoma Power to such external websites do not imply endorsement by Tacoma Power of that company, its site, or its privacy policy, which may differ from Tacoma Power’s practices.

Beyond the confidentiality and protection requirements that Tacoma Power imposes on third party vendors with whom it does business, Tacoma Power is not responsible for any information customers provide to these sites, information gathered at a linked site, or for the content of any such site. Tacoma Power does not monitor or control the content or the privacy policies of the external sites, and are not responsible for the privacy practices or the content of linked external websites. When using a link to a non-Tacoma Power website, we recommend that customers investigate the privacy practices and policies of such external site. Any use of external links is at the sole discretion of the user. Once customers leave Tacoma Power’s website, this policy no longer governs.

Internet Fraud: Phishing

Phishing is a scam where Internet fraudsters employ techniques that create a fraudulent website to lure personal and financial information from unsuspecting victims. One way phishers attempt to fool consumers is by sending fraudulent emails designed to look like they are coming from a business or institution, luring consumers to “take action” by clicking on a link that takes victims to a fraudulent website. Thinking that the website is authentic, consumers enter Personal Information compromising their privacy and security. 

While Tacoma Power may request some Personal Information when conducting surveys, Tacoma Power does not and will not request Personal Information related to a customer account via email unless the customer has initiated the request. If customers receive any emails asking them to take an action described above, the customer should contact the TPU Customer Services Division at office located at 3628 South 35th Street, Tacoma WA 98409 or call at (253) 502-8600; toll-free at (800) 752-6745 (Monday through Friday, 8 a.m. to 5:00 p.m., excluding holidays). Visit www.antiphishing.org for the latest information about phishing scams.

Tacoma Power Personnel & ID

If a person comes to a customer’s door claiming to be a Tacoma Power employee, don’t let him or her inside without first asking for identification. Our employees carry an ID card with their picture on it and will gladly show it to customers, and Tacoma Power’s meter reading contractors carry similar identification. 

If a customer receives a phone call and is not sure if it actually came from us, please call our Customer Service Department at (253) 502-8600 or toll-free at (800) 752-6745 to verify the information customers were given. We will be able to tell customers whether or not the call was a hoax.


VI.        CUSTOMER COMPLAINT REVIEW PROCEDURE

A. How to make a complaint about disclosure of Personal Information

Tacoma Power is committed to investigating complaints from customers whose Personal Information may have been sold or disclosed by Tacoma Power or any of its Business Partners for purposes of marketing services or product offerings in violation of RCW 19.29A.100.

A customer who wishes to make such a complaint must provide a request for investigation in writing, signed by the customer or by someone with the legal authority to act on the customer’s behalf.  Each such request shall include a short and plain statement of the circumstances and the information he or she believes was disclosed. The written request must be delivered to Tacoma Public Utilities located at the following address:

 

In person:

Customer Service Division

Tacoma Power

3628 S. 35th Street

Tacoma, WA 98409   

 

Mail-in address:

Tacoma Public Utilities

3628 S. 35th Street

Tacoma WA 98409-3192

P.O. Box 11007

Tacoma, WA 98411-0007

 

 

B. Review of Customer Complaint:

Upon receipt of a complaint, the Tacoma Power Superintendent, or his or her designee, shall promptly investigate the complaint, including review of business records and practices pertinent to any disclosure of Personal Information in violation of this Privacy Policy.  Upon completing this investigation, a written response will be provided to the customer.  Absent exceptional circumstances, the response will be provided within 30 days of receipt of the complaint.

The customer may subsequently make a request for a discretionary independent hearing using Tacoma Public Utilities’ Appeals Process, which is described in Attachment # 3 to this Privacy Policy.



[1] Per RCW 19.29A.010(25)

[2] Per RCW 19.29A.010(26)

[3] See RCW 19.29A.100(6), (7) and (8)

[4] See RCW 42.56.335

[5] This term shall include any Business Partner, contractor, consultant or other service provider who may receive Personal Information of one or more Tacoma Power customers.

ATTACHMENT # 1

 

CUSTOMER AUTHORIZATION TO RELEASE INFORMATION

FOR NON-TACOMA POWER BUSINESS PURPOSES

 

This consent form will allow TACOMA POWER to release Personal Information to a third-party as indicated below for Secondary Purposes (as defined in Tacoma Power’s Privacy Policy).  The customer must complete this document in its entirety and also must be listed as a customer of record of Tacoma Power. Tacoma Power must verify that that the individual providing consent matches the name, service address and account number of the customer of record in the utility’s customer information system.

