SlideShare a Scribd company logo

Electricity Journal Article - Henderson and Harak 11-2015

P
Philip Henderson
1 of 12
Download to read offline
How Utilities Can Give Building Owners the Information Needed for Energy Efficiency while Protecting Customer Privacy Many utilities maintain unnecessarily restrictive policies for building owners to get basic energy usage information needed to operate their buildings efficiently. Utilities, utility regulators, and boards of publicly owned utilities should implement reasonable policies to protect customer privacy while delivering aggregated building usage information to the majority of building owners who need it. Philip Henderson and Charlie Harak I. Introduction It is surprising that owners of many large, energy-intensive buildings cannot get even the most basic information about the total energy usage in their buildings, even with the smartest ‘‘smart meters’’ in place. These building owners must manage their buildings blind to how much energy is used. The problem arises in buildings with multiple tenants with their own utility accounts, such as apartment buildings, shopping malls, and office buildings. To obtain an accurate total of all the energy used in such a building, the owner must rely on the utility Philip Henderson is an attorney with the Natural Resources Defense Council in Washington, DC. He holds a J.D. from the University of Virginia. Charlie Harak is Managing Attorney of the energy unit at the National Consumer Law Center in Boston. He holds a J.D. from Northeastern University. The authors are grateful to Maria Stamas and Ralph Cavanagh of NRDC for assistance with this article. November 2015, Vol. 28, Issue 9 1040-6190/# 2015 Elsevier Inc. All rights reserved., http://dx.doi.org/10.1016/j.tej.2015.09.018 33
to deliver aggregated building usage information (ABUI) (e.g. 102,000 kilowatt-hours in June 2015) summed up from multiple customer accounts. Building owners need ABUI to obtain Energy Star scores,1 for benchmarking,2 for routine management of building systems, to assess opportunities to make efficiency repairs and improvements, and more. M any utilities make it very difficult for owners to get ABUI because of concern about the privacy of each customer’s account information. The aggregated total does not, on its own, contain any personally identifiable information of any included utility customers. But in a few instances, such as buildings with one tenant, there is a risk of ‘‘re-identification’’ – a building owner might be able to use the anonymous ABUI to discern facts about the utility usage of an individual tenant in the building. Some utilities and advocates have argued any risk of re- identification means a utility may only deliver ABUI to a building owner if the owner has the permission of each included customer or tenant, often on a utility’s paper-based forms. There is no reason for such an overly broad and strict policy. It sacrifices the many beneficial uses of ABUI in order to guard against narrow risks that can be fully addressed in less restrictive ways. Utilities, utility commissions, and boards of publicly owned utilities in many states3 have struggled to implement a reasonable policy to deliver ABUI to building owners who need it while also assuring customer privacy is protected. I n this article we offer a solution. We first examine the privacy question raised when utilities deliver ABUI to building owners. We find that in the vast majority of scenarios, utilities may deliver ABUI to building owners without compromising customers’ confidentiality interests in any way. This is true of commercial and multifamily residential buildings. To handle the situations where ABUI could convey information about a customer, such as in buildings with only a few tenants, we offer specific protective measures for utilities to consider. Useful guidance is available in the practices of federal agencies that routinely publish aggregated information compiled from sensitive personal information. Many utilities have argued it is difficult to meet energy savings goals,4 yet many utilities maintain unnecessarily restrictive policies for building owners to get basic energy usage information needed to operate their buildings efficiently. Utilities, utility regulators, and boards of publicly owned utilities should implement reasonable policies to protect customer privacy while delivering ABUI to the majority of building owners who need it. II. Customers’ Interests in Assuring Owners Have ABUI Most utilities treat customer usage information as confidential information.5 In some places, such as California and New Jersey,6 confidentiality is required by statute, and in some places it is required by utility commission regulations.7 Even if not required by statute or regulation, utilities commonly have privacy policies to treat customer usage information essentially as confidential information.8 Customers’ interests in preserving the confidentiality of usage information are important and well established. Customers also have strong interests in favor of allowing building owners to have ABUI. This customer interest is not established or embodied in policy, but it is compelling and should be included in any assessment of the privacy question posed. The building Many utilities make it very difficult for owners to get ABUI because of concern about the privacy of each customer’s account information. 34 1040-6190/# 2015 Elsevier Inc. All rights reserved., http://dx.doi.org/10.1016/j.tej.2015.09.018 The Electricity Journal
owner’s ability to obtain ABUI enables better management of energy use in the building and facilitates energy efficiency repairs and investments, which can reduce utility expenses for residents or occupants and improve conditions in the building.9 C ustomers as a class have a well-understood interest in facilitating energy efficiency in all buildings in their utility’s service territory – it makes for a better utility system10 – but the interest is very strong for customers who actually reside in apartment buildings and occupy commercial buildings as tenants. Tenants generally must rely on the owner to address energy-related improvements. ABUI is critical to understand energy use because it reflects how a building is performing as a system. ABUI is required for a building owner to obtain an Energy Star score, which shows energy usage intensity for the entire building and compares total usage against similar buildings in the market. Prospective tenants can use the resulting Energy Star scores to shop among buildings and negotiate lease terms. Without an Energy Star score a building owner might not be eligible to compete for certain tenants.11 Building owners with scores showing high energy efficiency may realize higher returns.12 Customers living in rental housing are often the least able to endure the costs of wasted energy, yet rental housing in many cities has high efficiency potential, indicating the need for owners to improve efficiency.13 Investments to improve efficiency are made more difficult when the owner cannot obtain ABUI. For these reasons, Fannie Mae, one of the country’s largest multifamily mortgage lending institutions, worked with the U.S. EPA to create an Energy Star score tuned to multifamily properties.14 Accurate ABUI helps to solve a problem unique to affordable housing: setting accurate utility allowances. In much federally subsidized housing, a tenant’s total ‘‘shelter costs’’ are capped as a percentage of the tenant’s income. Shelter costs include rent paid to the owner plus an allowance for utility bills paid by the tenant. A larger ‘‘utility allowance’’ means the tenant pays less in rent to the owner, and a smaller utility allowance means the tenant pays more rent to the owner. To justify investing in efficiency repairs and improvements, an owner of subsidized rental units will need ABUI to assure that the utility allowance is adjusted to properly reflect lower actual utility expenses.15 The inability of owners to obtain accurate ABUI is a major barrier to housing agencies implementing corrected utility allowance calculations to give owners incentives to invest to improve the efficiency of affordable housing. For these reasons, the Secretary of the U.S. Department of Housing and Urban Development recently wrote an open letter to utilities seeking their assistance to resolve the problems preventing access to ABUI in order to save taxpayer funds and to help give owners better incentives to invest in efficiency repairs.16 Even if a building owner is unwilling to invest in greater energy efficiency, many cities now require owners to report efficiency information to the city based on ABUI and other efficiency indicators, such as energy usage intensity or Energy Star scores.17 This information, indicting a building’s relative efficiency level, can be used by prospective tenants in rental decisions, by current tenants to persuade the owner to invest in repairs and improvements, by lenders and property insurers, by municipalities for planning purposes, and more. The ability of owners to obtain the needed ABUI is a critical input to the decision of policymakers to ABUI is critical to understand energy use because it reflects how a building is performing as a system. November 2015, Vol. 28, Issue 9 1040-6190/# 2015 Elsevier Inc. All rights reserved., http://dx.doi.org/10.1016/j.tej.2015.09.018 35
