Information Resources Duke Energy's Code of Business Ethics

Duke Energy's information systems support internal and external business activities. Because these resources connect us with the outside world, there is a risk of attack or exploitation. Duke Energy is committed to protecting these resources from such intrusions.

All Duke Energy employees are responsible for information security. We must be aware of information security processes and policies, and take steps to reduce the risk of security breaches.

Our Responsibilities

Duke Energy expects employees to manage and use information and information systems to support company business objectives. Electronic communications, including e-mail, instant messaging and Internet activity generated on or received by Duke Energy systems are considered Duke Energy property and are subject to random monitoring for misuse or abuse, except where prohibited by law.

Duke Energy employees must:

• Follow all policies and procedures related to the protection of information and information resources, including network access and appropriate use of the Internet and e-mail.
• Contact the IT Help Desk to report any unusual activities or inappropriate risk regarding our information systems and resources.
• Be familiar with the Records Management Policy, Records Management Standard, and the applicable record retention schedule.
• Properly protect information exchanged outside of Duke Energy.
• Access information only in support of specific business needs.

Duke Energy employees must not:

• Let personal use of information system technologies interfere with Duke Energy business activities or incur unnecessary cost. 
• Let business or non-business uses of electronic communications, including cell phones violate Duke Energy policies or legal requirements. 
• Transmit personally identifiable information without a legitimate business purpose.  If transmitted externally, the information must be encrypted.