Notice

Use of electricity meter data collected through the Energy Bills Support Scheme: privacy notice (updated 31 January 2023).

Updated 31 January 2023

Applies to England, Scotland and Wales

© Crown copyright 2023

This publication is licensed under the terms of the Open Government Licence v3.0 except where otherwise stated. To view this licence, visit nationalarchives.gov.uk/doc/open-government-licence/version/3 or write to the Information Policy Team, The National Archives, Kew, London TW9 4DU, or email: psi@nationalarchives.gov.uk.

Where we have identified any third party copyright information you will need to obtain permission from the copyright holders concerned.

This publication is available at https://www.gov.uk/government/publications/electricity-meter-data-collected-through-the-energy-bills-support-scheme-privacy-notice/use-of-electricity-meter-data-collected-through-the-energy-bills-support-scheme-privacy-notice

This notice is provided to meet the requirements of the UK General Protection Regulation (GDPR) and Data Protection Act 2018 (DPA) to provide transparency in how we process and use personal data collected from energy suppliers for the Energy Bills Support Scheme (EBSS), and your rights. It is made under Articles 13 and 14 of the GDPR.

Scope

We will collect and process the following personal data*, related to each electricity meter eligible for EBSS in Great Britain:

  • Meter Point Administration Number (MPAN) – electricity meter number
  • Unique Property Reference Number (UPRN)
  • meter type – domestic or business – on specific dates
  • postcode
  • whether the MPAN has received and redeemed each Energy Bill Support Scheme payment
  • how the Energy Bill Support Scheme payment was notified to the individual responsible for the MPAN
  • electricity consumption
  • data about each meter (for example profile class, energisation status)
  • data about how the meter point is billed (for example billing cycle, payment type)
  • data about the financial status of the household (for example fuel poverty, local area deprivation status)

Where an Energy Bill Support Scheme payment has not been delivered we will also collect the following data where applicable:

  • the householder is deceased
  • the householder has vacated the property
  • the property is vacant
  • the MPAN has been disconnected
  • there has been a change in meter type (from domestic to business use)
  • there has been a transfer of account between Energy Supplier
  • the Energy Bill Support Scheme Voucher sent to the individual responsible for the MPAN was not redeemed

*Personal data is information that relates to an identified or identifiable individual and only includes information relating to natural persons who:

  • can be identified or who are identifiable, directly from the information in question
  • who can be indirectly identified from that information in combination with other information.

Purpose

We are processing these data:

1. To enable DESNZ to monitor the progress and operational delivery of the EBSS. This includes monitoring the reach of the scheme across regions and vulnerable groups.

2. To conduct financial checks on EBSS payments including for assurance and the prevention, investigation, detection or prosecution of criminal offences including fraud.

3. To allow DESNZ to evaluate the scheme to understand its impact and to inform future government policy.

The legal basis for processing these personal data is public task.

Processing is necessary for the performance of a task carried out in the public interest, under Article 6(1)(e)) of GDPR and in the exercise of official authority vested in the Secretary of State for DESNZ. The specific public task is to allow for monitoring, assurance, fraud prevention and evaluation purposes of the EBSS.

Sources

We are collecting these personal data from electricity suppliers. We will use existing government datasets and the datasets provided by the Retail Energy Code Company to support these data, as is necessary to meet the purpose.

Recipients

These data are being used by DESNZ and will be shared with DESNZ contractors (and if applicable their sub-contractors) where required for the delivery of the EBSS work that DESNZ has contracted out.

These personal data will be shared with our data processors Microsoft and Amazon Web Services.

We do not allow third parties to use this data.

We will not:

  • sell or rent these data to third parties
  • share these data with third parties for marketing purposes

We may share these data if we are required to do so by law, for example by court order or to prevent fraud or other crime.

Retention

We will only keep these data for as long as required to support the evaluation and scrutiny of the EBSS, as is in the public interest. These data will be securely deleted no later than 7 years after collection in line with our department policy. We recognise that this maximum retention period is longer than energy suppliers will hold this data, which reflects the additional purposes for which DESNZ is collecting and processing this data.