implement benchmarking requirements in the first place.18 Consumer interests in favor of disclosure are reflected in the resolutions passed by the National Association of State Utility Consumer Advocates, which supported utilities delivering benchmarking information for multifamily buildings (see Resolution 2013-5), the National Association of Regulatory Utility Commissioners (NARUC), supporting benchmarking generally, and the National Association of State Energy Offices (NASEO).19 T hus, when exploring how to protect customers’ interests, it is essential to consider not only interests in confidentiality but also customers’ strong interests in assuring building owners are able to obtain ABUI. III. Applying Utilities’ Confidentiality Obligations: Reasonable Standards ABUI in multi-tenant buildings is aggregated information and does not contain customer information or any personally identifiable information. It is simply the number of kilowatt- hours or units of gas used in a period. Privacy concerns arise if there is risk that a customer’s information could be ‘‘re- identified’’ (or disaggregated) from the total. The California Public Utility Commission (CPUC) correctly addressed this exact question in 2011 in a CPUC decision implementing Sections 8380 and 8381 of the California Public Utility Code, which are the code sections that require utilities to treat customer usage information as confidential information.20 The CPUC held that aggregated usage information is not subject to the restrictions in Sections 8380 and 8381 on sharing customer usage information so long as personally identifiable information ‘‘cannot reasonably be identified or re-identified’’ from the aggregated total21 (emphasis added). The CPUC correctly looked to reasonableness as the guiding standard for whether aggregated information such as ABUI can be re-identified to reveal personally identifiable information (or PII). It is helpful to understand the deep extent to which privacy law is infused with a reasonableness standard in order to understand how to apply it to the question of delivering ABUI to building owners.22 R easonableness is often expressly stated in legal requirements that govern how companies share customer information. The California statute that requires electric and gas utilities to treat customer information as confidential information states: ‘‘An electrical corporation or gas corporation shall use reasonable security proceduresandpracticestoprotect a customer’s unencrypted electrical consumption data from unauthorized access, destruction, use, modification, or disclosure. . .’’23 (emphasisadded). Privacy statutes governing other commercial sectors typically rest on a reasonableness standard. The Gramm-Leach- Bliley Act, which regulates how financial institutions handle and share customers’ financial information, essentially requires reasonable care in handling customer information.24 California’s recent Online Privacy Act provides a reasonableness standard for Web sites and online services that collect personally identifiable information. Companies must not ‘‘negligently and materially’’ allow unauthorized disclosures or violate their stated privacy policies.25 Reasonableness is often embodied in utilities’ customer- facing privacy policies. PG&E’s customer-facing privacy policy is typical and states, in part: ‘‘Your Reasonableness is often expressly stated in legal requirements that govern how companies share customer information. 36 1040-6190/# 2015 Elsevier Inc. All rights reserved., http://dx.doi.org/10.1016/j.tej.2015.09.018 The Electricity Journal
privacy is a top priority for PG&E and we will make every reasonable effort to protect your personal information.’’26 Utilities routinely share confidential usage information with service providers according to non-disclosure agreements that commit the recipient to use reasonable care in handling the customer information.27 R easonableness is embodied in enforcement of privacy standards. The Federal Trade Commission (FTC) has general enforcement authority for unfair and deceptive practices and has becomeadefactoregulatorofmany privacy-related activities.28 The FTC has adopted a reasonableness standard for its enforcement authority: ‘‘The FTC’s legal authority in the privacy area is broad and flexible, we apply a consistent standard designed to protect consumer privacy and to send clear signals to industry: we expect companies to take reasonablestepstoaddress risks to the security and privacy of individuals’ information. . .’’29 State enforcement of privacy policies, expressed in attorney general actions, typically follows similar standards, directing holders of confidential information to follow reasonable standards.30 IV. What Is Reasonable in a Policy for Sharing ABUI? ‘‘Reasonableness’’ can seem to be vague guidance for a utility or utility commission setting rules for when to share ABUI with a building owner, but there are useful and specific standards to draw upon. The Confidential Information Protection and Statistical Efficiency Act of 2002 (CIPSEA)31 allows publication of statistics, including aggregated energy usage information, so long as individual usage information is not in ‘‘identifiable form,’’ which is defined as ‘‘any representation of information that permits the identity of the respondent to whom the information applies to be reasonably inferred by either direct or indirect means.’’32 The U.S. Department of Health and Human Services (HHS) established rules to implement the Health Insurance Portability and Accountability Act (HIPAA), which requires reasonable safeguards to protect a person’s health information.33 HHS rules give companies two safe-harbor compliance paths to publish aggregated information.34 One option is for the holder of the confidential information to obtain an expert opinion that the risk an anticipated recipient can re- identify the individuals is ‘‘very small’’ using information that is ‘‘reasonably available.’’ The second option is for the holder to remove all PII from the information so long as the holder does not have ‘‘actual knowledge’’ that the aggregated information could be used to re- identify included individuals. Either method will assure the provider of aggregated information will comply with the requirements of HIPAA for aggregated information to be released. It is helpful to also state what reasonableness does not require. Reasonableness means utilities are not obligated to protect every piece of customer information against every remote or de minimis risk of disclosure at all costs. Such an absolutist approach to protecting confidential customer information would over-protect information from benign or trivial risks and would needlessly sacrifice the value to be gained from using and sharing usage information with care. Merely because someone can describe a risk of disclosure or re- identification – for example, that a building owner might possibly discern customer information from ABUI – does not mean the Utilities routinely share confidential usage information with service providers according to non-disclosure agreements that commit the recipient to use reasonable care in handling the information. November 2015, Vol. 28, Issue 9 1040-6190/# 2015 Elsevier Inc. All rights reserved., http://dx.doi.org/10.1016/j.tej.2015.09.018 37
information may not be shared in certain circumstances or subject to other protections. V. What Does This Mean for Utilities and Utility Regulators? As utilities and utility regulators consider policies to handle building owner requests for ABUI, reasonableness should be the central guidepost. The essence of a reasonable privacy policy is tailoring protections to actual risks. W e recommend utilities and utility regulators consider a three-step process: First, assess the actual risks ABUI can reveal customer information to a building owner. Second, assess the level of potential harm to building tenants or others associated with disclosure of ABUI to building owners. And third, establish protections tailored to the identified risks.35 This approach draws upon the process set forth in the Gramm- Leach-Bliley Act (GLB) governing how financial institutions protect customer financial information. In GLB, Congress emphasized that the process of assessing risks of unauthorized disclosure, assessing the risk of harm, and assessing the sufficiency of measures to address risks is the centerpiece of good policy and of compliance, not whether protections prevent every possible unauthorized disclosure.36 Step 1. What are the actual risks ABUI can reveal customer information? The primary scenario in which ABUI could be used by a building owner to discern the usage of an included tenant is buildings with one tenant – the ABUI is essentially the tenant’s usage. If a building with one tenant includes one or more owner’s meters, the owner could discern the tenant’s usage information by subtracting the owner’s information from ABUI. The second scenario is if a building owner collects the usage of all tenants except one, such as by getting copies of paper bills, then subtract that sum from ABUI to identify the usage of the remaining tenant. A quick reality check: any landlord interested in knowing how much electricity or gas a tenant uses would simply manually read the meter, located on the exterior wall of most apartment buildings or in the utility closet in most office buildings. While it is conceivable, there is no reason to think an owner would make a request for ABUI from a utility, then collect other tenants’ bills to disaggregate the whole-building total, all to identify the usage of a tenant. T here appears to be no evidence showing that a building owner could use ABUI alone to re-identify a customer’s usage if the ABUI is composed of two or more active tenants’ meters. The best source of facts about the actual risks presented is the experience of utilities, their customers, and building owners in locations where ABUI is shared with building owners. We understand there are many utilities that share ABUI with owners, without the owner obtaining each included customer’s permission, so long as the ABUI is totaled for at least two customers, as shown in Table 1.37 We made inquiries with several utilities with current practices to deliver ABUI to building owners and we were given no reports of customers complaining of building owners improperly using ABUI to discern the usage of a customer. Utilities and utility regulators examining the question posed should look to the experience of other utilities as an important source of facts about risk. Some critics of releasing ABUI to building owners have cited a recent study from Pacific Northwest National Laboratories that tested the likelihood a 38 1040-6190/# 2015 Elsevier Inc. All rights reserved., http://dx.doi.org/10.1016/j.tej.2015.09.018 The Electricity Journal
