A survey of state policies on release of customer data.
David T. Doot is a partner at Day Pitney and a past president of the Energy Bar Association. Florence K.S. “Flossie” Davis is counsel at the law firm and chair of the Demand Side Resources and Smart Grid Committee of the Energy Bar Association.
The advent of smart grid technology has raised new and challenging issues concerning data privacy. Of course, data privacy isn’t a new concern for the energy industry, as utilities have always collected customer data, some of which is common to any business, such as contact and credit information, and some of which is unique to the energy industry, such as usage and demand data. Yet the new smart grid technology does raise the issue to a new level, as can be seen by the wide disparity among the handful of states that have adopted laws or regulations governing ownership of customer data, along with the conditions and purposes of its release to third parties.
After red flags first were raised several years ago, the Department of Energy (DOE), the National Institute of Standards and Technology (NIST), and the White House each conducted their own analyses of the issue and produced reports with policy recommendations addressing, at least in part, how best to protect customer energy data while at the same time using that data in smart grid deployment.1 The DOE, in particular, found substantial consensus that utilities shouldn’t be permitted to disclose customer-specific data to third parties without the affirmative and informed consent of the customer.