 |
|
| Events Jobs Contact Migration Stats Supplier Lists Municipal Aggregation |
|
New York DPS Staff Proposes Customer Data Access Framework, Consent, Qualifications (Cyber-risk)
June 01,2020 Staff of the New York Department of Public Service posted whitepapers regarding a customer energy data access framework, and an integrated energy data resource The PSC previously directed the establishment of a “Data Access Framework” that clearly defines the process for access to customer energy-related data and standardizes the necessary privacy, cybersecurity, and quality requirements for data access to ensure uniform treatment across various energy-related data use cases The data access whitepaper includes a proposal to develop a customer consent mechanism that facilitates a customer’s ability to easily consent to share useful energy data in a manner that protects personal privacy. Staff recommends establishment of universal consent mechanisms that would ensure all participants in the process, including the customer, have a clear and common understanding of terms and requirements for informed consent that allows energy-related data to be shared. Consent mechanisms should not be implemented in a way that imposes unreasonable barriers to customer choice. Without specific requirements that ensure consistent processes and treatment, regardless of utility, mechanisms established to enable customers to easily consent to share their data will not be effective. As such, standardized mechanisms for consent, should be developed to ensure a common application and process for customers, ESEs [Energy Service Entity], and utilities across New York State. Staff said that, while utilizing a web-based process with as few steps as possible is preferred, would keep the customer engaged, and would facilitate the consent process, other consent options should be developed for those who do not have electronic means available or who choose to use alternative methods. While providing consent through traditional means (i.e. signing an agreement and mailing it in) may delay the customer process and can result in a customer having a less convenient experience, the option should be made available for those who choose to use these means. Staff said that options should be explored for development of multiple standardized options for a customer to provide consent. For example, many customers are familiar with internet-based commerce and permissions. Customers can login to secure web sites using authentication from other sources, such as using a Google or a Facebook password. Therefore, rather than requiring customers to use their account numbers for authentication, customers could instead potentially use their utility log-in information. This method of authentication maintains the customer consent process because each landing page throughout the process requires information only held by the customer. Staff also proposed a pilot to examine opt-out consent for customer sharing of energy data "Staff proposes further piloting this concept for the purpose of sharing CEUD to advance clean energy goals. Any such pilot must have a well-defined duration, must clearly communicate to consumers what data will be shared, with whom and for what purpose it will be shared, and must have a clear process for allowing consumers to decline participation or opt-out. Possible approaches may include providing an opt-out opportunity at the time service is established, when a customer signs up for a time-of-use (TOU) rate or community distributed generation (CDG) program, when a customer makes a purchase from a utility’s marketplace, or when a customer participates in a rate-payer funded energy efficiency program. Staff seeks market participant input on how best to develop such a pilot including criteria to use to ensure consumers are provided appropriate notice and opportunity or opt-out," Staff said The whitepaper also details proposed eligibility and qualification for Energy Service Entities to access customer data The proposed Data Access Framework endorses the "risk-based approach" to managing the cybersecurity and privacy risks associated with allowing access to energy-related data. "To ensure that ESEs seeking access to energy-related data have instituted the necessary cybersecurity and privacy protections, the proposal includes implementation of an ESE risk management program that would provide certification of an ESE’s readiness to access data. The proposed Data Ready Certification process: (i) includes verification that the ESE is authorized by the Department of Public Service (DPS or Department); (ii) requires the ESE to detail access consideration information - purpose, transmittal mechanism, and data sets; and (iii) validates that the appropriate cybersecurity and privacy requirements are in place by relying on a charting of the existing cybersecurity and privacy requirements and how they apply to the various combinations of purpose, access mechanism, and data," Staff said In terms of data access fees, Staff said, "Access to system data – such as hosting capacity, distributed generation queued for interconnection, installed distributed generation and other previously mentioned available system data – are available without a fee. The UER populates community wide aggregated energy usage information and is available to the public free of charge. Staff believes that access to this information increases transparency to the market and lowers barriers to entry for new products and programs. In connection with the proposed Data Access Framework, which would create a centralized and automated process for data access, Staff recommends abolishing all data fees, including the fees for CCA related data." See the whitepapers here: Customer Energy Data Access Framework
Integrated Energy Data Resource
|
Advertise here: Email retailenergyx@gmail.com |
|
Events
Jobs
Contact
Migration Stats
Supplier Lists
Municipal Aggregation
About
Disclaimer
Privacy
Terms of Service
Home |
Developed by: Avidweb Technologies inc. |