building owner could guess a tenant’s usage by assuming that every tenant’s use is an equal share of the total whole-building usage. The authors of the PNNL study divided ABUI for buildings by the number of utility meters in the building (using building-level usage data from gas and electric utilities), and compared this whole-building average to each included tenant’s actual usage.38 Evenif one were worried about the risk a landlord might guess a tenant’s usage, the study results were uninformative. The authors found that in commercial buildings with three meters, the whole building average is ‘‘similar to’’ the usage of any one included meter in only about 30 percent of the tested buildings, and only about 40 percent of the time in buildings with only two meters.39 The meter that is ‘‘similar to’’ the wholebuilding averagecould very well be the owner’s meter, not a tenant’s meter. This is a major problem with using the study results for the question at hand because there is no confidentiality problem with an owner using ABUI to guess its own usage.40 Step 2. Assess the threat level associated with disclosure of ABUI to building owners. Not all confidential information requires the same level of protection against disclosure to every potential recipient. A person’s home address might be considered confidential in a transaction, particularly along with other identifying information, but might present no risk to the individual if disclosed on its own because the same information might be easily found in public records. In contrast, a person’s address along with identifying bank account information can be used to cause financial harm and should be handled with greater protection. Reasonableness requires protections to be tailored to prevent disclosures that present risk of actual harm to customers.41 Utilities are not expected to make individualized determinations of the harm associated with unauthorized disclosure, which can be subjective to the person involved, but instead must assess levels of protection based on reasonable judgement and typical understanding of facts and circumstances. T he facts strongly suggest the likelihood is very low a tenant would be harmed if a building owner is somehow able to use ABUI to discern information about the tenant’s utility usage. The main reason for this conclusion about ABUI is that a building owner can already obtain a tenant’s utility usage information directly from the meter if he or she were to want it, without seeking ABUI from the utility. Many meters have eye- readable displays. In many buildings, meters that display usage are located on exterior walls, open to the public! In many commercial office buildings meters are located in a service room or basement area the owner can easily access. Second, the kind of facts the owner might learn about a tenant from disaggregating ABUI – such as the presence of energy- intensive equipment, or long business hours – are facts the owner could obtain directly since owners have access to tenants’ premises, allowing inspection. In many buildings owners have the right to install submetering equipment to directly measure a tenant’s usage if desired. Finally, unlike a person’s financial information, one must conjure an extraordinary fact pattern to even imagine how a building owner would use utility usage information to cause harm to a tenant. The owner only needs Table 1: Selected Utilities’ ABUI Policies. Utility Minimum Number of Meters Austin Energy (Texas) 4 Avista (Washington) 2 Commonwealth Edison (Illinois) 4 Consolidated Edison (New York) 2 Eversource (Boston) 4 National Grid (Boston/NY) 4 Pepco (District of Columbia) 5 Puget Sound Energy (Washington) 5 November 2015, Vol. 28, Issue 9 1040-6190/# 2015 Elsevier Inc. All rights reserved., http://dx.doi.org/10.1016/j.tej.2015.09.018 39
ABUI if tenants are responsible for some or all of their own utility bills; in a master-metered building, the owner would get whole-building usage information on the owner’s own bills. Even if the owner could discern that a particular tenant, for example, was using much more electricity than other tenants, the owner is unlikely to take any harmful action against that tenant because the tenant, not the owner, is bearing the burden of the higher bills. These facts could allow some to argue that utility usage information is not confidential in the first place vis-a-vis the owner.42 The facts certainly show that disclosing ABUI to the building owner is not likely to create any real threat of harm to tenants that does not already exist. U tility delivery of ABUI to building owners adds speed, data integrity, and saves costs for owners trying to make decisions about energy management and wise energy efficiency investments, which, in turn, provide many benefits to the owner and the tenant. Access to ABUI does not give the owner any facts he or she could not obtain directly from another source, and it is hard to imagine how or why a building owner would harm its tenant due to learning about the tenant’s level of utility consumption.43 Step 3. Tailor protections to the identified risks. A reasonable policy for delivering ABUI to building owners should include protections tailored to the specific risks that are present. It can be tempting to include overly broad protections and to jealously guard customer information in order to foreclose any risk of disclosure, but doing so would impair customers’ interests by inhibiting owners from the many beneficial uses of the information. We offer a specific set of protections for utilities and utility commissions to consider. Our suggestions respond to the specific risks that appear to be present and are subject to any additional state-specific standards that might apply44 : 1. Establish customer protections applicable to all building owner requests for ABUI: o Require building owners to register with the utility to be eligible to obtain ABUI.45 This process could include owners accepting terms of use for the information with a commitment to use it for permissible purposes such as operating the building, complying with benchmarking obligations, and the like. o Require the requesting party to demonstrate that it is the building owner (e.g. by providing proof from property records or other reasonably reliable evidence). o Record all owner requests for ABUI, subject to the utility’s standard record keeping requirements. o Deliver an annual notice to included customers that their building owner has registered to receive ABUI. Notice to customers is widely accepted as a basic Fair Information Practice and allows the customers to respond if they have a particularly heightened concern.46 o Include in the utility’s customer-facing privacy policy that ABUI is shared with owners of buildings along with contact information for the utility or utility commission if the customer has reason to believe ABUI is being misused. 2. Identify those buildings that merit heightened protections. In buildings with one tenant, ABUI, in effect, delivers customer-specific usage information to the owner. For these buildings, the building owner should be required to obtain express customer permission to obtain ABUI. In light of customer sensitivity about confidential information, some utilities and regulators may conclude an additional layer of 40 1040-6190/# 2015 Elsevier Inc. All rights reserved., http://dx.doi.org/10.1016/j.tej.2015.09.018 The Electricity Journal
