This Privacy Statement ("Privacy Statement") has been created and is maintained by Northeast Utilities Service Company ("Company" "we" or "our") for its utility affiliates, The Connecticut Light and Power Company, Public Service Company of New Hampshire, Western Massachusetts Electric Company and Yankee Gas Services Company, and other affiliates, to demonstrate Northeast Utilities' firm commitment to protecting your privacy online. The Company maintains rigorous security measures to protect against the loss, misuse and alteration of the information under our control. Please read this Privacy Statement to understand how we gather and use information. This Privacy Statement covers all the websites for the Company and will be updated, revised and enhanced as needed to ensure the continued full protection of your privacy and personal information. We encourage you to periodically check for updates and revisions to our Privacy Statement.

This Privacy Statement answers the following questions:

Who is collecting my information?

For each visitor to our websites, our Web server automatically recognizes and collects certain types of information including: the domain name; the pages visitors access; information volunteered by the visitor, such as survey information and/or site registrations; visitor preferences; and past visitor activity on our site. If you provide us with your mailing address or communicate with us via e-mail, we also store that information.

When you visit our websites and you provide us with personal information, you are sharing that information with the Company. We also have links from our websites to other non-Company sites for your convenience and information. We are not responsible for the content of linked sites, or your use of these unaffiliated party sites, and we do not share information with those unaffiliated party sites unless you expressly consent to the sharing of such information. In providing these links, the Company does not endorse, monitor or control the content, products, services, activities or viewpoints expressed by these unaffiliated party sites. When you leave the Company websites and visit the website of an unaffiliated party, the Company's website policies, including this Privacy Statement, no longer apply and you will be subject to the unaffiliated party's policies regarding their website. These sites may have their own privacy statements in place, which we recommend that you review. SEE LINKING POLICY

What information is collected?

We collect information from you to provide an easy, fast way to access our services and to verify who you are, so others cannot access information that only you or those whom you authorize are privileged to view.

For each visitor to our websites, our Web server automatically recognizes and collects certain types of information including: the domain name; the pages visitors access; information volunteered by the visitor, such as survey information and/or site registrations; visitor preferences; and past visitor activity on our site. If you provide us with personal information or communicate with us via e-mail, we also store that information.

We use "cookies," which are small text files placed on your computer, to help us to better understand your preferences so that we can customize our content to meet your needs. Certain applications (e.g. use of "cookies"), do not lend themselves to an opt out process, in which case your use of our websites constitutes your permission to supply our service providers with information such as your IP address necessary to provide these applications. You can set up your Web browser to inform you when cookies are set or to prevent cookies from being set.

When you register at a Company website, you are asked to select your own User ID and password to verify who you are and to protect your private information. The Company also collects general personal information about you when you register, including your first and last name, account number, Social Security number (when you request utility service), and an email address. We may use contact information you provide to respond to your requests and to send you updated information about our Company and services available to you.

To access certain services, we will ask you to identify yourself using unique information that only you can provide. For example, if you are a customer who wishes to view your bill online, we will ask you to provide your account number and an additional identifier that confirms your authorization to access the requested information. If you are a supplier who wants to check the status of an invoice, we will ask you for your Vendor Code, Purchase Order Number and Invoice Number.

Our online surveys ask visitors for contact information (email address, for example) and information relating to your energy needs. We appreciate your survey responses, which help us to improve our business operations and service to you.

How does the Company use my information?

The information we collect is used to respond to your requests, provide better customer service and to improve our websites by customizing the content and/or layout of our pages for your use. The Company uses the contact information or personal information that you provide for legitimate business purposes, such as providing appropriate customer service, or conducting business operations, and complying with law, legal process or regulators,

• If you provide us with your e-mail address or communicate with us via e-mail, we will consider that information or communication to us as your authorization and consent for us to communicate to you by e-mail.
• If you supply us with your postal address on-line, you may receive periodic mailings from us or our service providers with information on products and services or upcoming events.
• If you are requesting utility service, we may also supplement the information you provide with additional information provided by credit check services to the Company.
• We use your Internet Provider address to maintain the full functionality of our websites. We also use cookies to save your User ID (not your password) so you don't have to re-enter it each time you visit our sites.
• Our websites use electronic forms for customers to request information, products and services. Your contact information and responses or requests and unique identifiers (such as customer account numbers or vendor numbers) are used to respond to customer requests.

Does the Company share my information?

• The Company may share contact information or personal information that you provide for legitimate business purposes such as complying with law, legal process or regulators, providing appropriate customer service, or conducting business operations, which may include making such information available to third parties who are service providers to the Company or its affiliates (for example, service providers providing energy conservation services or payment processing services). Information may be shared between the Company's affiliates, but only if we reasonably believe it complies with legal and regulatory requirements.
• We do not sell the personal information, e-mail or postal addresses or telephone numbers, or other demographic information of our website visitors to third parties.
• If you have provided written authorization to the Company to release your information to third parties, we will comply with your authorization and release such information to those parties as directed by you.
• The Company may disclose information it determines in good faith to be necessary to investigate, prevent or respond to suspected illegal activities or interference with the operation of our sites or terms of use.

How can I access, change or delete my information?

