All data which is provided by participants to the Australian Energy Sector Cyber Security Framework (AESCSF) team will be treated confidentially.
AEMO receives confidential information from participants routinely as part of its core role in operating the electricity and gas markets. This information is recognised as ‘protected information’ under the National Electricity Law and National Gas Law. AEMO has obligations to take all reasonable measures to protect from unauthorised use or disclosure information given to it in confidence. Any disclosure of the information will be considered unauthorised, unless it is authorised under the relevant law, rules or regulations.
Third-party providers are routinely engaged to support the collection, collation and analysis of the submitted information provided by participants in the AESCSF as a service provider to AEMO. To ensure that AEMO meets its obligations to secure protected information, AEMO’s contracts with service providers require that the service providers keep confidential any information received. In addition, key personnel leading the project have signed confidentiality undertakings.
The AESCSF project team have strict protocols in relation to handling market participant data. Data submitted is encrypted at rest and in transit using industry practice encryption protocols and exercise diligence in governing these systems.
The AESCSF project team will have access to all data collected for the purpose of reporting to the Energy Security Board as per Finkel Review Recommendation 2.10. Any data used to facilitate industry benchmarking will be de-identified and controls exist within the data collection and analytical tool to restrict the ability to filter benchmarking data such that it may allow an entities data to be derived.