Industry FAQ

Answers to the most common questions.

Utilities, electricity marketers, third party technology providers or other companies that provide services to consumers and may seek access to consumer energy data, whether from the utility itself or directly from the consumer.

The U. S. Department of Energy (DOE) facilitated the development of DataGuard through a multi- stakeholder (utilities of various sizes and operating structures, consumer advocates, privacy advocates, regulators and third parties) process.

At the request of industry stakeholders, DOE will serve as the steward for the program for a minimum of two years, meaning that it will manage the DataGuard website as a resource for both adopters of the voluntary code and the general public, and work with the Revisions Working Team to maintain an open, transparent multi-stakeholder process. After two years, DOE hopes to transfer the stewardship to a private company or industry association.

The Initiative to develop the concepts and principles for a Voluntary Code of Conduct was referred to as the VCC. When those were finalized the effort was rebranded to be more consumer friendly. The privacy program is now called DataGuard and the concepts and principles to be adopted are referred to as the Voluntary Code of Conduct (VCC or the Code).

To gauge consumer sentiment about the Initiative and to gain an in-depth understanding of consumer perceptions of data privacy in utility companies, DOE partnered with utilities across the country to conduct 18 focus groups. These focus groups consisted of participants with a range of incomes, education, knowledge of technology, and business and residential customers both with and without smart meters. The majority of participants (68%) supported the idea of creating a voluntary code of conduct for energy data privacy (VCC). Respondents believed that the creation of the VCC was a proactive attempt to handle what could become a data-sharing problem. In general, respondents had more positive perceptions of utilities that choose to adhere to the VCC because they felt these companies are trusted more because they are perceived as looking out for customers' best interests.

The DataGuard program is an industry-developed, self-regulated code of conduct for data privacy. Adoption of the DataGuard program is voluntary. Companies that adopt DataGuard must ensure that they meet the concepts and principles specified in the code prior to adoption and then publicly commit to its adoption. As stated in the DataGuard principles, companies must provide a simple, efficient, and effective means for addressing customer concerns (see section 5.0 c).

The VCC allows for limited exceptions. The Mission Statement Section notes that, “The intent is for utilities and third parties to consider adopting the VCC in its entirety. However, a utility or third party could adopt the concepts and principles of the VCC with some limited exceptions (such as when laws, regulatory guidance or frameworks, governing documents, policies, and/or consensus-driven state, local, or industry business practices require a different approach). Such exceptions, however, should be consistent with the overall purposes of the VCC and should be explicitly noted and explained in any depiction of VCC adoption, such as in a privacy policy or other notice. Nothing in the VCC is intended to change, modify, or supersede federal, state, or local laws or regulatory guidance."

DataGuard is a voluntary program; it is not a regulation. Any entity adopting the VCC will need to make their own determination of how to implement the high-level concepts and principles specified in the VCC. When considering exceptions, the adopting company will need to determine if the exception is consistent with the overall purpose and could look to the example of exceptions provided in the VCC: “such as when laws, regulatory guidance or frameworks, governing documents, policies, and/or consensus-driven state, local, or industry business practices require a different approach." It is also important to note that, “If an exception is made, it must be clearly noted in any depiction of VCC adoption."

The VCC concepts and principles are intended to apply as high-level principles of conduct. The VCC does not identify a specific method or safe harbor to be used for anonymizing Customer Data. In Section 4.0 Integrity and Security Anonymized Data Methodologies, however, the VCC identifies “variables that should be considered, as applicable to the specific situation" when a Service Provider creates a methodology to anonymize Customer Data.

Additionally, the VCC specifies in Section 2.0 Customer Choice and Consent, Consent Not Required, that “Service Providers can share Aggregated or Anonymized data with Third Parties without first obtaining customer consent if the methodology used to aggregate or anonymize Customer Data strongly limits the likelihood of re-identification of individual customers or their Customer Data from the aggregated or Anonymized data set." It additionally states that “Aggregated and Anonymized Data may be shared via a contract between the Service Provider and Third Party that requires that the Third Party not attempt to re-identify customers."

Because DataGuard is a voluntary program, adopting companies will need to make their own determination of how to implement the high-level concepts and principles specified in the VCC and make a determination if their anonymization or aggregation method produces data that "cannot reasonably" be re-identified.

In the Key Definitions Section, the VCC specifies that Primary Purpose is “the use of Account Data or CEUD that is reasonably expected by the customer: 1) to provide or reliably maintain customer-initiated service; and 2) including compatible uses in features and services to the customer that do not materially change reasonable expectations of customer control and third party data sharing."

