The Smart Energy Code Section I ‘Data Privacy’ sets out the obligations regarding privacy, and are applicable to those DCC Users fulfilling the “Other User” role, as set out in the SEC.
Privacy Assessments are undertaken to assess Parties’ compliance with the obligations defined in Sections I1.2 to I1.5. The assessments are undertaken by an Independent Privacy Auditor, who has been appointed by the SEC Panel to provide the audit services.
The Assessments must be carried out in accordance with a Privacy Controls Framework , which provides the basis for enabling a consistent level of review across all Users. The framework also provides a guide to the types of evidence which could be presented to demonstrate compliance with the Privacy obligations.
As stated in SEC Section I2.13, the Privacy Controls Framework (PCF) shall:
- Set out arrangements designed to ensure that Privacy Assessments are carried out appropriately for the purpose of providing reasonable assurance that Other Users are complying with (or, for the purposes of Section H1.10(d) (User Entry Process Requirements), are capable of complying with) their obligations under I1.2 to I1.5; and
- for that purpose, in particular, specify the principles and criteria to be applied in the carrying out of any Privacy Assessment, including principles designed to ensure that Privacy Assessments take place on a consistent basis across all Other Users; and
- make provision for determining the timing, frequency and selection of Other Users for the purposes of Random Sample Privacy Assessments.