Article Post

Colorado mulls data privacy rule

In the absence of federal mandates on consumer data privacy in the power sector, states are taking up the issue as rollouts of interval meters inject some urgency into the matter.

(Sen. Mark Udall, D- CO and Sen. Scott Brown, R-MA, have introduced the "Electronic Consumer Right to Know Act," or e-KNOW, which has been referred to the Senate's Committee on Energy and Natural Resources. It is one of more than a dozen pending bills related to data privacy and security.)

So let's take a quick look at the process in Colorado, where the Colorado Public Utilities Commission has crafted a policy after a nearly year-long process of hearings, with input from local utilities, vendors, interested parties such as the Demand Response Smart Grid Coalition and the Colorado Office of Consumer Counsel.

Black Hills Energy's service territory in Southern Colorado includes 93,300 customers, all equipped with a "smart" meter, installed over the past three years. Black Hills' website articulates the benefits of advanced metering infrastructure and offers a fact sheet, both available by clicking on the links.

Right now, the state's other major electricity provider, Xcel Energy, has some 23,000 smart meters installed in Boulder, Colo., as part of its SmartGridCity project. That covers about half of Boulder's electric meters. (Xcel has about 1.4 million meters in Colorado, but has not announced plans to install "smart" meters across the rest of its territory.) 

This past summer (Aug. 29), an administrative law judge (ALJ) for the Colorado Public Utilities Commission issued a "recommended decision" on data privacy practices for electric utilities within the state. (You can find all related documents on the Colo. PUC's e-filing system. The proceeding number is 10R-799E.) 

The ALJ's "recommended decision" included a utility's "unfettered" use of customer data for regulated purposes such as billing. But a utility must acquire consent for that data's use in unregulated activities, according to the proposed rule. If a customer provides informed consent, a utility may release a customer's data to a third party. (The PUC will design the consent form.) The Colorado PUC also mandated customers' access to their own energy use data.

Interest parties responded with suggested exceptions to the proposed rule. That included three exceptions that the Colorado Office of Consumer Counsel found objectionable.

The Colo. PUC's proposed rule allowed a $2,000 penalty to be assessed for every unintentional violation, while Xcel asked that a single penalty should serve no matter how many customers' data privacy was breached. The Consumer Counsel argued that that would make penalties "essentially meaningless." (The Colo. PUC rejected that exception.) Xcel also suggested that customers be required to renew their consent form every three years, on the same cycle as its customer data retention responsibilities. But the Consumer Counsel said that provision would be burdensome on the customer, the utility and third-party vendors and possibly interfere with ongoing, third-party services. (Again, rejected.) Black Hills argued that the proposed rule be modified to allow it to use customer data to "market or provide non-regulated services" to customers. That too was opposed by the Consumer Counsel and rejected by the Colo. PUC.

On Oct. 17, the Colorado PUC responded with an order that rejected most of the exceptions that Xcel, Black Hills and a number of third-party vendors had suggested. 

A month later, in mid-November, Xcel and Tendril Networks, Inc. applied for a rehearing, reargument and reconsideration (RRR) of the Colo. PUC's order on a few of their rejected exceptions.

Xcel pressed its case on the definition of "standard customer data," asking that it be clarified as data "actively maintained in its systems by a utility in the ordinary course of business." Xcel's reasoning is that customer data-related systems periodically are upgraded and historical customer data stored in a manner that makes retrieval expensive.

Tendril asked that the commission distinguish between personally identifiable information and "non-personal" information, arguing that undue restrictions on the latter reduces benefits that third-party companies can provide to consumers - an integral part of Tendril's business model. Tendril cited analogous nuances in the California Public Utilities Commission's decision on data privacy to back its argument.

The Colo. PUC now must decide whether to grant these parties an RRR on the points they make and issue a new ruling.

No great takeaway, here. It's just informative to see policymaking take place before your eyes, with the give-and-take designed to allow all parties to have their say, if not their way. I need to delve more closely in order to find out whether the proposed rule forces Colorado's utilities to adopt a set of policies or whether it requires technology to implement and if technology is needed, whether that's an expensive or imperfect retrofit.

Phil Carson
Intelligent Utility Daily







No discussions yet. Start a discussion below.