 

CUSTOMER INFORMATION:

Account Number:  _______________           

Name on Account: _________________________

Name of Representative (if a business): ________________________________________

Service Address: ___________________________________________________

Telephone number: (____)__________________

Email address (if applicable): __________________________

 

AUTHORIZATION:   I authorize the release of my Personal Information (as defined in Tacoma Power’s Privacy Policy as follows:

 

Type of information to be released (for example, usage or payment history, payment, contact information):

____________________________________________________________________________________

Period which the information covers: _________________________

Name of recipient/business:  ___________________________________________________

Address: ______________________________________________________

Telephone number or contact information: __________________________________

Manner in which information is to be provided (mail, email, pick-up, etc.): 

____________________________________________________________________

 

Date(s) for which this release is in effect: _________________________________

 

RELEASE:

This consent for information release is at the request of, and on behalf of the Customer listed above.  Therefore, the Customer agrees to release and hold harmless TACOMA POWER from any liability, claims, demands, causes of action, damages or expenses resulting from: 1) any release of information to the recipient authorized above; (2) the unauthorized use of such information by the recipient; and (3) any actions taken by the recipient with respect to such information.

 

 

Account holder signature: ___________________________  Date: ____________________

(or Authorized representative)

 

By my signature above, I attest under penalty of perjury that I have the authority from the holder of the account to authorize the release of information set forth above.

 

 

ATTACHMENT # 2

 

Non-Disclosure Agreement Checklist

Non-Disclosure Agreement Checklist

(Routed with Contract Recommendation Memo)

It is Tacoma Power’s policy to implement strong consumer data privacy protections to maintain the trust of our customers.   The sharing of Tacoma Power customer, employee, or vendor information with third parties should occur only when it for a Primary Purpose and is necessary in the conduct of essential business functions. 

Any Contract Work Manager (CWM) who requests that such information be shared with a third party will complete this checklist, sign, and route with a contract recommendation memo when necessary to explain the business purpose or clarify other issues.  

The CWM’s signature indicates that he/she is aware of Tacoma Power’s Policy concerning Customer Privacy and in particular Personal Information as defined in the Policy.  The CWM should evaluate the purpose of the information data sharing request and attempt to limit the amount of Personal Information shared with the third party to that which is minimally necessary to meet the business objective.

The following customer/vendor/employee information will be shared with _____________________ <Vendor Name>

(Check all that apply):  

  1. ______   Names
  2. ______   Street addresses
  3. ______   Telephone numbers
  4. ______   Email addresses
  5. ______   Social Security or internal Vendor numbers
  6. ______   Utility Account numbers
  7. ______   Utility Account balances
  8. ______  Banking accounts and or Credit Card numbers
  9. ______   Any information received during the identity and customer credit worthiness process
  10. ______   Identity information provided on a driver’s license, passport, etc.
  11. ______   Meter interval/electricity use data that can be tied to items # 1-8 above.

 

I have reviewed the information and data sharing request and believe that the Personal Information above is that which is minimally necessary to accomplish the business objective, and that the data is being used for a primary purpose.  A non-disclosure agreement is required with the contract.

 

By________________________________/______________

     Contract Work Manage                                            

Date

 

Title___________________________________

 

 

Division or Section Manager: ______________________________­­­­­­­­­­­­­­____/____________                                                                                                                                                                                     Date

 

ATTACHMENT # 3

 

Appeals Process

Review of Complaint Regarding Release of Personal Information in violation of Tacoma Power’s Customer Privacy Policy:  Tacoma Power Customers have the right to appeal the release of their Personal Information (as defined in Tacoma Power’s Privacy Policy).

A Customer shall utilize the following steps to exercise the appeals process:

1.   Tacoma Power must receive a Customer’s written appeal by personal delivery or mail, and shall be addressed to Tacoma Public Utilities. 

2.   The appeal must contain a short, plain statement of both the decision to be reviewed, the relief requested by the Customer, and the appropriate customer contact information for purposes of communications for the appeals process.

3.   Upon receipt of an appeal, the Customer will be contacted by the Customer Services Division, at the Department of Tacoma Public Utilities, and an informal conference will be held.  The Customer must be available to attend the informal conference by telephone, or in person at the discretion of the Customer Services Division, no later than 2 business days after the receipt of the appeal by Tacoma Public Utilities.

4.   If the issue is resolved to the satisfaction of the Customer, the appeals process is concluded.

5.   If the situation remains unresolved, a Request for Appeal Hearing must be submitted within seven (7) business days following the informal conference. Thereafter an Appeals Hearing will be scheduled and held.  The customer must be available to attend the Appeals Hearing within 2 business days of the informal conference.  The date and time of the Appeals Hearing shall be set at the conclusion of the informal conference, if needed, and the customer will be provided written notice of the date, time and place for the Appeals Hearing.

6.   The Tacoma Power Superintendent shall appoint a Hearing Officer who shall have authority to administer Tacoma Power’s Privacy Policy, and a representative to represent Tacoma Power in the Appeals Hearing.  At the discretion of Tacoma Power, an internal review committee may be formed to participate in the Appeals Hearing.

7.   The Customer will be considered to have received Tacoma Power’s written determination three (3) business days after the date of postage, or on the same date if sent via e-mail or hand delivered.

Customers may address issues and/or concerns to the Tacoma Power Superintendent directly.