protection is merited. Some utilities and regulators may, for example, require owners to obtain customer permission for any building with two, three, or even four tenants. While there is no evidence showing a building owner could use aggregated ABUI of three tenants to re- identify an individual customer’s usage, it may be reasonable as an added precaution until more experience is available for study. Some utilities have selected a number of meters in a building – e.g. three or four – in lieu of making a determination about whether a meter is held by the owner, an operator, or a tenant.47 Another protective measure for buildings with few meters is to assure that any ABUI sum includes at least two meters with a substantial portion of total usage, which should greatly reduce the likelihood the ABUI would reveal information about any one included tenant. I t would also be reasonable to deem certain customer classes, such as industrial customers, subject to additional requirements, given that these customers are typically single tenants in buildings and may have heightened sensitivity to confidentiality of energy usage information. 3. Improve the process for customers to convey permission in standard leases. Many utilities still have a cumbersome process in place for owners to show they have obtained customer permission to use ABUI – it is often paper- based, requires wet signatures, and is difficult for owners, tenants, and the utility.48 Utilities and utility regulators should explore processes for the utility to accept customer permission incorporated in the owner’s standard lease agreement, without requiring the utility to manually review or keep a copy of every lease agreement. A workable process is used under the Fair Credit Reporting Act (FCRA), which could hold lessons for utilities. The FCRA allows credit reporting agencies (such as Equifax, Experian, and Transunion) to rely on a lender’s representation that it obtained customer permission to receive a credit report in its standard form loan application.49 Credit reporting agencies require lenders to complete a registration process before being eligible to request credit reports. The Act provides for penalties for any lender misrepresentation. Credit reporting agencies record every request on the customer’s report, allowing customers to raise alarms if there are unauthorized requests. It is not a perfect system, but it is a reasonable one to employ in the context of release of ABUI and would reduce transactions costs for all involved.50 I mproving the permission path could also deliver particular value to owners and residents of affordable housing and housing agencies because unit-specific information is often needed for accurate utility allowances. VI. Conclusion Utilities have a great track record of protecting customer information. They are rightly protective of their position of trust and skeptical of proposals to share customer information in new ways. But utilities also have ambitious and vital energy efficiency objectives and their customers have a strong interest in the lower energy expenses and improved property conditions that come with greater energy efficiency. Fortunately, utilities can accomplish both objectives. Utilities are positioned to help building owners to manage the energy use in their buildings and assess efficiency opportunities by delivering better information. With sensible terms and conditions, such as the policy we propose in this paper, utilities can share ABUI with building owners while protecting customers’ privacy interests.& November 2015, Vol. 28, Issue 9 1040-6190/# 2015 Elsevier Inc. All rights reserved., http://dx.doi.org/10.1016/j.tej.2015.09.018 41
Endnotes: 1. The U.S. EPA operates the Energy Star program, which offers building owners the ability to obtain a score based on energy use intensity of a building (e.g., energy use per square foot) using a system (Portfolio Manager) that combines utility usage information and building attributes. Energy Star gives a 1 to 100 score based on how energy usage of a building compares to usage of other similar buildings. A score of50meansenergyperformanceisatthe median, and a score of 75 means 25 percent of buildings have better performance. 2. ‘‘Energy use benchmarking is a process that either compares the energy use of a building or group of buildings with other similar structures or looks at how energy use varies from a baseline.’’ U.S. Environmental Protection Agency, Energy Star Building Upgrade Manual, 2008 (Section 2.1, page 2). 3. The question has arisen recently in California (Cal. Pub. Utilities Comm’n Rulemaking 08-12-009, Phase III Energy Data Center), Arizona (Az. Corp. Comm’n Docket No. RU-00000A-14- 0014), Colorado (Col. Pub. Utilities Comm’n Proceeding 14R-0394EG), Minnesota (Minn. Pub. Utilities Comm’n Docket E999/CI-12-1344), Maryland (Md. Pub. Serv. Comm’n Order No. 86581), among others. In September, 2015, the California legislature passed Assembly Bill 802 directing utilities in California to deliver whole-building usage information to building owners, even if compiled of multiple customer accounts. Cal. Assembly Bill 802, Enrolled Sept. 23, 2015 (pending governor’s signature as of date this article went to print). 4. See, e.g., Southern Company, comments to the EPA on Carbon Pollution Emission Guidelines for Existing Stationary Sources: Electric Utility Generating Units; Proposed Rule, Notice of Data Availability, and Notice (Docket ID EPA-HQ-OAR-2013- 0602) (at Section X, p. 166); and, Final Order In Re: MidAmerican Energy Co. (Docket No. EEP-2012-0002), State of Iowa, Dept. of Commerce, Utilities Board, Dec. 16, 2013. 5. There are some exceptions. For example, Gainesville Regional Utilities, a publicly owned utility in Gainesville, Fla., appears to provide usage information by address at a Web site (www.gainesville-green.com) that allows users to identify the usage of houses by address with mapping and search functions. 6. Cal. Pub. Util. Code § 8380(b)(1). See also CPUC Decision 11-07-056, July 28, 2011, implementing rules that govern how investor-owned utilities share customer information. For New Jersey, see N.J.S.A. 48:3-85(b)(1). 7. 16 Tex.Adm. Code § 25.44. 8. See, e.g., Duke Energy’s Code of Conduct (located at: www.duke-energy. com/pdfs/NC_Code_of_Conduct_ 07-02-2012.pdf), Consolidated Edison’s Privacy Policy (www.coned.com/ privacy/), and PG&E’s Privacy Policy (located at: www.pge.com/en/about/ company/privacy/). 9. For case studies describing how specific building owners use ABUI to achieve energy savings, see, e.g., studies prepared by the Seattle Office of Sustainability and Environment, Seattle (located at: www.seattle.gov/ environment/buildings-and-energy/ energy-benchmarking-and-reporting/ save-energy—case-studies), and studies on buildings in Philadelphia and Washington DC, by Institute for Market Transformation (http://www. imt.org/policy/building-energy- performance-policy/case-studies). 10. Jim Lazar and Ken Colburn, Recognizing the Full Value of Energy Efficiency, Regulatory Assistance Project, September 2013. 11. Some tenants will only lease space in a building with a high Energy Star score. Section 435 of The Energy Independence Security Act of 2007 requires U.S. General Services Administration (GSA) (the largest tenant in the country) to only lease space in buildings that have achieved the Energy Star designation, subject to certain exemptions. A full description of GSA’s lease requirements can be found in LAC-2011-13, located on the GSA website www.gsa.gov 12. Eichholtz, P., Kok, N., Quigley, J.M., 2010. Doing well by doing good? Green office buildings. Am. Econ. Rev. 100 (5), 2492–2509. 13. See Michael Carliner, Reducing Energy Costs in Rental Housing: The Need and the Potential, Harvard Joint Center for Housing, December 2013 (finding lower income families often spend up to 10 times what higher income families spend on utility expenses as a percent of income). For a description of efficiency potential, see Potential for Energy Savings in Affordable Multifamily Housing, prepared by Optimal Energy for Natural Resources Defense Council, May 2015 (located here: www.energyefficiencyforall. org/potential-energy-savings). 14. Fannie Mae, Transforming Multifamily Housing: Fannie Mae’s Green Initiative and Energy Star for Multifamily, September, 2014. For a description of Fannie Mae’s loan program to provide discounts to properties achieving a ‘‘green’’ designation, see www.fanniemae. com/content/fact_sheet/competitive- advantage-green-financing.pdf 15. In some cases, the owner’s ability to obtain unit-specific usage information can solve the problem noted. See Enterprise Community Partners, Fact Sheet: Energy Efficient Utility Allowance (located at: www. enterprisecommunity.com). 16. See Letter of Julian Castro, Secretary of the U.S. Department of 42 1040-6190/# 2015 Elsevier Inc. All rights reserved., http://dx.doi.org/10.1016/j.tej.2015.09.018 The Electricity Journal
Housing and Urban Development, to Utilities, Nov. 13, 2014 (located at: http://portal.hud.gov/hudportal/ documents/huddoc?id=SecOpen LtrUtil11-20-14.pdf). 17. For a description of city requirements and an estimate of effects, see K. Palmer and M. Walls, Can Benchmarking and Disclosure Laws Provide Incentives for Energy Efficiency Improvements in Buildings? Resources for the Future Discussion Paper DP 15- 09, March 2015 (reporting a preliminary finding of statistically significant correlation between disclosure and reduced energy use, subject to further analysis to follow). 18. Obtaining usage information manually on a monthly basis is time- consuming, costly, and likely to be error-prone. With access to tenants’ bills, the information on different accounts is on different billing cycles and must be conformed to a calendar month. For many building owners, the utility is the only practical source of ABUI. 19. NARUC Resolution on Access to Whole-Building Energy Data and Automated Benchmarking, July 20, 2011 (available at: http://www.naruc. org/Resolutions/Resolution on Access to Whole-Building Energy Data and automated Benchmarking.pdf). NASEO Resolution in Support of Access to Whole-Building Energy Data and Benchmarking, July 23, 2015 (available at: www.naseo.org/ news-article?NewsID=753). 20. Cal. Pub. Util. Code § 8380 applies to a utility corporation, and § 8381 to any publicly-owned utility, and both sections apply to utility usage information ‘‘made available as part of an advanced metering infrastructure.’’ See CPUC Decision 11-07-056 (Rulemaking 08-12-009), July 28, 2011. 21. CPUC Decision 11-07-056, Conclusions of Law, page 151. 22. See Solove and Hartzog, The FTC and the New Common Law of Privacy, 114 Columbia L. Rev. 583 (2014). Betzel, Privacy Law Developments in California, Vol. 2 I/S Journal of Law and Privacy, p. 831 (2012). 23. Cal. Pub. Util. Code § 8380(d). 24. See How To Comply with the Privacy of Consumer Financial Information Rule of the Gramm-Leach-Bliley Act, Federal Trade Commission, July 2002. 25. Cal Bus. & Prof. Code § 22576. Essentially, a firm is not negligent if it uses reasonable care. The Act’s requirement that a violation must be ‘‘material’’suggests another dimension – that the harm cannot be de minimis or abstract to violate the Act. See also Kelsey Finch, The Evolving Nature of Consumer Privacy Harm, https:// privacyassociation.org/news/a/ the-evolving-nature-of-consumer- privacy-harm/ 26. PG&E privacy policy, located online at: www.pge.com/en/about/ company/privacy/ 27. Electric Sample Form No. 79-948, Non Disclosure Agreement with Electric Service Provider, Section 11.1 (located at: http://www.pge.com/ tariffs/tm2/pdf/ELEC_FORMS_ 79-948.pdf). 28. See Solove and Hartzog, The FTC and the New Common Law of Privacy, 114 Columbia L. Rev. 583 (2014). There are no federal statutes specifically governing how utilities handle customer usage information. Statutes of general application could potentially be triggered by a utility’s customer information practices, such as the Gramm Leach Bliley Act which generally applies to consumer financial information, and the Fair Credit Reporting Act, which governs information related to creditworthiness. ABUI does not appear to be governed by either Act. 29. U.S. Federal Trade Commission Staff Comments to the European Commission on its ‘‘Draft Recommendation on the implementation of privacy, data protection and information security principles in applications supported by RadioFrequencyIdentification(RFID).’’ (Located on the FTC Web site). Also see, a recent FTC settlement with data broker, Compete, Inc., required the company to implement ‘‘reasonable safeguards tocontrol the risks identified through risk assessment, and regular testing or monitoring of the effectiveness of the safeguards’ key controls, systems, and procedures.’’ Compete, Inc.; Analysis of Proposed ConsentOrder ToAidPublicComment, 77 Fed. Reg. 2089, Oct. 29, 2012. 30. See Massachusetts standards issued by the Office of Consumer Affairs and Business Regulation which provide a detailed description of how companies should assess risks and establish practices to protect customer information, emphasizing reasonableness and care appropriate to risks presented. Standards for the Protection of Personal Information of Residents of the Commonwealth, 201 CMR 17.00. 31. Enacted as Title V of the E- Government Act of 2002 (Pub. L. 107- 3347). 32. E-Government Act of 2002, Pub. L. 107-347, § 502(4). See also Office of Management and Budget, M-03-22, OMB Guidance for Implementing the Privacy Provisions of the E- Government Act of 2002. 33. Pub. L. No. 104-191, 110 Stat. 1936 (1996). 34. See 45 CFR § 164.514. Also stated in ‘‘Guidance Regarding Methods for De-identification of Protected Health Information in Accordance with the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule,’’ located at: http://www.hhs. gov/ocr/privacy/hipaa/ November 2015, Vol. 28, Issue 9 1040-6190/# 2015 Elsevier Inc. All rights reserved., http://dx.doi.org/10.1016/j.tej.2015.09.018 43
understanding/coveredentities/ De-identification/guidance.html 35. See Hunton and Williams, A Risk- based Approach to Privacy: Improving Effectiveness in Practice(located at www. hunton.com/files/upload/ Post-Paris_Risk_Paper_June_2014. pdf); Paul Ohm, Broken Promises of Privacy: Responding to the Surprising Failure of Anonymization, 57 UCLA Law Review 1701 (2010); and Jane Yakowitz, Tragedy of the Data Commons, Harvard Journal of Law and Technology, Vol. 25, 2011 (March 18, 2011). 36. See 12 C.F.R. pt. 30, App. B(III)(B) (2014) (OCC). See also Peter Sloan, The Reasonable Information Security Program (paper located at http://jolt. richmond.edu/index.php/the- reasonable-information-security- program). 37. See Regulatory Assistance Project, Driving Building Efficiency with Aggregated Customer Data, July 2013. We supplemented the information in the RAP report with additional information compiled from utilities. We note that Colorado has an open proceeding on this subject and has issued a proposed decision to implement a minimum of four customers. Proposed Decision, Col. PUC Docket14R-0394EG, published Jan. 25, 2015. 38. Livingston, et al, Commercial Building Tenant Energy Usage Data Aggregation and Privacy, Pacific Northwest NationalLaboratory, Report PNNL-23786, October 2004. 39. Delivery of ABUI to owners will likely have the most value in larger buildings with more than two or three tenants. As we note at Step 3, a cautious regulator could require that ABUI can only be released in buildings with four or more meters, as is currently implemented by six of the eight utilities listed in Table 1. 40. Another problem with the report is that electricity or gas usage on an individual meter could be deemed ‘‘similar to’’ the whole building average even if the amount of usage is quite different, so long as the ‘‘shape’’ of the usage curves across 12 months are similar to each other. See Technical Appendix, November 2014, located at www.pnnl.gov/main/publications/ external/technical_reports/ PNNL-SA-106581.pdf 41. See Ohm, Broken Promises of Privacy: Responding to the Surprising Failure of Anonymization, 57 UCLA Law Review 1701 (2010); Yakowitz, Tragedy of the Data Commons, Harvard Journal of Law and Technology, Vol. 25, 2011 (March 18, 2011); Hunton & Williams LLP, A Risk-based Approach to Privacy, https://www.hunton. com/files/upload/Post-Paris_Risk_ Paper_June_2014.pdf 42. Confidential information is typically defined in non-disclosure agreements as excluding information the other party already has or could obtain. See Electric Sample Form No. 79-948, Non Disclosure Agreement with Electric Service Provider, Section 11.1 (located at: www.pge.com/tariffs/ tm2/pdf/ELEC_FORMS_ 79-948.pdf). 43. This point is further underscored by a recent law review article on privacy in which the author argues against a reliance on ‘‘math and statistics’’ to protect against the risk of re-identification, and argues instead in favor of ‘‘contextual’’ factors, such as examining the relationship between the parties, the history of disclosures between similar parties, and whether traditions and structural features of the industry ‘‘instill confidence or doubt about the likelihood of privacy.’’ Ohm, Broken Promises of Privacy: Responding to the Surprising Failure of Anonymization, 57 UCLA Law Review 1701 (2010) (see text at pps. 1762–1769). 44. These specific protections are not intended to be legal advice or relied upon without the advice and guidance of counsel. 45. Registration of building owners is similar to a function used by credit reporting agencies to comply with the requirement of the Fair Credit Reporting Act to assure users of credit reports have a ‘‘permissible purpose.’’ A reasonable safeguard is for the agencies to require users of credit reports to register, certify to the expected use of the reports, and commit to only request information in accord with that use. This allows the credit bureau to fulfill requests with automation. See 15 U.S.C § 1681e, and see Consumer Financial Protection Bureau, Examination Procedures, Consumer Protection Agencies, 2012 (http://files.consumerfinance.gov/f/ 201209_cfpb_Consumer_ Reporting_ Examination_Procedures.pdf). 46. Fair Information Practices are described in Federal Trade Commission’s Privacy Online: Fair Information Practices in the Electronic Marketplace, A Report to Congress, May 2000. We do not suggest that notice to customers alone is sufficient to enable any practice, but that notice to customers can be an important element of a policy in combination with other protective practices. 47. We understand Sacramento Municipal Utility District allows the owner to obtain ABUI for benchmarking purposes by providing the account number of each included tenant in the building, which serves as a proxy for customer permission. It may be reasonable in light of the low risk of harm involved and the likelihood that the owner could only obtain account numbers with the tenant’s knowledge and consent. 48. Even with online methods (such as ‘‘Green Button Connect’’ or similar functions), utilities may require each included tenant to manually enter account information and information about the intended recipient. This can mean problems for the integrity of the ABUI when one tenant moves out or fails to conform. It also means substantial cost for the owner to monitor and maintain all tenant approvals at all times. 49. 15 U.S.C § 1681b (a)(3)(A). The Section reads: ‘‘. . .any consumer reporting agency may furnish a consumer report . . . (3) To a person which it has reason to believe. . . (A) intends to use the information in connection with a credit transaction involving the consumer. . .’’ 50. See Consumer Financial Protection Bureau, Key Dimensions and Processes in the U.S. Credit Reporting System: A review of how the nation’s largest credit bureaus manage consumer data, December 2012. 44 1040-6190/# 2015 Elsevier Inc. All rights reserved., http://dx.doi.org/10.1016/j.tej.2015.09.018 The Electricity Journal

