Open Energy Gives Energy Retailers the Opportunity to Boost Their Security Posture

Australia’s Customer Data Right (CDR) is a set of rules and obligations that give consumers greater control over their own data. While the banking industry was first to be subject to the CDR, the energy sector is now making the move.

The Government says Open Energy, the energy sector's branding for the CDR, will help consumers find and switch to the best energy deals. This will not only drive greater competition between energy retailers, but also help consumers better manage their energy use and make more informed decisions about their personal energy investments.

In today’s world, data pertaining to energy consumption, billing, and payments is collected and held by energy retailers. Energy retailers are the companies that consumers deal with directly for most of their energy needs. When a consumer decides to shop around for the best energy deal, they typically contact another energy retailer or use a market comparison site. But that route is often met with frustration for consumers.

In order to get a true comparison of what a new retailer will bill you compared to your old retailer, you need to give them a wide variety of different data points. This can include your total energy consumption and your specific usage patterns, how much you’ve paid, your billing and payment history, and other data. But extracting this information from your incumbent retailer is extremely difficult.

Open Energy changes that. Energy consumers will be able to access a wide suite of data that gives them more power to make decisions about who they’ll buy their energy from. The data that is subject to Open Energy is quite extensive and, potentially, highly sensitive. It includes:

  • Information about the type of energy meter, its location, and network tariffs
  • Customer data such as name, entity type, and contact details
  • Billing data including records of bills issued and payment received, payment arrangements, hardship, and concessional arrangements
  • Details on batteries and solar panel installations
Okta Open Energy


Energy retailers need to establish their own systems to ensure that customers can securely access their energy data and ensure that the data is only shared with authorised parties for as long as they consent to that data being used. This will require a three-stage process, and each stage of the process has a specific set of compliance rules that must be adhered to.

Let’s take a closer look into what each stage entails.

1. Customer requests data from incumbent retailer

When the customer requests the data, they will be asking another party, such as an energy market comparison service, to access their energy data. This means that there needs to be a strong authentication process in place to ensure only the correct data can be accessed by the comparison site or potential new retailer.

2. Customer authorises access to their energy data

Successful authentication is just the start. As a customer, you may only want to share a subset of all the data that is available. The customer has the power to only authorise access to a subset. For example, a customer may only wish to share their energy consumption, the tariffs they are paying, and total bill payments and choose to omit their payment history or whether they have received hardship concessions. 

3. Ongoing access to customer data

A customer may only wish to allow access to their energy data for a specific purpose or time. Under Open Energy, a consumer can give and withdraw consent as they wish. Once consent is withdrawn, the consumer can direct the potential new retailer or comparison site to stop accessing their data and delete any data they may have collected when they had access.

For energy retailers, this may require a significant reconsideration of how users are authenticated to access systems, what data they are authorised to access, and how consent to access that data is given and revoked. And this is happening at a time when consumers are increasingly concerned with data security.

Retailers are looking for a best of breed solution that supports these needs, but also allows them to elevate their security posture so they can offer consumers other benefits, such as Multi-Factor Authentication (MFA), the use of biometrics for authentication and authorisation, and simplified identity management.

Okta offers turnkey solutions that can help enable energy retailers to meet their Open Energy obligations. This includes robust, standards-based authentication services that can be easily augmented with MFA. Okta’s customer identity and access management platform, in conjunction with its partners in the Okta Integration Network, also supports the ability to authorise access to data at a granular level, not compelling users to share all their Open Energy data and allowing them to withdraw consent at any time. 

While Open Energy promises to give consumers far greater access to their data, it’s also an opportunity for energy retailers to simplify and elevate their authentication, authorisation, and consent systems for data access. For more information on how Okta can help secure energy retailers and enhance consumer experiences in accordance with Open Energy, get in touch today.