Automated decision making

These personal data will not be subject to automated decision making.

Security

We are committed to doing all that we can to keep these data secure. We will protect this personal information against unauthorised access, unlawful use, accidental loss, corruption or destruction.

We use technical measures such as firewalls and password protection to protect these data and the systems they are held in.

We limit access to this information to employees, agents, contractors and other third parties with a business need to know. They will only process this personal information in accordance with our instructions and are subject to a duty of confidentiality.

We have procedures in place to deal with any suspected data breach and will notify you and the Information Commissioner’s Office as required.

International transfers

These personal data will be processed in the UK. Your personal data will not be processed outside the UK and European Economic Area (EEA), or by an international organisation. Where your personal data is processed in the EEA or outside UK, the following safeguards will be in place: reliance on model contract clauses.

As these personal data are stored on our IT infrastructure and shared with our data processors Microsoft and Amazon Web Services, they may be transferred and stored securely in the UK and European Economic Area. Where this personal data is stored outside the UK and EEA, it will be subject to equivalent legal protection through the use of model contract clauses.

Customer notice

Energy suppliers must:

  • make customers aware that DESNZ will be given access to these personal data, and will store and securely process these data for the purposes laid out here
  • provide a link to customers to this privacy notice on GOV.UK
  • provide evidence to DESNZ, if requested, of execution of the above points

We recommend the following text to be communicated to customers, for example within your data privacy notice:

Your personal data will be shared with the Department for Energy Security and Net Zero (DESNZ) to support administration of the Energy Bills Support Scheme (EBSS). These data consist of your meter point number, whether you have received and redeemed each EBSS payment and data about your meter point including your billing cycle and how you pay your bill.

The legal basis for processing these personal data is public task. Processing is necessary for the performance of a task carried out in the public interest, under Article 6(1)(e)) of GDPR and in the exercise of official authority vested in the Secretary of State for DESNZ. The specific public task is to allow for monitoring, assurance, fraud prevention and evaluation purposes of EBSS.

You can find more information on how DESNZ will use your personal data in the DESNZ Privacy Notice.

Your rights

You have the right to request:

  • information about how these personal data are processed, and to request a copy of that personal data
  • that anything inaccurate in these personal data is corrected
  • that any incomplete personal data are completed
  • that these personal data are erased if there is no longer a justification for them to be processed

You can also:

  • in certain circumstances (for example, where accuracy is contested) request that the processing of these personal data is restricted
  • object to the processing of these personal data

We must comply with a request without undue delay and at the latest within one month of receipt of your request. We can extend the time to respond by a further 2 months if the request is complex or we have received several requests from the individual. We will let you know within one month of receiving your request and explain why the extension is necessary.

To exercise any of your rights contact the Data Protection Officer.

Updates to this notice

We will update this page if the way we handle your personal data changes in any way. Regularly reviewing this page ensures you are always aware of what information we collect, how we use it, and under what circumstances we will share it with other parties. If we update the content, the date at the top of this page will change and the detail of the change will be available in the Latest updates section. If these changes affect how your personal data is processed, we will take reasonable steps to let you know.

Complaints

If you consider that your personal data has been misused or mishandled, you may make a complaint to the Information Commissioner, who is an independent regulator. The Information Commissioner can be contacted at:

Information Commissioner's Office

Email icocasework@ico.org.uk

Contact form https://ico.org.uk/glo...

Telephone 0303 123 1113

Textphone 01625 545 860

Any complaint to the Information Commissioner is without prejudice to your right to seek redress through the courts.

Contact details

The data controller for your personal data is the Department for Energy Security and Net Zero (DESNZ).

Contact the DESNZ DPO:

DESNZ Data Protection Officer
Department for Energy Security and Net Zero
3-8 Whitehall Place
London
SW1A 2EG

Back to top