Colorado mulls data privacy rule

Utility, third party file for rehearing

Phil Carson | Dec 12, 2011


In the absence of federal mandates on consumer data privacy in the power sector, states are taking up the issue as rollouts of interval meters inject some urgency into the matter.

(Sen. Mark Udall, D- CO and Sen. Scott Brown, R-MA, have introduced the "Electronic Consumer Right to Know Act," or e-KNOW, which has been referred to the Senate's Committee on Energy and Natural Resources. It is one of more than a dozen pending bills related to data privacy and security.)

So let's take a quick look at the process in Colorado, where the Colorado Public Utilities Commission has crafted a policy after a nearly year-long process of hearings, with input from local utilities, vendors, interested parties such as the Demand Response Smart Grid Coalition and the Colorado Office of Consumer Counsel.

Black Hills Energy's service territory in Southern Colorado includes 93,300 customers, all equipped with a "smart" meter, installed over the past three years. Black Hills' website articulates the benefits of advanced metering infrastructure and offers a fact sheet, both available by clicking on the links.

Right now, the state's other major electricity provider, Xcel Energy, has some 23,000 smart meters installed in Boulder, Colo., as part of its SmartGridCity project. That covers about half of Boulder's electric meters. (Xcel has about 1.4 million meters in Colorado, but has not announced plans to install "smart" meters across the rest of its territory.) 

This past summer (Aug. 29), an administrative law judge (ALJ) for the Colorado Public Utilities Commission issued a "recommended decision" on data privacy practices for electric utilities within the state. (You can find all related documents on the Colo. PUC's e-filing system. The proceeding number is 10R-799E.) 

The ALJ's "recommended decision" included a utility's "unfettered" use of customer data for regulated purposes such as billing. But a utility must acquire consent for that data's use in unregulated activities, according to the proposed rule. If a customer provides informed consent, a utility may release a customer's data to a third party. (The PUC will design the consent form.) The Colorado PUC also mandated customers' access to their own energy use data.

Interest parties responded with suggested exceptions to the proposed rule. That included three exceptions that the Colorado Office of Consumer Counsel found objectionable.

The Colo. PUC's proposed rule allowed a $2,000 penalty to be assessed for every unintentional violation, while Xcel asked that a single penalty should serve no matter how many customers' data privacy was breached. The Consumer Counsel argued that that would make penalties "essentially meaningless." (The Colo. PUC rejected that exception.) Xcel also suggested that customers be required to renew their consent form every three years, on the same cycle as its customer data retention responsibilities. But the Consumer Counsel said that provision would be burdensome on the customer, the utility and third-party vendors and possibly interfere with ongoing, third-party services. (Again, rejected.) Black Hills argued that the proposed rule be modified to allow it to use customer data to "market or provide non-regulated services" to customers. That too was opposed by the Consumer Counsel and rejected by the Colo. PUC.

On Oct. 17, the Colorado PUC responded with an order that rejected most of the exceptions that Xcel, Black Hills and a number of third-party vendors had suggested. 

A month later, in mid-November, Xcel and Tendril Networks, Inc. applied for a rehearing, reargument and reconsideration (RRR) of the Colo. PUC's order on a few of their rejected exceptions.

Xcel pressed its case on the definition of "standard customer data," asking that it be clarified as data "actively maintained in its systems by a utility in the ordinary course of business." Xcel's reasoning is that customer data-related systems periodically are upgraded and historical customer data stored in a manner that makes retrieval expensive.

Tendril asked that the commission distinguish between personally identifiable information and "non-personal" information, arguing that undue restrictions on the latter reduces benefits that third-party companies can provide to consumers - an integral part of Tendril's business model. Tendril cited analogous nuances in the California Public Utilities Commission's decision on data privacy to back its argument.

The Colo. PUC now must decide whether to grant these parties an RRR on the points they make and issue a new ruling.

