Blog Archives

UtilityAPI has New Jersey covered

9/30/2016

UtilityAPI's service covers all of New Jersey:

Atlantic City Electric
Jersey Central Power and Light (JCPL)
PSEG

UtilityAPI presents on data best practices at the CPUC

9/23/2016

May 23, 2016
UtilityAPI presented at the CPUC’s Data Access Workshop for Distribution Resources Plans [DRP | R. 14-08-013]. Other presenters included SCE, PG&E, SDG&E, SolarCity, Stem, Enphase, and Mission:Data. The workshop was an effort for the commission to better understand the data needs of energy technology companies. Heidi Lubin presented and took questions on behalf of UtilityAPI.

Below are excerpts from UtilityAPI’s official comments to the CPUC:
UtilityAPI recommends that regulatory bodies adopt clear standards regarding access to energy usage and billing data that will allow the market to continue to develop and evolve to meet policy targets. Lack of access to data continues to limit the growth of this sector and will preclude market ability to meet policy targets. Accordingly, we formally request that these standards be updated as detailed below. We request that the CPUC standardize the rigor and process by which authorization is granted, what login information is required to access data, what data is provided and how data is secured. UtilityAPI respectfully recommends the following:

Standardize the rigor and process by which authorization to access energy usage and billing data is granted. Utilities have implemented GB interfaces with varied interpretations; yet the market requires an industry best-practice OAuth user experience (see left) deployed to facilitate legal, secure, synchronous, authorized access to energy billing and usage data, and based on a legal third-party agency standard that meets requirements under AB1274, Civil Code Section 1798.98, U.S. DOE DataGuard best practices, and other applicable standards.
Require utilities to redirect to or to host a cloud-based user interface for data sharing that does not require login credentials; many utility account holders would prefer to appoint a third party agent as they do not have the time, desire or comfort with online utility interfaces.
Require utilities to provide a requisite set of data (see suggested list Appendix A, infra). The Customer Data Sharing standard should be updated to provide the requisite data set. The GreenButton Standard (GB) is a flexible, voluntary standard and implementation by CA IOUs do not meet the needs of the DERs. UtilityAPI, to date, has been the only automated and DataGuard compliance source of data that DERs require, in addition to providing a high level of service to DERs and utility account holders. Moreover, GB efforts at utilities have been incredibly underfunded which compounds the difficulty of data access, and burdens already overburdened IT departments, which are not the core competency of our hardworking utility colleagues. We are active participants in the GreenButton Alliance.
Impose security standards for data sharing and data storage to include elements such as: U.S. DOE DataGuard compliance; secure storage of utility account holder data (see Appendix B) with DataGuard.

Additionally:
Secure, synchronous access to comprehensive, accurate and clear energy usage and billing data is fundamental to fulfilling commitments to clean energy policy locally, nationally and globally.

Currently mandated data sharing requirements do not yet meet the needs of the DERs and other stakeholders, including utilities. Data and standard data sharing processes are crucial to fulfilling state and federal policy objectives for climate, energy affordability and economic growth targets. Lack of clarity around data sharing requirements adds cost and creates confusion as each utility has interpreted the standards for the provision of data and rolled out its data interface quite differently.

At UtilityAPI, we aim to vastly improve the exchange and flow of energy billing and usage data to facilitate the evaluation, measurement, verification and fulfillment of these efforts. We have identified, developed and market-tested best practices in the sharing and exchange of energy billing and usage data amongst utilities, utility account holders and third-parties of the utility account holders’ choosing, especially distributed energy resource (DER) providers.

To date, we have collaborated effectively with numerous utilities; specifically, we are the only third party that has built integrations with all current and scheduled Green Button Connect implementations and we are compliant with the U.S. DOE DataGuard privacy standard. We serve as a trusted data intermediary with best-in-class uptime, at a lower cost to ratepayers and with optimized user experience. We estimate savings of upwards of $2 million annually to California ratepayers because we have reduced the number of manual data requests utilities have to process.

Data best practices coalition letter

9/12/2016

Attention: President Picker & Commissioner Florio
Cc: Energy Division Director Ed Randolph

California Public Utilities Commission
505 Van Ness Avenue
San Francisco, CA 94102

Dear President Picker & Commissioner Florio,

We are writing in support of two proceedings currently in progress at the California Public Utilities Commission (the “CPUC”) that have the potential to significantly improve access to energy data. Decision 16-06-008 in the Commission’s Demand Response proceeding, A.14-06-001 et al, outlines the appropriate forum and timeline for planning and implementation of data access solutions. While the DRP proceeding (R. 14-08-013) has touched upon these issues, the Demand Response proceeding already ordered an implementation that should be a universal solution that would apply to all fuel types and energy programs, including, but not limited to, demand response, energy efficiency, solar, energy storage, microgrids, and building energy management. The DRP proceeding should reference this Decision and clarify that the data solutions developed should be available for purposes of distributed energy resource development in the DRP context as well.

Secure, synchronous access to comprehensive, accurate and clear energy usage and billing data is fundamental to fulfilling commitments to clean energy policy locally, nationally and globally. California has a comprehensive regulatory approach to consumer energy data access and privacy; the only state within the country, and even internationally, to do so. California led the way by adopting and supporting the Green Button standard. While significant resources were invested in the deployment advanced metering hardware in California; software and universal data standards and access protocols are needed to reap the benefit of this investment.

The growth of new energy technologies providing products and services would be greatly enhanced by standardizing the implementation of data sharing platforms to meet the needs of the market. Growth, jobs, and innovation would be faster if California, again, led the way in utility data access. The growth of new energy technologies providing products and services would be greatly enhanced by standardizing the implementation of data sharing platforms to meet the needs of the market.