Recommended

E4 l localenergy_3
E4 l localenergy_3E4 l localenergy_3
E4 l localenergy_3Andre Burgess
 
Deck inv
Deck invDeck inv
Deck invEcocompass, Inc.
 
2012 Tutorial: Markets for Differentiated Electric Power Products
2012 Tutorial: Markets for Differentiated Electric Power Products2012 Tutorial: Markets for Differentiated Electric Power Products
2012 Tutorial: Markets for Differentiated Electric Power ProductsSean Meyn
 
RPS and RECs – Managing an Increasing Regulatory Burden
RPS and RECs – Managing an Increasing Regulatory BurdenRPS and RECs – Managing an Increasing Regulatory Burden
RPS and RECs – Managing an Increasing Regulatory BurdenCTRM Center
 
installer Presentation
installer Presentationinstaller Presentation
installer PresentationEcocompass, Inc.
 
Branding of Energy Efficiency – Task 20 of the IEA DSM Programme
Branding of Energy Efficiency – Task 20 of the IEA DSM ProgrammeBranding of Energy Efficiency – Task 20 of the IEA DSM Programme
Branding of Energy Efficiency – Task 20 of the IEA DSM ProgrammeIEA DSM Implementing Agreement (IA)
 
Sgcp12 simon-farmpower
Sgcp12 simon-farmpowerSgcp12 simon-farmpower
Sgcp12 simon-farmpowerJustin Hayward
 
Public Private Partnerships that Promote Global Health
Public Private Partnerships that Promote Global HealthPublic Private Partnerships that Promote Global Health
Public Private Partnerships that Promote Global Healthegiegerich
 

Recommended

E4 l localenergy_3
E4 l localenergy_3E4 l localenergy_3
E4 l localenergy_3Andre Burgess
 
Deck inv
Deck invDeck inv
Deck invEcocompass, Inc.
 
2012 Tutorial: Markets for Differentiated Electric Power Products
2012 Tutorial: Markets for Differentiated Electric Power Products2012 Tutorial: Markets for Differentiated Electric Power Products
2012 Tutorial: Markets for Differentiated Electric Power ProductsSean Meyn
 
RPS and RECs – Managing an Increasing Regulatory Burden
RPS and RECs – Managing an Increasing Regulatory BurdenRPS and RECs – Managing an Increasing Regulatory Burden
RPS and RECs – Managing an Increasing Regulatory BurdenCTRM Center
 
installer Presentation
installer Presentationinstaller Presentation
installer PresentationEcocompass, Inc.
 