No great takeaway, here. It's just informative to see policymaking take place before your eyes, with the give-and-take designed to allow all parties to have their say, if not their way. I need to delve more closely in order to find out whether the proposed rule forces Colorado's utilities to adopt a set of policies or whether it requires technology to implement and if technology is needed, whether that's an expensive or imperfect retrofit.

Phil Carson
Intelligent Utility Daily






Related Topics


The Utilities Can Handle Privacy and Must Have Load Data

The utilities are the only power system entities that have an “obligation to serve” and the responsibility to be the “power provider of last resort”, not just when the sun shines and the wind blows, but all day and night, every day, all year, every year. This has gotten more difficult with the advent of Independent Power Producers (IPPs) that build power plants where and when they want necessitating shorter timeframes for required infrastructure upgrades to support their interconnection. Utilities need data not just for today’s load, but to accurately predict and anticipate load growth and install the necessary long lead infrastructure for 24 hour load “instant on” flat screen TVs, more 24 hour load TV top DVRs, Apple TVs and cable boxes, “vampire” loads from all the entertainment and communication chargers that some people never unplug and EVs that may randomly proliferate in suburbia, but will cluster (AND CHARGE) during the day in a few downtown urban networks at charging stations installed under electrical work permits that just say “re-wiring.” For many many years utilities have had an outstanding record of protecting customer account and credit card information, data on special customers with heath needs and special loads requiring outage coordination and more rapid restoration and data that makes it relatively obvious, when people are away from home on vacation. If and when a true distribution market develops, the utilities have already demonstrated that they can firewall and protect market data in the existing transmission market. <?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />

Data privacy concerns of utilities' own doing

The concern that consumers have over data privacy is the making of the utilities themselves.  There needs to be effective oversight to ensure that the utilities are, in fact, using such data appropriately.  But, just as important is the issue of access to that data.  It seems a no-brainer that consumers should have access to their own data -- all of it.    But it is just as important to ensure that this data does not provide a competitive advantage to the unregulated business units of utilities and their business partners.  That is a very real concern.  If, for example, Tendril and Xcel have a cozy relationship, as discussed in this article, it becomes that much more difficult for any other third party to offer the same services to consumers.  Even if it is nothing more than simply providing the mailing list that the unregulated partner can use to solicit the utility's customers.  If there were "retail choice" that may be less of a problem.  But, in a traditionally regulated state, the regulators must be vigilant -- something that Colorado has not been especially well noted for.


Utilities need to use customer energy data to make improvements to the way they deliver serivces and evolve their grid systems. Data cannot be restricted that is used to improve utility operations and delivery, whether identified or de-identified.

Sharing identified data with 3rd parties has to come with customer consent. No brainer.

Sharing de-identified data with 3rd parties with or without customer consent is the gray area. Rules are needed and fines established for violators.

Generally, though, society needs to lighten up about concerns over the use of the consumption data.  We're not talking about patient health/medical record information here.  We're talking about nothing more than the when of kwh consumption - that is pretty  much it. Motivated people could get this information today if they wanted to work hard enough.  In the future it will just be easier to collect it and the value of having that data is vast. So, other than basement dope farmers whose rights I am less concerned about, we need to lighten up on the sensitivities related to kwh data.  Its not that interesting or threatening.


I actually began my perception of this issue with the same position -- cell phones establish our location, public-but-hidden cameras detect our movements, watching somene's house for a day or so would establish whether someone's home, etc.

Since then, however, I've come to believe that this is partly a matter of consumer perception and, like it or not, utilities may have to jump through the privacy hoop to accomplish what they hope to accomplish. In that vein, I'm not sure a "lighten up" message is the one that'll go over with the public, let alone regulators. Though I agree that "lighten up" could and should apply to much of our public discussions these days.

While I'm with you on this reality-check, going the extra mile may be needed for utilities  to gain the credibility and trust they sometimes lack as they go about transforming how they distribute and charge for electrons. The outsized impact of a tiny minority rejecting 'smart' meters on ever-changing grounds is an instructive example; utilities must spend the time and money to get-it-right and gain trust, in my view.

Just a thought. Thanks for yours.

Regards, Phil Carson