Title

Balancing Privacy, Security, and Access Presented by Chris VillarrealMinnesota Public Utilities Commission

October 16, 2015OverviewRegulation and PolicyProtect customer privacyEnable customer access and choiceRole and use of standardsGreen Button/ESPIInteroperabilityTesting and certification3. Conclusion2PolicyCustomers have a right to their dataCustomers can share that data with anyone they choose Not up to the PUC to regulate the customer3rd parties that interact with utility subject to utility tariffsRecognition of privacy and security requirementsUtility tariffs, forms, processes, and rules consistent across utilities3Enabling Customer AccessGet privacy policies in place up frontCalifornia PUC 2011 decision on privacy and data accessDirected IOUs to implement Green Button Connect and ESPIAlso directed IOUs to enable HAN upon customer requestCalifornia PUC rules do not cover customer actions, only those interactions going through utilityConsistent implementation across the state lowers costs and supports interoperability4PrivacyIdentifiable data is privateAggregated data subject to less protectionHow to aggregate subject to lots of debate across the countryData custodians responsible for protecting privacyRegulators have jurisdiction over part of marketCustomers bear the risks for non-regulated entities (State AGs and FTC authority)PUC jurisdiction over utilitiesRules cover utilities and contracted agents of utility3rd parties utilizing utility tariffs agree to rulesCustomer actions not subject to PUC jurisdiction5Green ButtonNational initiative to standardize data sharingUtilizes Energy Services Provider Interface (ESPI)NAESB REQ 21Two forms of Green ButtonDownload My DataConnect My DataESPI can be used for more than just electricity usage dataPower QualityWater

6Data CustodianAny entity that holds data or informationNAESB definition: A Distribution Company or other authorized Entity that holds Retail Customer Information to be shared with Market Participants or Retail Customer Representatives.Data custodian can be regulated or unregulatedEliminates redundancies and reduces confusion between roles of entities7Example: California2010: Declared access to data, ability to share data, and privacy of data as requirements2011: CPUC passed rules on protecting privacy and availability of customer usage informationAdditional legislation provides privacy guidance (Public Utilities Code Sec. 8380)2012: CPUC issued decision on utilities data access proposalsImplement Green Button ConnectTimeframe for availability of customer usage information (information available next day, hourly format)Rules for third parties obtaining data from utilityProcess for CPUC investigation of third party violating utility tariffs

8Example: California (cont.)Utility implementationsDrop down menu of available third partiesConsent formsLeverages AMI investments (SDG&E asked for no additional funds to implement; SCE and PG&E asked for $18 million combined over 3 years)

9More Work To DoTesting and CertificationStandard at NAESB, but unofficial versions available onlineInconsistent implementation of ESPIGreen Button Alliance work on developing Green Button Connect certification processStatesPenetration of technologyDevelopment of access policiesConsistencyPerceptionsData access not a partisan issue, but is a control issuePrivacy and access should enable each other, not be used against each otherCostly with few benefits

10

Thank You!

Christopher VillarrealMinnesota Public Utilities Commissionchris.villarreal@state.mn.us

11