Full Text
COMMUNITY CHOICE AGGREGATION: GENERIC DATA PROTECTION PLAN VILLAGE, TOWN, CITY PARTICIPATING IN NEW YORK ENERGY BUYING GROUP NATIONAL GRID F SEPTEMBER 2019 ---PAGE BREAK--- COMMUNITY CHOICE AGGREGATION DATA PROTECTION PLAN NEW YORK ENERGY BUYING GROUP NATIONAL GRID F PAGE 2 INTRODUCTION On April 21, 2016, the New York State Public Service Commission (“Commission” or issued its Order Authorizing Framework for Community Choice Aggregation Opt-out Program (“CCA Order” or “the Order”), in which it requires the CCA Administrator to submit a Data Protection Plan (“DPP” or “Plan”).1 On October 19, 2017, the Commission further adopted an Order approving a CCA Program proposed by the Municipal Electric and Gas Alliance (“MEGA”), and directing the filing of a revised DPP to address items identified in the Order (“October 2017 CCA Order”).2 Pursuant to these Orders, the DPP must describe how the CCA Administrator will ensure that each entity that has access to personally identifiable information as part of the CCA Program, which may or may not include the Municipality, contractors, and selected suppliers, provides the same level of consumer protections as currently provided by Utilities and ESCOs. This includes data security protocols and restrictions to prevent the sale of the data or their use for inappropriate purposes, such as advertising. The DPP will ensure that municipalities and the CCA Administrator protect data through their CCA Plans and practices as is currently required of Utilities and ESCOs. Since Utilities must be assured that the data that they provide will be protected and used appropriately, this DPP will incorporate the most recent version of any and all Data Security Agreements (DSA) between Utilities and the CCA Administrator as well as any additional parties required to sign the DSA,3 which will be updated from time to time, to ensure that this plan adheres to the most current regulations and guidance applicable to CCAs.4 The CCA Order directed all Utilities affected by the Order to develop and file a proposed standard DSA outlining how the data from the Utility can be transferred and protected consistent with Utility security practices. To the extent that the DSA is inconsistent with this DPP, the DSA shall govern. As needed, this DPP will be revised and filed with the Commission to ensure consistency with applicable rules for a given Utility. The DSA appropriate to the Utility(ies) serving each municipality will be attached to this document as Appendix A. GENERAL STATEMENT The cornerstone of MEGA’s DPP is in identifying, differentiating, and understanding the types of data that would be handled in a CCA Program. Different categories of data require different levels of security, and the access to data categories will be limited to those parties involved in the formation and operation of a CCA who will require access to those data in order to perform their respective roles. Thus, data protection protocols will be tailored to the categories of data involved and the roles of persons with access to those data. At a minimum, MEGA will exercise reasonable care to prevent the unauthorized disclosure or inappropriate use of confidential data related to the CCA Program. 1 Issued in Case 16-M-0015 and Case 14-M-0224. 2 Issued in Case 16-M-0015 and Case 14-M-0224. 3 Including, but not limited to, the ESCO(s) selected to supply the CCA Program 4 To the extent that the terms of this DPP conflict with any executed DSA, the terms of the DSA will govern. ---PAGE BREAK--- COMMUNITY CHOICE AGGREGATION DATA PROTECTION PLAN NEW YORK ENERGY BUYING GROUP NATIONAL GRID F PAGE 3 TYPES OF DATA, USES, AND SECURITY PROTOCOL As per the Order, three types of data5 are necessary to implement a CCA Program: Aggregated Customer and Consumption (usage), Customer Contact Information, and Detailed Customer Information. Below is a description of the data, their intended use in the CCA Program, and the corresponding protocol and restrictions to not only protect the data, but to prevent the sale of the data or their use for inappropriate purposes. AGGREGATED CUSTOMER AND CONSUMPTION (USAGE) DATA This information will include summary load data for all automatically eligible customers6 to be transferred from the Utility to the CCA Administrator within twenty days of its request, as specified in the Order. These data will be used by the CCA Administrator to bid out the energy consumption needs of a given municipal jurisdiction to ESCOs. MEGA will request this data from the Utility(ies) following execution of the DSA. 5 MEGA originally identified an additional data type “basic/geographic customer data” needed to avoid inadvertent enrollment of non-residents. In the Joint Utilities’ Response to MEGA Petition for Clarification (Case 14-M-0224; Issued April 27, 2017) the JU indicated that aggregated customer and consumption (usage) data could be aggregated based on appropriate tax district and/or zip code and that a detailed review of addresses contained in the customer contact information data set would be possible before the opt-out process begins. The combination of this additional support of the Utilities makes the need for “basic/geographic customer data” redundant. 