Upload
brian-orion
View
157
Download
0
Embed Size (px)
Citation preview
Privacy in Energy Usage Data Legal Landscape and Best Practices
Brian Orion Lawyers for Clean Energy Cleanweb San Francisco
January 26, 2015
Overview
• Increasing need to share energy data
• Privacy Issues with sharing energy data
• Best practices to address privacy challenges
Sharing Energy Data Supports...
• Customer savings
• Third party service providers
• Utility planning and grid management
• City / local government program implementation
• Research institution study of energy policies
Challenge
• How to encourage open data and innovation
while protecting customer privacy?
• Many questions: • What type of customer data can be released?
• To whom?
• For what purpose?
• For how long?
• Under what restrictions?
Privacy Issues with Energy Data
• Customer information (“Personally Identifiable
Information”) • Name, address, account number, SSN, etc.
• Prevent identity theft
• Customer behavior: • Marketers
• Criminals
• Law enforcement
Big Brother Wants Your Data
Source: SDG&E Annual Privacy Report, 2013
Requestor Records Released (SDG&E 2013)
DEA 1,859
ICE (Homeland Security) 795
FBI 145
IRS 28
. . . . . .
Total 3,019
Who Is At Risk?
• Utilities
• Service providers
• Smart device makers
• Solar providers
• Energy storage providers
• EV companies
• Governments
• Researchers
• Whole smart grid ecosystem...
Best Practices to Address Privacy
• No federal laws • Federal government acting as facilitator
• DOE working groups
• States making the rules • California
• Colorado
• Texas
• Oklahoma
• Illinois
DOE Voluntary Code of Conduct
• Notice
• Consent
• Access
• Security
• Self-Governance and Redress
• Notice that explains to customers:
• What data is collected
• How data is used
• With whom shared
• When sharing okay without consent
DOE Voluntary Code of Conduct
• Notice
• Consent
• Access
• Security
• Self-Governance and Redress
• Consent means:
• What data shared
• With whom
• For what purpose
• For how long
• Requires affirmative consent – “opt-in”
• Not needed for primary purpose / aggregated
DOE Voluntary Code of Conduct
• Notice
• Consent
• Access
• Security
• Self-Governance and Redress
• Customer access to data is:
• Convenient
• Timely
• Free / affordable
• Green Button program
• Basic
• Green Button Connect
• Corrections
DOE Voluntary Code of Conduct
• Notice
• Consent
• Access
• Security
• Self-Governance and Redress
• Cybersecurity
• Records retained no longer than necessary
• Access on “need to know” basis
• Notice of data breach
• Secure disposal
DOE Voluntary Code of Conduct
• Notice
• Consent
• Access
• Security
• Self-Governance and Redress
• Method to address customer complains
• Data à DNA
• Chief Privacy Officer
• Annual training, knowledge test, etc.
California Privacy Rules
• Legislation in 2010 • Requires customer consent prior to sharing with
third party contractors
• No consent needed for “primary purpose”
• Consent needed for “secondary purpose”
• Expanded in 2013 • Applies to all businesses
• Consent needed before sharing
California Privacy Rules
• CPUC Privacy Rules (2011) • Applies to utilities and their contractors
• Okay to use for “primary purpose” w/out consent
• Not okay to share with third party for “secondary
purpose” without consent
• Okay to share with third party on aggregated /
anonymous basis, subject to restrictions
• Must make available to customers (hourly or 15-
min interval)
California Privacy Rules
• December 2013 decision: • Utilities provide access to data directly to third
parties via utility backhaul
• Requires consent
California Privacy Rules
• May 2014 decision: • Applies to governmental / research data requests
• Each quarter, utilities must post aggregated
monthly data at zip code level
• Specific rules for 12 “use cases” • Local governments
• Researchers
• Third party solar, EE vendors not included
• Data Request and Release Process
Best Practices
• Educate your customers
• Avoid giving ammo to “antis”
• “PEP” • Proactive approach to privacy
• Engage customers
• Positive framing of benefits
Questions?
Brian Orion
Managing Attorney
Lawyers for Clean Energy
656A Clayton Street
San Francisco, CA 94117
858-354-8222
www.lawyersforcleanenergy.com