You can access or change your information at any time. You will need your User ID and password to do so. If you have forgotten your password, you can request a new one by selecting the "Forgot Your Password" option on our Log In page or selecting one of the Contact Us options provided on our website.

How is the Company safeguarding my information?

The Company has rigorous security measures in place to protect and prevent the loss, misuse and alteration of information you provide us that is under our control. Industry-standard encryption technologies are used when transferring, receiving and displaying specific data requested by visitors to our websites.

We protect the confidentiality of the personal information we collect, including Social Security numbers, by maintaining physical, electronic, and procedural safeguards, including:

• Limiting access to personal information, including Social Security numbers, that we collect;
• Prohibiting unlawful disclosure of the Social Security numbers we collect;
• Reviewing these safeguards on a regular basis;
• Training our employees in the proper handling of personal information, including Social Security numbers; and
• Requiring that third parties with access to personal information, including Social Security numbers protect its confidentiality.

For more information about how we protect the privacy of your personal information, including Social Security numbers, please click here for our FAQs.

However, it is important to note that e-mail is not considered a secure medium and the transmission, receipt or security of information which you send via email cannot be guaranteed. Our email communications to you is available to anyone with access to your email account.

Important security measures you can take are to never tell anyone your password, and to always log out of your User ID and close your browser window when you have finished working to ensure that no one else can access your information. This is especially important if you share a computer with someone else or are using a computer in a library or other public place. The Company will never ask you for your password in an unsolicited phone call or unsolicited email.

Unfortunately, no data transmission over the Internet can be guaranteed to be 100 percent secure. Although we use the best available technology (i.e., encryption, firewalls, access control software, etc.) to protect your information, we cannot guarantee the security of any information you transmit to us or any information you give us through our online products or services. As such, you provide information at your own risk. Once we receive your transmission, we employ rigorous security measures to protect against the loss, misuse and alteration of information on our systems.

Some states and public utility commissions which regulate the Company's utility businesses have specific requirements regarding the disclosure and protection of certain customer and personal information, including MA (201 CMR 17.00: M.G.L. c. 93H) and CT (C.G.S. Ch. 743dd Section 42-470- 42-473). See:

• http://www.mass.gov/Eoca/docs/idtheft/201CMR1700reg.pdf
• http://www.cga.ct.gov/2009/pub/chap743dd.htm#Sec42-471.htm

How can I contact the Company?

If you have any questions regarding this Privacy Statement, or if you prefer to not receive e-mail or products or services postal mailings from the Company, please let us know by using one of the Contact Us options provided on our website, and telling us that you do not want to receive e-mails or postal mail regarding products or services from the Company.

Identity Theft Prevention Measures

1. What is Northeast Utilities doing to help to protect the confidential information of its residential and small commercial and industrial customer accounts?
   Beginning November 1, 2008, the utility companies of Northeast Utilities implemented additional identity theft prevention measures to help us to safeguard our customers' confidential account information and to ensure only authorized access.
2. Why are these additional protections being implemented now?
   The timing of this implementation is in advance of the Federal Trade Commission scheduled date for enforcement of the June 1, 2010, deadline for creditors and financial institutions to develop and implement written identify theft prevention programs to detect, prevent and mitigate “red flags.” See 16 C.F.R. 681.2 and Appendix A to Part 681. A red flag is any activity that may indicate a possible attempt at identity theft related to an existing customer account or the opening of a new account.
3. Could these additional information requests mean longer hold times for callers?
   To the extent that callers are required to provide identifying information in order to access customer information, this may lengthen call time. In the event customers experience any delays, we appreciate and thank our customers for their patience.
4. What did Northeast Utilities' utility companies do prior to November 1 to prevent unauthorized access to customer information?
   Northeast Utilities already has existing policies and procedures to mitigate foreseeable risks to customer and company information and to verify a caller's identity. Northeast Utilities has a new customer service information system (C2) that enhances NU's electric and natural gas companies' abilities to implement these additional measures. The Program, which became effective November 1, 2008, builds additional safeguards into the policies and procedures that the Company already has in place to protect utility accounts.
5. To comply with the Program, what additional information, if any, will be required for a customer to access an existing account?
   Individuals requesting account information or access will be asked additional questions regarding information about a customer's account in order to verify his or her identity and right to access the information. For security reasons, the specific measures are confidential.
6. What additional protection does the Program provide to customers?
   The Program provides customers with the peace of mind that comes from knowing that the Company is taking appropriate measures to protect and prevent their utility accounts and information from unauthorized access.
7. What other companies are required to implement these new federal measures?
   The identity theft prevention measures are required of financial institutions and creditors servicing customer accounts involving multiple payments and transactions, including:
   • Financial institutions (banks, credit unions)
   • Finance companies
   • Credit and debit cards issuers
   • Mortgage brokers
   • Telecommunications companies
   • Utilities (water, gas, electric)
8. What type of incident constitutes a "red flag"?
   Red Flags are those identity theft patterns or practices that the Company can identify, detect and prevent to protect customers and their utility accounts. Examples of red flags include someone trying to use an improper Social Security number to open or access an account, or a report from a fraud detection service or from a law enforcement agency advising the company to beware of a particular pattern of activity.