We affirm our support for the guiding principles needed to improve access to energy billing and usage data:

Full Data Set: Standardize availability of a requisite set of data for historical and ongoing data access. Please see Appendix A for suggested data set.
Synchronous Data: Once a data request is authorized and authenticated, data is delivered on-demand, upon authorization, (e.g. data begins streaming w/in 90 seconds of request).
Instant, Digital Authorization: A digital signature (incl. click-through) is valid for authorizing data sharing.
Instant, Consumer-Centric Authentication: A third-party will not be held to a higher authentication standard than the Utility holds itself. Accordingly, the Utility will authenticate using consumer-centric login credentials, for example, zip code and account # or Online Account username and password.
Seamless Click-through: A utility account holder will be allowed to begin and end the click-through process on the Third-Party website. This may happen without any requirement to log in to any other site/process during this flow (e.g. checkbox) or may allow the user to remain in the third party website flow, even in various authentication scenarios (login, signup, forgotten password, etc.), as in the case of OAuth or open authorization protocols. The click-through process shall be designed to be one-click and the third party may lead the customer request for the types of data and the time frame of data sharing. The customer may approve or reject such a request in its sole discretion.
Strong Security Protocols: Adopt strong security protocols. Data security may accommodate cloud-based systems. In addition, we recommend consideration of the security elements listed in Appendix B.

We thank you for your efforts on behalf of the citizens of the great State of California.

Kindly,
Elena Lucas
CEO, UtilityAPI

On behalf of:

3rd Rock Systems & Technologies
Advanced Energy Economy
Advanced Microgrid Solutions
Brightergy
BuildingIQ
California Clean Energy Fund
California Solar Energy Industry Association
Chai Energy
CivicSolar, Inc
Clean Coalition
Correlate Inc.
CPower
DBL Partners
Endertech
Energy Toolbase
EnergyHub, Inc.
EnerNOC, Inc.
Environmental Entrepreneurs (E2)
kWh Analytics

NRG Energy, Inc.
OhmConnect, Inc.
Lucid
OneRoof Energy
PlotWatt
Powerhouse
PVComplete
Siemens
Silicon Valley Leadership Group
Solar Energy Industry Association
SolarCity
Stem, Inc.
Sungevity
SunPower Corporation
SunSwarm
Tesla Motors, Inc.
The Nature Conservancy
UtilityAPI, Inc.
Vote Solar

Appendix A: Suggested Standard Data Set for Energy Usage & Billing Data

* Account Elements
   * Account name (ACME INC. or JOE SMITH)
   * Account address (123 OFFICE ST...)
   * Account ID (2-xxx...)
* Outage block (A000)
* Service Elements
   * Service ID (3-xxx...)
   * Service address (123 MAIN ST #100...)
   * Service tariff (D-TOU)
   * Service tariff options (CARE, FERA, etc.)
   * Service voltage (if relevant)
   * Service meter number (if any)
   * # of Service meters – a service account many have multiple meters, is that captured?
* Historical PDF bills (since beginning of service)
* PDF Bills and their line items
   * Bill start date
   * Bill end date
   * Bill total charges ($)
   * Bill total kWh
* Bill tier breakdown (if any)
* Name (Over Baseline 1%-30%)
* Volume (1234.2)
* Cost ($100.23)

* Bill TOU kwh breakdown (if any)
* Name (Summer Off Peak)
* Volume (1234.2)
* Cost ($100.23)
* Bill demand breakdown (if any)
* Name (Summer Max Demand)
* Volume (1234.2)
* Cost ($100.23)
* Bill line items (sum should equal bill total charges above)
* Charge name (DWR Bond Charge)
* Volume (1234.2)
* Unit (kWh)
* Rate ($0.032/kWh)
* Cost ($100.23)
* NEM/Tracked line items
* Charge name (e.g. Net In/Net Out)
* Volume (1234.2 in kWh)
* Unit (kWh)
* Rate ($0.032/kWh, if any)
* Cost ($100.23, if any)
* Historical Intervals (since beginning of service)
* Start (unix timestamp)
* Duration (seconds)
* Volume (1234.2)
* Unit (kWh)

Ideally Also: Capacity Reservation Level (CRL) for CPP/PDP customers, Demand Response program name and nomination, if fixed, Standby reservation if a customer has on-site generation, and sublap for wholesale nomination.

Appendix B: Proposed Security Standards for Data Sharing and Data Storage

Implement according to the NIST Cybersecurity Framework v.1.0 (or most current version as of 8/11/2016)
100% of click-through process be conducted over HTTPS
Do not send access via email or insecure communication
Encrypt access credentials automatically and immediately upon receipt thereof
Store access credentials in an encrypted state using strong encryption (OpenPGP or HSM backed system)
Do not write decrypted access credentials to disk; hold such credentials in memory for the minimum time required to perform the authorized access
Keep audit logs of decryptions with information re what was decrypted and by whom
Handling credentials using split-stack design
- Servers with permissions to access stored credentials do not have permissions to decrypt them
- Servers with permissions to decrypt credentials do not have permissions to request them from the data store
- Reduce application on servers with permissions to decrypt to minimum applications required to perform the authorized access
Do not transfer utility account holder data outside the United States where it is no longer protected by U.S. law
Terms maintaining the ownership of the data with the utility account holder on the data collection provider’s servers (e.g. Third Party, such that the account holder has a reasonable expectation of privacy and the data is not considered a business record. This maintains the restriction that the data may not be used for any purpose without receipt of explicit written authorization of the utility account holder.

UtilityAPI has New Jersey covered

UtilityAPI presents on data best practices at the CPUC

Data best practices coalition letter

Archives

UtilityAPI

Categories