On January 31, 2012, U.S. Department of Energy, Office of Electricity Delivery and Energy Reliability (DOE OE) hosted the Smart Grid Privacy Workshop to facilitate a dialog among key industry stakeholders. In addition, on February 23, 2012, the White House released the report, Consumer Data Privacy in a Networked World: A Framework for Protecting Privacy and Promoting Innovation in the Global Digital Economy (link is external) (Privacy Blueprint). The Privacy Blueprint outlined a multistakeholder process for developing legally enforceable voluntary codes of conduct (VCC) to help instill consumer confidence.
In response to workshop findings and in support of the Privacy Blueprint, DOE OE and the Federal Smart Grid Task Force facilitated a multistakeholder process to develop a Voluntary Code of Conduct (VCC) for utilities and third parties providing consumer energy use services that addresses privacy related to data enabled by smart grid technologies. Through a series of meetings in DC, which were broadcast throughout the country as webinars and through the efforts of several working groups, the VCC evolved into the final draft released January 12.
On January 12, 2015, President Obama announced the final concepts and principles for a Voluntary Code of Conduct (VCC) related to privacy of customer energy usage data for utilities and third parties. The final VCC is the result of a 22-month multi-stakeholder effort which was facilitated by the Energy Department's Office of Electricity Delivery and Energy Reliability in coordination with the Federal Smart Grid Task Force. The VCC reflects input from many stakeholders across the electricity industry and incorporates comments and responses from the public that were collected via DOE’s Federal Register Notice issued earlier this year, including comments by the American Public Power Association. “APPA has been involved with the VCC process since its inception in December 2012 and commends the work of the task force that has assembled this draft code of conduct. The draft VCC protects customer privacy without hindering smart grid innovation. These draft principles are sufficiently high level to ensure that utilities maintain a level of flexibility in developing smart grid data privacy guidelines. At the same time, these principles emphasize core privacy principles that have been established by other entities such as the North American Energy Standards Board and state regulatory bodies such as the California Public Utilities Commission.”
The purpose of the VCC is to encourage innovation while protecting customer data privacy and confidentiality, provide customers with appropriate access to their own data, and comply with local, state, and federal laws. The Department of Energy encourages utilities and third parties to consider adopting the VCC in entirety. However, limited adoption may be warranted when state and local laws and policies require a different approach. A utility operating under existing state or local legal and regulatory requirements may face conflict between the VCC and these other requirements. The utility industry is complexly diverse, marked by utilities of differing sizes and operating under a myriad of regulatory regimes. The VCC strikes an appropriate balance by providing high level guidance without being overly proscriptive. The VCC will be instrumental in providing mechanisms for demonstrating how consumer’s data is protected and secured thus instilling consumer confidence.
The VCC consists of five main concepts: customer notice and awareness, customer choice and consent, customer data access, data integrity and security, and self enforcement,management and redress. Customer Notice & Awareness provides guidelines for giving customers notice about privacy-related policies, and how the data is being used. Customer Choice & Consent outlines processes for how a customer can authorize or rescind sharing of their data and disclosures to Third Parties. Customer Data Access and Participation provides principles for providing customer access to data. Integrity and Security addresses how data is maintained and protected. Finally, Self Enforcement Management and Redress outlines some guidelines for following the code.
Your customers’ data is valuable to you, your customers, and third party providers. As your utility evaluates its policies for handling customer data, the VCC provides valuable resources for doing so. In the coming months, DOE plans to seek feedback from utilities that adopt the code. The Voluntary Code of Conduct can be found here.