6 AUTOMATICALLY ELIGIBLE CUSTOMERS: shall mean customers in those utility service classes eligible for inclusion in the CCA Program on an opt-out basis, as set forth in the Order Authorizing CCAs, Appendix C, or as otherwise specified by the Commission. Generally, these classes of customers include those receiving residential electric or gas supply service, including those in multi-family housing, certain types of institutions, and some small commercial customers covered by “small general service” class designations. Automatically Eligible Customers shall not include customers' accounts that have already been enrolled in service through an ESCO, enrolled in utility programs which require them to take supply service from their current utility, or that have a block on their utility account at the time of CCA formation (except customers participating in the Affordability Assistance Program, Assistance Program Participants who may have utility-initiated blocks on their accounts, but who are still eligible to participate on an opt-out basis if they are provided a guaranteed savings product); those customers shall be eligible to participate on an opt-in basis, if they so desire. 7 MEGA acknowledges the currently proposed 15/15 privacy standard applies, until such time as the Commission orders use of a different standard, and that a Utility will not provide aggregated data for any service class that contains so few customers, or in which one customer makes up such a large portion of the load, that the aggregated information could provide significant information about an individual customer’s usage. 8 MEGA is assuming that “aggregated peak demand” refers generally to aggregated peak usage which each utility may have a unique way to calculate and may identify with a different term (e.g. peak load contribution). ---PAGE BREAK--- COMMUNITY CHOICE AGGREGATION DATA PROTECTION PLAN NEW YORK ENERGY BUYING GROUP NATIONAL GRID F PAGE 4 These fully anonymized aggregate data7 will not include any personal or highly sensitive information about any individual customer. Rather, these aggregate data will include the number of customers by service class, the aggregated peak demand (kW) by month for the past 12 months by service class to the extent possible8, and the aggregated energy (kWh) for electricity or volumetric consumption for gas by month for the past 12 months by service class, and any other aggregated data authorized by the Commission in the future or specifically negotiated between the Utility and the CCA. If Assistance Program Participants (“APP”)9 are to be included in the CCA Program, the aggregated data provided by the Utility during this initial phase will include a separate listing of the total number of customers with utility-initiated blocks on their accounts and their aggregated consumption (kWh), and peak demand (kW) by month for the past 12 months. 10 In the event that there exists a service class which does not pass the privacy screen set by the Commission, the Utility will notify MEGA and will indicate how it intends to appropriately anonymize that data, such as combining the service class in question with another of a similar type when the aggregate data are released, in order to protect the member(s) of the unique service class, as contemplated by the CCA Orders.11 Additionally, the Aggregated Customer and Consumption (usage) Data will be aggregated by the Utility by tax district and/or zip code in a way so as to ensure only the inclusion of data from automatically eligible consumers served by the Utility that are located within the Municipality (city, town, village).12 The parties handling the Aggregated Customer and Consumption (usage) Data that would be provided by the Utility will be the CCA Administrator and the ESCOs intending to bid on the contract to serve the CCA Program. This information will not include highly sensitive customer data that can be used to identify customers served by the Utility. Personal data includes, but is not limited to: customer name, email address, utility account number, customer-specific consumption or payment history. Additionally, highly sensitive customer data such as Social Security Number, passport number, drivers’ license number, credit card or debit card number will not be included in the Aggregated Customer and Consumption (usage) Data. The protocol for data transfer will be via an electronic file, following a process acceptable to the Utility and MEGA, as set forth in the DSA, by Commission Order, and/or in a utility tariff. 9 ASSISTANCE PROGRAM PARTICIPANT (APP): shall mean those customers who are participants in utility low-income assistance programs and have a utility-initiated block placed on their account as part of the Low-Income Order. Case 12-M-0476, Retail Access. Order Adopting a Prohibition on Service to Low-Income Customers by Energy Service Companies (issued December 16, 2016) (“Low-Income Order”). 