How It Works

DataGuard is a voluntary program developed by industry that all service providers (utilities, technology companies, third-party providers) can adopt. It provides a transparent means for companies to re-affirm and communicate their commitment to consumer data privacy. DataGuard is not a regulation or standard. It is a voluntary code of conduct that specifies high-level principles and concepts to allow for maximum flexibility in implementation. It specifies what must be addressed or considered but does not specify the exact method of implementation. Adopting companies must determine for themselves how to implement DataGuard's concepts and principles based on their specific company practices and operating environment. Once your company is satisfied they have met the requirements, you will submit an adoption statement committing the company to the program and publicly commit by using the DataGuard logo on company communications materials.

The U.S. Department of Energy (DOE) is currently seeking companies that would like to be early adopters of the programs and participate in a program launch. Several companies—a combination of both utilities and third parties—have pledged their commitment to adopt. If you are interested in being an early adopter, please contact Eric Lightner at DOE.

Maintenance and Revisions

At the request of industry stakeholders, U.S. Department of Energy (DOE) will be the steward of the DataGuard program and its associated website for a minimum of two years. At that time the program will be re-evaluated to determine if the stewardship should continue with DOE or whether this function should (or could) be turned over to a private entity.

As the steward of the program, DOE will establish a Revisions Working Team (RWT) that will review DataGuard's concepts and principles for updates and revisions every two years. The two-year revision cycle allows for revisions to take place in response to changing technology or emerging concerns while at the same time giving adopting companies a set timeframe for review.

The RWT will review any revisions suggested by stakeholders as well as conduct an independent review of the concepts and principles to determine if any revisions may be warranted. The RWT will also assess suggested revisions of an urgent nature that are clearly identified as needing a determination prior to the next two-year deadline.

The RWT will be made up of industry volunteers, and best efforts will be made to ensure that the RWT is populated by a diverse set of stakeholders representing a cross-section of industry interests, such as utilities of various sizes (e.g., investor owned utilities (IOUs), municipalities, and cooperatives), consumer advocates, privacy advocates, regulators, and/or third parties. The volunteers will serve for finite terms, although some degree of voluntary renewal upon approval of the entire RWT could be allowed. If you are interested in serving on the RWT, please CLICK HERE and ask to receive future RWT notifications.

It is crucial to maintain an open, transparent, multi-stakeholder process in assessing any potential revisions. Therefore, DOE will coordinate revision requests, reviews with the RWT, and meetings with stakeholders. DOE will work to ensure participation by a diverse set of stakeholders in evaluating and providing input into proposed revisions prior to final release. Meetings, proposed revisions, and other information will be posted on SmartGrid.gov and this website.

When revisions are finalized, adopting companies will receive notice of the revision and an adopting company that wishes to opt out of the DataGuard program must communicate its intent and the effective date of its opt-out. The company must then remove all DataGuard logos/brands from their communication materials by the opt-out effective date included in its notification.

Enforcement

The DataGuard Energy Data Privacy Program is an industry-developed, self-regulated code of conduct for data privacy. Participation in the DataGuard program is voluntary, and there is no regulatory body charged with enforcement.

Industry FAQ

Answers to the most common questions.

Utilities, electricity marketers, third party technology providers or other companies that provide services to consumers and may seek access to consumer energy data, whether from the utility itself or directly from the consumer.

The U. S. Department of Energy (DOE) facilitated the development of DataGuard through a multi- stakeholder (utilities of various sizes and operating structures, consumer advocates, privacy advocates, regulators and third parties) process.

At the request of industry stakeholders, DOE will serve as the steward for the program for a minimum of two years, meaning that it will manage the DataGuard website as a resource for both adopters of the voluntary code and the general public, and work with the Revisions Working Team to maintain an open, transparent multi-stakeholder process. After two years, DOE hopes to transfer the stewardship to a private company or industry association.

The Initiative to develop the concepts and principles for a Voluntary Code of Conduct was referred to as the VCC. When those were finalized the effort was rebranded to be more consumer friendly. The privacy program is now called DataGuard and the concepts and principles to be adopted are referred to as the Voluntary Code of Conduct (VCC or the Code).