Because DataGuard is a voluntary program and is not a regulation, each adopting company has the flexibility to determine for themselves how and to what extent each principle is implemented. When evaluating how their company uses customer data and whether that falls under Primary versus Secondary purpose, the adopting entity will have to determine for themselves whether a customer would reasonably expect the data to be used for the specified purpose, as specified in the VCC.

To make the distinction between Primary versus Secondary Purpose, adopting companies may want to look at their state's or other state's regulatory commission guidance on Primary Purpose remembering that “Nothing in the VCC is intended to change, modify, or supersede federal, state, or local laws or regulatory guidance."

The VCC states in Section 1.0 Notice & Awareness that “customers should be given notice about the company's privacy-related policies and practices as part of providing service. Service Providers should provide materials in various formats that are easily understandable by the demographics they serve, and as may be reasonably appropriate." It also specifies that “Notice should be given at the start of service, on some reoccurring basis (e.g., annually)…[and] Notice should be clear and conspicuous…" Because the VCC is a voluntary program, and it was specifically worded in broad terms to allow for flexibility in its implementation, each adopting company will need to determine the appropriate method for providing customer notice in a clear and conspicuous manner given their specific situation and operating circumstances. The reference that the notice be provided annually is given as an exempli gratia, or “for example," and is not a specification. Additionally, the FTC has produced guidance for businesses on providing clear and conspicuous notices which can be found at https://www.ftc.gov/tips-advice/business-center/guidance/com-disclosures-how-make-effective-disclosures-digital.

Section 1.0 addresses the “concept that customers should be given notice about privacy-related policies and practices as part of providing service. Service Providers should provide materials in various formats that are easily understandable by the demographics they serve, and as may be reasonably appropriate….The Notice should be clear and conspicuous…" and should address how the data is secured.

Because DataGuard is a voluntary program, not a regulation, and its content is intended to apply as high- level principles of conduct for both utilities and third parties, an entity adopting the VCC will need to make their own determination of how to implement the high-level concepts and principles specified in the VCC thus what level of detail is appropriate for the customer notice.

Section 2.0, Record Retention and Disposal, specifies that “Service Providers should retain Customer Data only as long as needed to fulfill the purpose it was collected for, unless under a legal obligation to do otherwise." Section 1.0.g of the VCC specifies that “customers should be informed that Customer Data will be retained and disposed of consistent with applicable local, state and federal retention rules and regulations as well as company policies." Because DataGuard is a voluntary program, not a regulation, and its content is intended to apply as high level principles of conduct for both utilities and third parties, an entity adopting the VCC will need to make their own determination of how to implement the high level concepts and principles specified in the VCC and thus the appropriate time period for disposal of Customer Data.

The VCC does not require consent for a Primary Purpose. In the Key Definitions Section, a Primary Purpose includes “compatible uses…that do not materially change reasonable expectations of customer control and third party data sharing."

Section 2.0 Choice and Consent, specifies, however, that “For Secondary Purposes… customers should be able to control access to their Customer Data via a customer consent process which is convenient, accessible, and easily understood." As part of the consent process, the VCC specifies “…that customers have the ability to exercise choices (e.g., push notifications for software downloads) regarding the use of their CEUD for new purposes materially different than those for which it was originally collected."

Because DataGuard is a voluntary program, not a regulation, and its content is intended to apply as high- level principles of conduct for both utilities and third parties, an entity adopting the VCC will need to make their own determination of how to implement the high-level concepts and principles specified in the VCC.

The VCC does not specifically require adopting companies to track overlapping data requests. Section 2.0 Customer Choice and Consent, Data Access Exclusions, of the VCC specifies that “(2) Overlapping data requests from the same requestor should not be permitted if granting such requests is reasonably likely to compromise the aggregation and reveal information that could be used to identify or re-identify customers or Customer Data."

Because DataGuard is a voluntary program, not a regulation, and its content is intended to apply as high-level principles of conduct for both utilities and third parties, an entity adopting the VCC will need to make their own determination of how to implement the high-level concepts and principles specified in the VCC. The adopting entity will have to determine if reasonable steps have been taken to avoid compromising individual customer privacy due to overlapping requests.

DataGuard focuses specifically on Customer Data, which is defined as the combination of customer energy usage data (CEUD) and Account Data. The reason for this is that personally identifiable information (such as social security number, date of birth, etc.) are already regulated by a variety of state and federal laws. DataGuard was developed to address rising concerns around Customer Energy Use Data as a result of new technologies being deployed, and not because of new issues related to personal information.