Privacy Policy

Last updated: 10 May 2011

The Energy Sector Security Consortium (EnergySec) recognizes that privacy is critical to the free and open exchange of information and to the success of security programs within the industry. This Privacy Policy applies to all of the products, services, and websites offered byEnergySec.

Information we collect and how we use it

Participation in the EnergySec Information Sharing forum requires registration and validation of identity. We collect the following information from you as part of the registration process:

  • Name
  • Address
  • Phone Number
  • Email Address
  • Organizational Affiliation
  • Account Password

In addition to the above required information, you may opt to provide additional personally-identifying information.


When you visit EnergySec, we send one or more cookies – a small file containing a string of characters – to your computer that uniquely identifies your browser. We use cookies to improve the quality of our service by storing user preferences and tracking login sessions.

Log Information

When you access EnergySec services, our servers automatically record information that your browser sends whenever you visit a website. These server logs may include information such as your web request, Internet Protocol address, browser type, browser language, the date and time of your request and one or more cookies that may uniquely identify your browser. Access of information within the information sharing portal is also logged.

User Communications

When you send email or other communications to EnergySec, we may retain those communications in order to process your inquiries, respond to your requests and improve our services. When you post information on the information sharing portal, we will also retain that information and provide it to others who have access to the same portal sections.


When you select non-attributable communication, please note that this is NOT equivalent to anonymous communication. Nonattributable communication masks the original source for other users only. EnergySec and the information sharing portal administrators have access to the authenticated source of the information and may disclose it if required by law or regulation as described in “Information Sharing”, below.

Other Sites

This Privacy Policy applies to EnergySec services only. We do not exercise control over the sites displayed as links from within our various services. These other sites may place their own cookies or other files on your computer, collect data or solicit personal information from you.

EnergySec only processes personal information for the purposes described in this Privacy Policy and/or the supplementary privacy notices for specific services. In addition to other uses mentioned herein, such purposes include:

  • Providing our services to users, including the display of customized content;
  • Auditing, research and analysis in order to maintain, protect and improve our services;
  • Ensuring the technical functioning of our network; and
  • Developing new services.

EnergySec processes personal information on our servers in the United States of America and in other countries. In some cases, we may process personal information on a server outside your own country. We may process personal information to provide our own services. In some cases, we may process personal information on behalf of and according to the instructions of a third party, such as regulatory or law enforcement agencies.

Information Sharing

EnergySec only shares personal information with other companies or individuals outside of EnergySec in the following limited circumstances:

  • We have your consent. We require opt-in consent for the sharing of any sensitive personal information.
  • We have a good faith belief that access, use, preservation or disclosure of such information is reasonably necessary to (a) satisfy any applicable law, regulation, legal process or enforceable governmental request, (b) enforce applicable Terms of Service, including investigation of potential violations thereof, (c) detect, prevent, or otherwise address fraud, security or technical issues, or (d) protect against imminent harm to the rights, property or safety of EnergySec, its users or the public as required or permitted by law.
  • We may share with third parties certain pieces of aggregated, non-personal information. Such information does not identify you individually.
  • We may share with third parties personally-identifiable information for the purposes of providing announcements or notifications to you. Such announcements may be related to upcoming events, alerts, or other information specific to your participation in EnergySec. We will retain ownership of all data supplied to any third parties under contract.

Please contact us at the address below for any additional questions about the management or use of personal data.

Information Security

We take appropriate security measures to protect against unauthorized access to or unauthorized alteration, disclosure or destruction of data. These include internal reviews of our data collection, storage and processing practices and security measures, as well as physical security measures to guard against unauthorized access to systems where we store personal data.

Data Integrity

EnergySec processes personal information only for the purposes for which it was collected and in accordance with this Privacy Policy or any applicable service-specific privacy notice. We review our data collection, storage and processing practices to ensure that we only collect, store and process the personal information needed to provide or improve our services. We take reasonable steps to ensure that the personal information we process is accurate, complete, and current, but we depend on our users to update or correct their personal information whenever necessary.

Accessing and Updating Personal Information

When you use EnergySec services, we make good faith efforts to provide you with access to your personal information and either to correct this data if it is inaccurate or to delete such data at your request if it is not otherwise required to be retained by law or for legitimate business purposes. We ask individual users to identify themselves and the information requested to be accessed, corrected or removed before processing such requests, and we may decline to process requests that are unreasonably repetitive or systematic, require disproportionate technical effort, jeopardize the privacy of others, or would be extremely impractical (for instance, requests concerning information residing on backup tapes), or for which access is not otherwise required. In any case where we provide information access and correction, we perform this service free of charge, except if doing so would require a disproportionate effort. Some of our services have different procedures to access, correct or delete users’ personal information.

Changes to this Privacy Policy

Please note that this Privacy Policy may change from time to time. We will not reduce your rights under this Privacy Policy without your explicit consent, and we expect most such changes will be minor. Regardless, we will post any Privacy Policy changes on this page and, if the changes are significant, we will provide a more prominent notice (including, for certain services, email notification of Privacy Policy changes). Each version of this Privacy Policy will be identified at the top of the page by its effective date, and we will also keep prior versions of this Privacy Policy in an archive for your review.

If you have any additional questions or concerns about this Privacy Policy, please feel free to contact us any time through this web site or at

8440 SE Sunnybrook Blvd, Suite 206
Clackamas, OR 97015

No comments yet.

Leave a Reply