To gauge consumer sentiment about the Initiative and to gain an in-depth understanding of consumer perceptions of data privacy in utility companies, DOE partnered with utilities across the country to conduct 18 focus groups. These focus groups consisted of participants with a range of incomes, education, knowledge of technology, and business and residential customers both with and without smart meters. The majority of participants (68%) supported the idea of creating a voluntary code of conduct for energy data privacy (VCC). Respondents believed that the creation of the VCC was a proactive attempt to handle what could become a data-sharing problem. In general, respondents had more positive perceptions of utilities that choose to adhere to the VCC because they felt these companies are trusted more because they are perceived as looking out for customers' best interests.

The DataGuard program is an industry-developed, self-regulated code of conduct for data privacy. Adoption of the DataGuard program is voluntary. Companies that adopt DataGuard must ensure that they meet the concepts and principles specified in the code prior to adoption and then publicly commit to its adoption. As stated in the DataGuard principles, companies must provide a simple, efficient, and effective means for addressing customer concerns (see section 5.0 c).

The VCC allows for limited exceptions. The Mission Statement Section notes that, “The intent is for utilities and third parties to consider adopting the VCC in its entirety. However, a utility or third party could adopt the concepts and principles of the VCC with some limited exceptions (such as when laws, regulatory guidance or frameworks, governing documents, policies, and/or consensus-driven state, local, or industry business practices require a different approach). Such exceptions, however, should be consistent with the overall purposes of the VCC and should be explicitly noted and explained in any depiction of VCC adoption, such as in a privacy policy or other notice. Nothing in the VCC is intended to change, modify, or supersede federal, state, or local laws or regulatory guidance."

DataGuard is a voluntary program; it is not a regulation. Any entity adopting the VCC will need to make their own determination of how to implement the high-level concepts and principles specified in the VCC. When considering exceptions, the adopting company will need to determine if the exception is consistent with the overall purpose and could look to the example of exceptions provided in the VCC: “such as when laws, regulatory guidance or frameworks, governing documents, policies, and/or consensus-driven state, local, or industry business practices require a different approach." It is also important to note that, “If an exception is made, it must be clearly noted in any depiction of VCC adoption."

The VCC concepts and principles are intended to apply as high-level principles of conduct. The VCC does not identify a specific method or safe harbor to be used for anonymizing Customer Data. In Section 4.0 Integrity and Security Anonymized Data Methodologies, however, the VCC identifies “variables that should be considered, as applicable to the specific situation" when a Service Provider creates a methodology to anonymize Customer Data.

Additionally, the VCC specifies in Section 2.0 Customer Choice and Consent, Consent Not Required, that “Service Providers can share Aggregated or Anonymized data with Third Parties without first obtaining customer consent if the methodology used to aggregate or anonymize Customer Data strongly limits the likelihood of re-identification of individual customers or their Customer Data from the aggregated or Anonymized data set." It additionally states that “Aggregated and Anonymized Data may be shared via a contract between the Service Provider and Third Party that requires that the Third Party not attempt to re-identify customers."

Because DataGuard is a voluntary program, adopting companies will need to make their own determination of how to implement the high-level concepts and principles specified in the VCC and make a determination if their anonymization or aggregation method produces data that "cannot reasonably" be re-identified.

In the Key Definitions Section, the VCC specifies that Primary Purpose is “the use of Account Data or CEUD that is reasonably expected by the customer: 1) to provide or reliably maintain customer-initiated service; and 2) including compatible uses in features and services to the customer that do not materially change reasonable expectations of customer control and third party data sharing."

Because DataGuard is a voluntary program and is not a regulation, each adopting company has the flexibility to determine for themselves how and to what extent each principle is implemented. When evaluating how their company uses customer data and whether that falls under Primary versus Secondary purpose, the adopting entity will have to determine for themselves whether a customer would reasonably expect the data to be used for the specified purpose, as specified in the VCC.