Branding of Energy Efficiency – Task 20 of the IEA DSM Programme
Branding of Energy Efficiency – Task 20 of the IEA DSM ProgrammeBranding of Energy Efficiency – Task 20 of the IEA DSM Programme
Branding of Energy Efficiency – Task 20 of the IEA DSM ProgrammeIEA DSM Implementing Agreement (IA)
 
Sgcp12 simon-farmpower
Sgcp12 simon-farmpowerSgcp12 simon-farmpower
Sgcp12 simon-farmpowerJustin Hayward
 
Public Private Partnerships that Promote Global Health
Public Private Partnerships that Promote Global HealthPublic Private Partnerships that Promote Global Health
Public Private Partnerships that Promote Global Healthegiegerich
 
Does Your Building Measure Up?
Does Your Building Measure Up?Does Your Building Measure Up?
Does Your Building Measure Up?Eugene Belli
 
EE Reports Metering 101 Guide: Benefits and Applications of Submetering
EE Reports Metering 101 Guide: Benefits and Applications of SubmeteringEE Reports Metering 101 Guide: Benefits and Applications of Submetering
EE Reports Metering 101 Guide: Benefits and Applications of SubmeteringEEReports.com
 
SSC2011_Michael Bodaken PPT
SSC2011_Michael Bodaken PPTSSC2011_Michael Bodaken PPT
SSC2011_Michael Bodaken PPTNational Housing Conference & the Center for Housing Policy
 
November 21, 2013 | Next Steps: Financing solar for your business | Victor Ro...
November 21, 2013 | Next Steps: Financing solar for your business | Victor Ro...November 21, 2013 | Next Steps: Financing solar for your business | Victor Ro...
November 21, 2013 | Next Steps: Financing solar for your business | Victor Ro...Fresh Energy
 
Five myths of Renewable Energy 2013 Bangkok Prabaljit Sarkar
Five myths of Renewable Energy 2013 Bangkok Prabaljit SarkarFive myths of Renewable Energy 2013 Bangkok Prabaljit Sarkar
Five myths of Renewable Energy 2013 Bangkok Prabaljit SarkarPrabaljit Sarkar
 
Banking on Energy Efficiency in Real Estate
Banking on Energy Efficiency in Real EstateBanking on Energy Efficiency in Real Estate
Banking on Energy Efficiency in Real EstateVirtual ULI
 
Tech Insight: Utility Ownership of Rooftop Solar
Tech Insight: Utility Ownership of Rooftop SolarTech Insight: Utility Ownership of Rooftop Solar
Tech Insight: Utility Ownership of Rooftop SolarSean Ong
 
Searching for 100% original and safe abortion pills? Contact +971581248768 fo...
Searching for 100% original and safe abortion pills? Contact +971581248768 fo...Searching for 100% original and safe abortion pills? Contact +971581248768 fo...
Searching for 100% original and safe abortion pills? Contact +971581248768 fo...DUBAI (+971)581248768 BUY ABORTION PILLS IN ABU dhabi...Qatar
 
Get in touch with +971581248768 to purchase original and safe abortion pills ...
Get in touch with +971581248768 to purchase original and safe abortion pills ...Get in touch with +971581248768 to purchase original and safe abortion pills ...
Get in touch with +971581248768 to purchase original and safe abortion pills ...DUBAI (+971)581248768 BUY ABORTION PILLS IN ABU dhabi...Qatar
 
Contact +971581248768 to buy 100% original and safe abortion pills in Dubai a...
Contact +971581248768 to buy 100% original and safe abortion pills in Dubai a...Contact +971581248768 to buy 100% original and safe abortion pills in Dubai a...
Contact +971581248768 to buy 100% original and safe abortion pills in Dubai a...DUBAI (+971)581248768 BUY ABORTION PILLS IN ABU dhabi...Qatar
 
Get in touch with +971581248768 to purchase Abortion Pills in Dubai, Abu Dhab...
Get in touch with +971581248768 to purchase Abortion Pills in Dubai, Abu Dhab...Get in touch with +971581248768 to purchase Abortion Pills in Dubai, Abu Dhab...
Get in touch with +971581248768 to purchase Abortion Pills in Dubai, Abu Dhab...DUBAI (+971)581248768 BUY ABORTION PILLS IN ABU dhabi...Qatar
 
Looking for safe abortion pills? Dial +971581248768 for availability in Dubai...
Looking for safe abortion pills? Dial +971581248768 for availability in Dubai...Looking for safe abortion pills? Dial +971581248768 for availability in Dubai...
Looking for safe abortion pills? Dial +971581248768 for availability in Dubai...DUBAI (+971)581248768 BUY ABORTION PILLS IN ABU dhabi...Qatar
 
Need safe abortion pills? Call +971581248768 for 100% original and safe produ...
Need safe abortion pills? Call +971581248768 for 100% original and safe produ...Need safe abortion pills? Call +971581248768 for 100% original and safe produ...
Need safe abortion pills? Call +971581248768 for 100% original and safe produ...DUBAI (+971)581248768 BUY ABORTION PILLS IN ABU dhabi...Qatar
 
Fact Sheet: Commercial PACE Financing
Fact Sheet: Commercial PACE FinancingFact Sheet: Commercial PACE Financing
Fact Sheet: Commercial PACE FinancingThe Solar Foundation
 
business-models.pdf
business-models.pdfbusiness-models.pdf
business-models.pdfImadRiaz2
 
Rate Designs for Changing Times
Rate Designs for Changing TimesRate Designs for Changing Times
Rate Designs for Changing TimesJohn Wolfram
 
[Era] cost reduction guide - issue 1 - property and premises costs
[Era] cost reduction guide - issue 1 - property and premises costs[Era] cost reduction guide - issue 1 - property and premises costs
[Era] cost reduction guide - issue 1 - property and premises costsManuel A. Velazquez
 
Cost Reduction Guide Issue 1 Property And Premises Costs
Cost Reduction Guide Issue 1 Property And Premises CostsCost Reduction Guide Issue 1 Property And Premises Costs
Cost Reduction Guide Issue 1 Property And Premises Costsymw15
 
Multi fam metro assessment
Multi fam metro assessmentMulti fam metro assessment
Multi fam metro assessmentmlemmon137
 
Owner Tenant Engagement in Sustainable Property Investing
Owner Tenant Engagement in Sustainable Property InvestingOwner Tenant Engagement in Sustainable Property Investing
Owner Tenant Engagement in Sustainable Property InvestingJosh Develop
 

More Related Content

Similar to Electricity Journal Article - Henderson and Harak 11-2015

Does Your Building Measure Up?
Does Your Building Measure Up?Does Your Building Measure Up?
Does Your Building Measure Up?Eugene Belli
 
EE Reports Metering 101 Guide: Benefits and Applications of Submetering
EE Reports Metering 101 Guide: Benefits and Applications of SubmeteringEE Reports Metering 101 Guide: Benefits and Applications of Submetering
EE Reports Metering 101 Guide: Benefits and Applications of SubmeteringEEReports.com
 
November 21, 2013 | Next Steps: Financing solar for your business | Victor Ro...
November 21, 2013 | Next Steps: Financing solar for your business | Victor Ro...November 21, 2013 | Next Steps: Financing solar for your business | Victor Ro...
November 21, 2013 | Next Steps: Financing solar for your business | Victor Ro...Fresh Energy
 
