Privacy Policy

  1. Background

    This Tallgrass Privacy Policy was developed in accordance with the applicable sections of the privacy directives in these eleven states where Tallgrass has operations:

    1. Colorado
    2. Illinois
    3. Indiana
    4. Kansas
    5. Missouri
    6. Nebraska
    7. North Dakota
    8. Ohio
    9. Oklahoma
    10. Texas
    11. Wyoming

    In addition to the laws of these eleven states, United States privacy laws were reviewed, including United States Privacy Act of 1974, Electronic Communications Privacy Act of 1986, and the E-Government Act of 2002.

  2. Purpose

    Tallgrass Energy collects, stores, and processes Personal Identifying Information (PII) of Tallgrass employees, contractors, and business partners. In accordance with applicable privacy law provisions, Tallgrass is taking the following appropriate measures to prevent unauthorized access, use, modification, disclosure, or destruction of PII held by Tallgrass.

  3. Scope

    This policy applies to all Tallgrass Energy employees, consultants, contractors, temporary employees, clients, customers, and other users of Tallgrass Energy's information, computers, and networks.

  4. Policy

    4.1 GENERAL CONTROLS

    1. Contact IT or HR Management permission before storing PII on any Tallgrass system. If permission to store PII is granted, PII shall be stored in an encrypted manner.
    2. Any breach or unauthorized disclosure of this information shall be immediately reported to IT Security.
    3. Paper PII records shall be destroyed by contractually designated Tallgrass vendor or service
    4. Magnetic media shall be Cleared, Purged, or Destroyed in accordance with NIST SP 800-88 Rev. 1 Guidelines for Media Sanitization.

    4.2 CYBERSECURITY CONTROLS AND RISK

    • Tallgrass will continue to improve technical cybersecurity controls, security procedures, and practices to protect PII in accordance with the nature and size of Tallgrass business and operations.
    • Significant system updates or changes to system processing or storing PII must undergo a Tallgrass Risk Assessment.
    • Outsourcing PII processing to third-party service providers, including Cloud storage, shall undergo a Tallgrass Risk Assessment to determine if the 3rd Party's or Cloud provider's security controls are sufficient to protect Tallgrass PII.
    • Third Parties and Cloud Storage providers shall furnish evidence of implementation and maintenance of security controls, procedures, and practices that will protect PII from unauthorized disclosure, access, use, modification, or destruction.
    • During Cloud storage or remote 3rd Party storage or access, Tallgrass PII shall be strongly encrypted during transmission and storage. Physical and logical access to processing and network devices must be controlled and limited to those individuals who are trained and authorized.
    • Two-factor authentication is required for remote access. Least privilege shall be enforced. Logs recording user and administrator actions will be retained.
    • Cloud providers and 3rd parties processing or storing Tallgrass PII shall notify Tallgrass of all suspected or confirmed unauthorized disclosures or destruction of Tallgrass PII. Authorized 3rd parties and Cloud providers will keep recent backups of Tallgrass PII. Such backups will be physically and logically protected.
    • After contract termination, the contractor shall return all Tallgrass Records in a format specified by Tallgrass. After Tallgrass verifies that all records have been returned, all contractor electronic media storing Tallgrass PII, including backup media, shall be securely erased or destroyed upon contract termination. Any electronic media and paper records that contain PII shall be destroyed. Records of the destruction shall be obtained, and an authorized copy of such destruction records shall be provided to Tallgrass.
  5. ACCESS CONTROLS SHALL BE CONFIGURED TO PREVENT:

    1. Unauthorized Access
    2. Unauthorized Modification
    3. Unauthorized Disclosure
    4. Unauthorized Destruction