10 October 2017 CCA Order at 20. 11 CCA Order at 44 and October 2017 CCA Order at 22. 12 Case 14-M-0224, Proceeding on Motion of the Commission to Enable Community Choice Aggregation Programs, Joint Utilities Response to MEGA Petition for Clarification (Issued April 27, 2017). ---PAGE BREAK--- COMMUNITY CHOICE AGGREGATION DATA PROTECTION PLAN NEW YORK ENERGY BUYING GROUP NATIONAL GRID F PAGE 5 CUSTOMER CONTACT INFORMATION The CCA Order recognizes a second category of basic customer data which is meant to be used for the opt-out process. The CCA order refers to these data as “Customer Contact Information.” (CCA Order at 43). This dataset13 will be sent from the Utility to the CCA Administrator and subsequently shared with the Municipality’s CCA Liaison. Transfer of these data will occur after the CCA Administrator has selected an ESCO for the CCA. These data are to be used only to confirm that each service address contained in the list is in fact within the Municipality's jurisdiction, based on tax maps and/or other public information. Any party authorized to handle these data (the Utility, CCA Administrator, Municipality’s CCA Liaison, and/or ESCO) will be required to transfer and store the data using an electronic file, and in accordance with the terms of the DSA. Any edits of this dataset will be provided to the Utility allowing them to generate a final, confirmed list of automatically eligible service addresses located within a given municipal jurisdiction and to which opt-out letters should be sent. While the form and content of the opt-out letters will be prepared by the CCA Administrator and the Municipality, approved by the Department of Public Service (DPS) Staff, and sent to customers on Municipal letterhead as required by the CCA Order, as agreed to in the Energy Supply Agreement, the selected ESCO(s) will be responsible for mailing those letters to the appropriate customers based on the Customer Contact Information of automatically eligible accounts as verified by the Municipal CCA Liaison. The use of these data for authenticating eligibility and location of service addresses will preserve the integrity of the role of elected governing boards as a proxy for customer consent, as discussed in the CCA Order14 and ensure customers not residing within municipalities authorizing CCA are not inadvertently enrolled in a CCA Program for which they are not eligible. The use or sale of these customer contact lists for any other non-CCA purpose will be expressly prohibited, and that prohibition will be included in the Energy Supply Agreement, to ensure ESCO compliance therewith.14 As is the case with the Aggregated Customer and Consumption (usage) Data, no highly- sensitive customer data (e.g. account numbers, credit card information, etc.) about any individual customer will be exchanged with the CCA Administrator or Municipality. 13 In accordance with the CCA Order, the information requested in this transaction would include the name of the customer of record, mailing address, and primary language, if available, as well as any customer-specific alternate billing name and address. This information shall not include customer-specific usage data or low-income status, which will not be exchanged during this step of the CCA formation process. 14See CCA Order at 44-45. 14 This does not prohibit the use of customer contact information by the CCA Administrator, Municipality and/or selected ESCO(s) to promote and offer customers the opportunity to select value-added products and services offered in conjunction with the CCA Program. An ESCO’s Energy Supply Agreement will include a prohibition on any solicitations of CCA customers—or sale/release of customer contact information to enable others to solicit—for products or services not approved by the CCA Administrator and unrelated to the goals and objectives of the CCA Program. ---PAGE BREAK--- COMMUNITY CHOICE AGGREGATION DATA PROTECTION PLAN NEW YORK ENERGY BUYING GROUP NATIONAL GRID F PAGE 6 DETAILED CUSTOMER INFORMATION Detailed Customer Information will pertain to automatically eligible customers and will be transferred by the Utility(ies) to the selected ESCO(s) within five days of request as specified in the Order, in accordance with UBP protocols and any other requirements imposed on such entities by the Commission.15 These data will not be transferred to MEGA or CCA Municipalities. These data will include, customer-specific information such as: name, service address, mailing address, utility account number, and alternate billing name and address, usage and any other Detailed Customer Information authorized by the Commission in the future or specifically negotiated between the Utility and the CCA. This information will be transferred from the Utility(ies) to the ESCO(s) once the opt-out period has ended. The Detailed Customer Information will be used by the ESCO(s) only to enroll the automatically eligible CCA customers who have not opted out of