Data best practices coalition letter

Attention:  President Picker & Commissioner Florio
Cc: Energy Division Director Ed Randolph
 
California Public Utilities Commission
505 Van Ness Avenue
San Francisco, CA 94102
 
 
Dear President Picker & Commissioner Florio,
 
We are writing in support of two proceedings currently in progress at the California Public Utilities Commission (the “CPUC”) that have the potential to significantly improve access to energy data. Decision 16-06-008 in the Commission’s Demand Response proceeding, A.14-06-001 et al, outlines the appropriate forum and timeline for planning and implementation of data access solutions. While the DRP proceeding (R. 14-08-013) has touched upon these issues, the Demand Response proceeding already ordered an implementation that should be a universal solution that would apply to all fuel types and energy programs, including, but not limited to, demand response, energy efficiency, solar, energy storage, microgrids, and building energy management. The DRP proceeding should reference this Decision and clarify that the data solutions developed should be available for purposes of distributed energy resource development in the DRP context as well.
 
Secure, synchronous access to comprehensive, accurate and clear energy usage and billing data is fundamental to fulfilling commitments to clean energy policy locally, nationally and globally.  California has a comprehensive regulatory approach to consumer energy data access and privacy; the only state within the country, and even internationally, to do so. California led the way by adopting and supporting the Green Button standard. While significant resources were invested in the deployment advanced metering hardware in California; software and universal data standards and access protocols are needed to reap the benefit of this investment.
 
The growth of new energy technologies providing products and services would be greatly enhanced by standardizing the implementation of data sharing platforms to meet the needs of the market. Growth, jobs, and innovation would be faster if California, again, led the way in utility data access. The growth of new energy technologies providing products and services would be greatly enhanced by standardizing the implementation of data sharing platforms to meet the needs of the market.
 
We affirm our support for the guiding principles needed to improve access to energy billing and usage data:

1. Full Data Set: Standardize availability of a requisite set of data for historical and ongoing data access.  Please see Appendix A for suggested data set.
2. Synchronous Data: Once a data request is authorized and authenticated, data is delivered on-demand, upon authorization, (e.g. data begins streaming w/in 90 seconds of request).
3. Instant, Digital Authorization: A digital signature (incl. click-through) is valid for authorizing data sharing.
4. Instant, Consumer-Centric Authentication: A third-party will not be held to a higher authentication standard than the Utility holds itself.  Accordingly, the Utility will authenticate using consumer-centric login credentials, for example, zip code and account # or Online Account username and password.
5. Seamless Click-through: A utility account holder will be allowed to begin and end the click-through process on the Third-Party website.  This may happen without any requirement to log in to any other site/process during this flow (e.g. checkbox) or may allow the user to remain in the third party website flow, even in various authentication scenarios (login, signup, forgotten password, etc.), as in the case of OAuth or open authorization protocols.  The click-through process shall be designed to be one-click and the third party may lead the customer request for the types of data and the time frame of data sharing.  The customer may approve or reject such a request in its sole discretion.
6. Strong Security Protocols: Adopt strong security protocols. Data security may accommodate cloud-based systems.  In addition, we recommend consideration of the security elements listed in Appendix B.

 
We thank you for your efforts on behalf of the citizens of the great State of California.

Kindly,
Elena Lucas
CEO, UtilityAPI

On behalf of:

3rd Rock Systems & Technologies
Advanced Energy Economy
Advanced Microgrid Solutions
Brightergy
BuildingIQ
California Clean Energy Fund
California Solar Energy Industry Association
Chai Energy
CivicSolar, Inc
Clean Coalition
Correlate Inc. 
CPower
DBL Partners
Endertech 
Energy Toolbase
EnergyHub, Inc.
EnerNOC, Inc.
Environmental Entrepreneurs (E2)
kWh Analytics

NRG Energy, Inc.
OhmConnect, Inc.
Lucid
OneRoof Energy
PlotWatt
Powerhouse
PVComplete
Siemens
Silicon Valley Leadership Group
Solar Energy Industry Association
SolarCity
Stem, Inc.
Sungevity
SunPower Corporation
SunSwarm
Tesla Motors, Inc.
The Nature Conservancy
UtilityAPI, Inc.
Vote Solar

Appendix A: Suggested Standard Data Set for Energy Usage & Billing Data

* Account Elements
   * Account name (ACME INC. or JOE SMITH)
   * Account address (123 OFFICE ST...)
   * Account ID (2-xxx...)
* Outage block (A000)
* Service Elements
   * Service ID (3-xxx...)
   * Service address (123 MAIN ST #100...)
   * Service tariff (D-TOU)
   * Service tariff options (CARE, FERA, etc.)
   * Service voltage (if relevant)
   * Service meter number (if any)
   * # of Service meters – a service account many have multiple meters, is that captured?
* Historical PDF bills (since beginning of service)
* PDF Bills and their line items
   * Bill start date
   * Bill end date
   * Bill total charges ($)
   * Bill total kWh
* Bill tier breakdown (if any)
    * Name (Over Baseline 1%-30%)
    * Volume (1234.2)
    * Cost ($100.23)

* Bill TOU kwh breakdown (if any)
    * Name (Summer Off Peak)
    * Volume (1234.2)
    * Cost ($100.23)
* Bill demand breakdown (if any)
    * Name (Summer Max Demand)
    * Volume (1234.2)
    * Cost ($100.23)
* Bill line items (sum should equal bill total charges above)
    * Charge name (DWR Bond Charge)
    * Volume (1234.2)
    * Unit (kWh)
    * Rate ($0.032/kWh)
    * Cost ($100.23)
* NEM/Tracked line items
    * Charge name (e.g. Net In/Net Out)
    * Volume (1234.2 in kWh)
    * Unit (kWh)
    * Rate ($0.032/kWh, if any)
    * Cost ($100.23, if any)
* Historical Intervals (since beginning of service)
    * Start (unix timestamp)
    * Duration (seconds)
    * Volume (1234.2)
    * Unit (kWh)

​Ideally Also: Capacity Reservation Level (CRL) for CPP/PDP customers, Demand Response program name and nomination, if fixed, Standby reservation if a customer has on-site generation, and sublap for wholesale nomination.

Appendix B: Proposed Security Standards for Data Sharing and Data Storage

• Implement according to the NIST Cybersecurity Framework v.1.0 (or most current version as of 8/11/2016)
• 100% of click-through process be conducted over HTTPS
• Do not send access via email or insecure communication
• Encrypt access credentials automatically and immediately upon receipt thereof
• Store access credentials in an encrypted state using strong encryption (OpenPGP or HSM backed system)
• Do not write decrypted access credentials to disk; hold such credentials in memory for the minimum time required to perform the authorized access
• Keep audit logs of decryptions with information re what was decrypted and by whom
• Handling credentials using split-stack design
  • Servers with permissions to access stored credentials do not have permissions to decrypt them
  • Servers with permissions to decrypt credentials do not have permissions to request them from the data store
  • Reduce application on servers with permissions to decrypt to minimum applications required to perform the authorized access
• Do not transfer utility account holder data outside the United States where it is no longer protected by U.S. law
• Terms maintaining the ownership of the data with the utility account holder on the data collection provider’s servers (e.g. Third Party, such that the account holder has a reasonable expectation of privacy and the data is not considered a business record. This maintains the restriction that the data may not be used for any purpose without receipt of explicit written authorization of the utility account holder.