To make the distinction between Primary versus Secondary Purpose, adopting companies may want to look at their state's or other state's regulatory commission guidance on Primary Purpose remembering that “Nothing in the VCC is intended to change, modify, or supersede federal, state, or local laws or regulatory guidance."

The VCC states in Section 1.0 Notice & Awareness that “customers should be given notice about the company's privacy-related policies and practices as part of providing service. Service Providers should provide materials in various formats that are easily understandable by the demographics they serve, and as may be reasonably appropriate." It also specifies that “Notice should be given at the start of service, on some reoccurring basis (e.g., annually)…[and] Notice should be clear and conspicuous…" Because the VCC is a voluntary program, and it was specifically worded in broad terms to allow for flexibility in its implementation, each adopting company will need to determine the appropriate method for providing customer notice in a clear and conspicuous manner given their specific situation and operating circumstances. The reference that the notice be provided annually is given as an exempli gratia, or “for example," and is not a specification. Additionally, the FTC has produced guidance for businesses on providing clear and conspicuous notices which can be found at https://www.ftc.gov/tips-advice/business-center/guidance/com-disclosures-how-make-effective-disclosures-digital.

Section 1.0 addresses the “concept that customers should be given notice about privacy-related policies and practices as part of providing service. Service Providers should provide materials in various formats that are easily understandable by the demographics they serve, and as may be reasonably appropriate….The Notice should be clear and conspicuous…" and should address how the data is secured.

Because DataGuard is a voluntary program, not a regulation, and its content is intended to apply as high- level principles of conduct for both utilities and third parties, an entity adopting the VCC will need to make their own determination of how to implement the high-level concepts and principles specified in the VCC thus what level of detail is appropriate for the customer notice.

Section 2.0, Record Retention and Disposal, specifies that “Service Providers should retain Customer Data only as long as needed to fulfill the purpose it was collected for, unless under a legal obligation to do otherwise." Section 1.0.g of the VCC specifies that “customers should be informed that Customer Data will be retained and disposed of consistent with applicable local, state and federal retention rules and regulations as well as company policies." Because DataGuard is a voluntary program, not a regulation, and its content is intended to apply as high level principles of conduct for both utilities and third parties, an entity adopting the VCC will need to make their own determination of how to implement the high level concepts and principles specified in the VCC and thus the appropriate time period for disposal of Customer Data.

The VCC does not require consent for a Primary Purpose. In the Key Definitions Section, a Primary Purpose includes “compatible uses…that do not materially change reasonable expectations of customer control and third party data sharing."

Section 2.0 Choice and Consent, specifies, however, that “For Secondary Purposes… customers should be able to control access to their Customer Data via a customer consent process which is convenient, accessible, and easily understood." As part of the consent process, the VCC specifies “…that customers have the ability to exercise choices (e.g., push notifications for software downloads) regarding the use of their CEUD for new purposes materially different than those for which it was originally collected."

Because DataGuard is a voluntary program, not a regulation, and its content is intended to apply as high- level principles of conduct for both utilities and third parties, an entity adopting the VCC will need to make their own determination of how to implement the high-level concepts and principles specified in the VCC.

The VCC does not specifically require adopting companies to track overlapping data requests. Section 2.0 Customer Choice and Consent, Data Access Exclusions, of the VCC specifies that “(2) Overlapping data requests from the same requestor should not be permitted if granting such requests is reasonably likely to compromise the aggregation and reveal information that could be used to identify or re-identify customers or Customer Data."

Because DataGuard is a voluntary program, not a regulation, and its content is intended to apply as high-level principles of conduct for both utilities and third parties, an entity adopting the VCC will need to make their own determination of how to implement the high-level concepts and principles specified in the VCC. The adopting entity will have to determine if reasonable steps have been taken to avoid compromising individual customer privacy due to overlapping requests.

DataGuard focuses specifically on Customer Data, which is defined as the combination of customer energy usage data (CEUD) and Account Data. The reason for this is that personally identifiable information (such as social security number, date of birth, etc.) are already regulated by a variety of state and federal laws. DataGuard was developed to address rising concerns around Customer Energy Use Data as a result of new technologies being deployed, and not because of new issues related to personal information.