the CCA Program, and to provide services to those customers in accordance with the CCA’s Energy Supply Agreement. The ESCO(s) will also provide data to the Utilities regarding final enrollment lists, customers who have opted out of the CCA, etc. The protocol for these enrollment- related data transfers will be electronic, using a secure process as agreed to by the Utility and ESCO(s) awarded the supply agreement. Since Utilities and ESCOs are regulated entities which are obligated to adhere to customer data security protection protocols, including the UBP and DPS regulations and guidance in order to do business in New York, these entities would necessarily be required to properly handle this personally identifiable information, as they already do for their current customers. MEGA’s CCA model eliminates the need for data that contain personally identifiable information to be exchanged among the other parties involved in forming and administering the CCA—such as MEGA and the CCA Municipalities--which reduces the potential for inadvertent data breaches and improper use of protected information. For security reasons, Municipalities and MEGA will not request nor accept this level of customer data, whether at the enrollment stage or later in the CCA process. Access to customer account numbers or highly-sensitive customer information will not enhance MEGA’s ability to support residents during the opt-out process, or otherwise. MEGA’s role, as CCA Administrator, during the opt-out process is to explain the CCA Program and support a customer in the opt-out process if they elect to do so, but not to do the opt-out process on behalf of the customer. Once the CCA is formed, Detailed Customer Information will be shared or with similar regularity tied to a Utility’s billing cycles), between the Utility and the ESCO(s) awarded the supply contract to facilitate the opt-out process of new automatically eligible customers within the municipal jurisdiction. The protocol for data transfer will be electronic, using a secure process as agreed to by the Utility and ESCO(s) awarded the supply agreement. 15 See October 2017 CCA Order at 23. ---PAGE BREAK--- COMMUNITY CHOICE AGGREGATION DATA PROTECTION PLAN NEW YORK ENERGY BUYING GROUP NATIONAL GRID F PAGE 7 As noted above, the Detailed Customer Information will be handled only by the ESCO(s) once it has been awarded the CCA Energy Supply Agreement, executed the Data Security Agreement, the opt-out period has ended, and the customer enrollment period has begun. Although this class of information is customer-specific, and non-anonymized, neither MEGA as the CCA Administrator nor Municipality(ies) will have access to these highly-sensitive customer data. Again, it is important to note that these data are not necessary for MEGA and/or the Municipality to perform their role. Additionally, MEGA believes that an effective CCA Data Protection Plan should limit access to customer-specific information only to entities that need it to fulfill their obligations. Customers who opt into the CCA Program (i.e. at the end of their individual ESCO contract; customers not automatically eligible for opt-out enrollment; etc.) will be required to provide their individual consent and other required enrollment information to the ESCO awarded the supply agreement as part of the opt-in process, and thus will be covered under existing UBP practices and protections. MEGA will not accept or retain highly-sensitive customer data needed for enrollment, but will provide detailed instructions and assistance to any customers seeking to contact the ESCO(s) to enroll. As previously noted, ESCOs are already subject to Uniform Business Practices and working with customer specific data, such as the Detailed Customer Information, are part and parcel of their everyday operations. UBP Section 4(F) prohibits an ESCO, its employees, agents and designees from selling, disclosing, or providing any customer information obtained from a Utility to others. Thus, ESCOs are already obligated by law to refrain from improperly using the Detailed Customer Information obtained from Utilities in connection with the CCA Program in addition to being bound by the requirements of the Data Security Agreement and the Energy Supply Agreement signed with the CCA. In conclusion, MEGA believes that this DPP ensures that the CCA Administrator, and/or Municipality(ies) will protect all categories of data at the level currently required of Utilities and ESCOs, and prevents the unauthorized release of personally identifiable information by limiting the users of Detailed Customer Information to Utilities and ESCOs only. ---PAGE BREAK--- COMMUNITY CHOICE AGGREGATION DATA PROTECTION PLAN NEW YORK ENERGY BUYING GROUP NATIONAL GRID F PAGE 8 APPENDIX A: DATA SECURITY AGREEMENT Upon finalization of a Data Security Agreement by the Utility(ies) providing service to the Municipality(ies), the DSA will be appended here, signed by MEGA as CCA Administrator, the selected ESCO(s) and any other parties as required by the DSA.