Alinta Energy accused of customer data protection failure

Energy giant may not have sufficiently protected the personal information of its 1 million customers according to leaked documents revealed in join media investigation

protecting_data-100683751-orig.jpg
protecting_data-100683751-orig.jpg

Alinta Energy stands accused of potentially exposing the sensitive information of its 1.1 million customers because it lacks sufficient privacy protection systems. 

A joint investigation between the ABC’s current affairs show 7.30 and The Sydney Morning Herald and The Age has revealed leaked documents appearing to indicate the energy giant has not had appropriate compliance and privacy monitoring systems in place to safeguard personal information.

As a business with a retail customer base, Alinta holds a swathe of personal details on customers including names, addresses, birth dates, mobile phone numbers and financial details. Leaked documents obtained by the ABC and the two newspapers appear to show Alinta has not adequately protected this sensitive information.

The Chinese-owned energy giant's written responses to 7.30 questions were also shared with CMO and state that at the beginning of 2019, Alinta initiated an audit by an independent third-party to examine its approach to managing privacy across the organisation.

"The audit report confirmed a number of positive aspects of our approach alongside a number of opportunities to improve. Some elements, including the need for a privacy management framework, privacy officer, encryption standards and data strategy were highlighted and have been progressed," Alinta said in the statement

Alinta revealed in the statement it had one reportable data breach incident in January 2020 concerning a single individual and has met its compliance obligations in addressing the issue. "The OAIC was satisfied with the process and remediation and the matter has been closed," the statement read.

The sale of Alinta Energy, which took place in 2017, was approved by the Foreign Investment Review Board (FIRB), although it found the company's compliance and privacy monitoring systems appeared to be inadequate.

In its statement, Alinta confirmed the FIRB has approved a remediation plan and it is on track to complete the activities within the agreed timeframe.

"Alinta Energy is treated as being in compliance with the conditions imposed by FIRB, while it continues to implement remedial activities endorsed by FIRB. Remedial activities will be completed by Dec 2020, the statement said.

Alinta Energy said it undertakes annual reviews using a third party-auditor to evaluate its security and identify any areas of risk, and any significant risks which are identified are tracked through to conclusion.

"In addition, when there are any significant changes to customer facing systems we undertake web penetration testing and all significant findings are addressed prior to release to production. Alinta Energy has in place an ongoing program of investment focussed on improving our cybersecurity capabilities."

The Office of the Australian Information Commissioner, as well as the energy regulator, the Essential Services Commission are inquiring into Alinta’s processes following the story revealing it may not have adequately protected the personal information of its 1.1 million gas and electricity customers.

Follow CMO on Twitter: @CMOAustralia, take part in the CMO conversation on LinkedIn: CMO ANZ, follow our regular updates via CMO Australia's Linkedin company page, or join us on Facebook: https://www.facebook.com/CMOAustralia.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Show Comments

Latest Videos

More Videos

Great piece Katja. It will be fascinating to see how the shift in people's perception of value will affect design, products and services ...

Paul Scott

How to design for a speculative future - Customer Design - CMO Australia

Read more

Google collects as much data as it can about you. It would be foolish to believe Google cares about your privacy. I did cut off Google fr...

Phil Davis

ACCC launches fresh legal challenge against Google's consumer data practices for advertising

Read more

“This new logo has been noticed and it replaces a logo no one really knew existed so I’d say it’s abided by the ‘rule’ of brand equity - ...

Lawrence

Brand Australia misses the mark

Read more

IMHO a logo that needs to be explained really doesn't achieve it's purpose.I admit coming to the debate a little late, but has anyone els...

JV_at_lAttitude_in_Cairns

Brand Australia misses the mark

Read more

Hi everyone! Hope you are doing well. I just came across your website and I have to say that your work is really appreciative. Your conte...

Rochie Grey

Will 3D printing be good for retail?

Read more

Blog Posts

How to design for a speculative future

For a while now, I have been following a fabulous design strategy and research colleague, Tatiana Toutikian, a speculative designer. This is someone specialising in calling out near future phenomena, what the various aspects of our future will be, and how the design we create will support it.

Katja Forbes

Managing director of Designit, Australia and New Zealand

The obvious reason Covidsafe failed to get majority takeup

Online identity is a hot topic as more consumers are waking up to how their data is being used. So what does the marketing industry need to do to avoid a complete loss of public trust, in instances such as the COVID-19 tracing app?

Dan Richardson

Head of data, Verizon Media

Brand or product placement?

CMOs are looking to ensure investment decisions in marketing initiatives are good value for money. Yet they are frustrated in understanding the value of product placements within this mix for a very simple reason: Product placements are broadly defined and as a result, mean very different things to different people.

Michael Neale and Dr David Corkindale

University of Adelaide Business School and University of South Australia

Sign in