Five myths of Renewable Energy 2013 Bangkok Prabaljit Sarkar
Five myths of Renewable Energy 2013 Bangkok Prabaljit SarkarFive myths of Renewable Energy 2013 Bangkok Prabaljit Sarkar
Five myths of Renewable Energy 2013 Bangkok Prabaljit SarkarPrabaljit Sarkar
 
Banking on Energy Efficiency in Real Estate
Banking on Energy Efficiency in Real EstateBanking on Energy Efficiency in Real Estate
Banking on Energy Efficiency in Real EstateVirtual ULI
 
Tech Insight: Utility Ownership of Rooftop Solar
Tech Insight: Utility Ownership of Rooftop SolarTech Insight: Utility Ownership of Rooftop Solar
Tech Insight: Utility Ownership of Rooftop SolarSean Ong
 
Fact Sheet: Commercial PACE Financing
Fact Sheet: Commercial PACE FinancingFact Sheet: Commercial PACE Financing
Fact Sheet: Commercial PACE FinancingThe Solar Foundation
 
business-models.pdf
business-models.pdfbusiness-models.pdf
business-models.pdfImadRiaz2
 
Rate Designs for Changing Times
Rate Designs for Changing TimesRate Designs for Changing Times
Rate Designs for Changing TimesJohn Wolfram
 
[Era] cost reduction guide - issue 1 - property and premises costs
[Era] cost reduction guide - issue 1 - property and premises costs[Era] cost reduction guide - issue 1 - property and premises costs
[Era] cost reduction guide - issue 1 - property and premises costsManuel A. Velazquez
 
Cost Reduction Guide Issue 1 Property And Premises Costs
Cost Reduction Guide Issue 1 Property And Premises CostsCost Reduction Guide Issue 1 Property And Premises Costs
Cost Reduction Guide Issue 1 Property And Premises Costsymw15
 
Multi fam metro assessment
Multi fam metro assessmentMulti fam metro assessment
Multi fam metro assessmentmlemmon137
 
Owner Tenant Engagement in Sustainable Property Investing
Owner Tenant Engagement in Sustainable Property InvestingOwner Tenant Engagement in Sustainable Property Investing
Owner Tenant Engagement in Sustainable Property InvestingJosh Develop
 

Similar to Electricity Journal Article - Henderson and Harak 11-2015 (20)

Does Your Building Measure Up?
Does Your Building Measure Up?Does Your Building Measure Up?
Does Your Building Measure Up?
 
EE Reports Metering 101 Guide: Benefits and Applications of Submetering
EE Reports Metering 101 Guide: Benefits and Applications of SubmeteringEE Reports Metering 101 Guide: Benefits and Applications of Submetering
EE Reports Metering 101 Guide: Benefits and Applications of Submetering
 
SSC2011_Michael Bodaken PPT
SSC2011_Michael Bodaken PPTSSC2011_Michael Bodaken PPT
SSC2011_Michael Bodaken PPT
 
November 21, 2013 | Next Steps: Financing solar for your business | Victor Ro...
November 21, 2013 | Next Steps: Financing solar for your business | Victor Ro...November 21, 2013 | Next Steps: Financing solar for your business | Victor Ro...
November 21, 2013 | Next Steps: Financing solar for your business | Victor Ro...
 
Five myths of Renewable Energy 2013 Bangkok Prabaljit Sarkar
Five myths of Renewable Energy 2013 Bangkok Prabaljit SarkarFive myths of Renewable Energy 2013 Bangkok Prabaljit Sarkar
Five myths of Renewable Energy 2013 Bangkok Prabaljit Sarkar
 
Banking on Energy Efficiency in Real Estate
Banking on Energy Efficiency in Real EstateBanking on Energy Efficiency in Real Estate
Banking on Energy Efficiency in Real Estate
 
Tech Insight: Utility Ownership of Rooftop Solar
Tech Insight: Utility Ownership of Rooftop SolarTech Insight: Utility Ownership of Rooftop Solar
Tech Insight: Utility Ownership of Rooftop Solar
 
Searching for 100% original and safe abortion pills? Contact +971581248768 fo...
Searching for 100% original and safe abortion pills? Contact +971581248768 fo...Searching for 100% original and safe abortion pills? Contact +971581248768 fo...
Searching for 100% original and safe abortion pills? Contact +971581248768 fo...
 
Get in touch with +971581248768 to purchase original and safe abortion pills ...
Get in touch with +971581248768 to purchase original and safe abortion pills ...Get in touch with +971581248768 to purchase original and safe abortion pills ...
Get in touch with +971581248768 to purchase original and safe abortion pills ...
 
Contact +971581248768 to buy 100% original and safe abortion pills in Dubai a...
Contact +971581248768 to buy 100% original and safe abortion pills in Dubai a...Contact +971581248768 to buy 100% original and safe abortion pills in Dubai a...
Contact +971581248768 to buy 100% original and safe abortion pills in Dubai a...
 
Get in touch with +971581248768 to purchase Abortion Pills in Dubai, Abu Dhab...
Get in touch with +971581248768 to purchase Abortion Pills in Dubai, Abu Dhab...Get in touch with +971581248768 to purchase Abortion Pills in Dubai, Abu Dhab...
Get in touch with +971581248768 to purchase Abortion Pills in Dubai, Abu Dhab...
 
Looking for safe abortion pills? Dial +971581248768 for availability in Dubai...
Looking for safe abortion pills? Dial +971581248768 for availability in Dubai...Looking for safe abortion pills? Dial +971581248768 for availability in Dubai...
Looking for safe abortion pills? Dial +971581248768 for availability in Dubai...
 
Need safe abortion pills? Call +971581248768 for 100% original and safe produ...
Need safe abortion pills? Call +971581248768 for 100% original and safe produ...Need safe abortion pills? Call +971581248768 for 100% original and safe produ...
Need safe abortion pills? Call +971581248768 for 100% original and safe produ...
 
Fact Sheet: Commercial PACE Financing
Fact Sheet: Commercial PACE FinancingFact Sheet: Commercial PACE Financing
Fact Sheet: Commercial PACE Financing
 
business-models.pdf
business-models.pdfbusiness-models.pdf
business-models.pdf
 
Rate Designs for Changing Times
Rate Designs for Changing TimesRate Designs for Changing Times
Rate Designs for Changing Times
 
[Era] cost reduction guide - issue 1 - property and premises costs
[Era] cost reduction guide - issue 1 - property and premises costs[Era] cost reduction guide - issue 1 - property and premises costs
[Era] cost reduction guide - issue 1 - property and premises costs
 
Cost Reduction Guide Issue 1 Property And Premises Costs
Cost Reduction Guide Issue 1 Property And Premises CostsCost Reduction Guide Issue 1 Property And Premises Costs
Cost Reduction Guide Issue 1 Property And Premises Costs
 
Multi fam metro assessment
Multi fam metro assessmentMulti fam metro assessment
Multi fam metro assessment
 
Owner Tenant Engagement in Sustainable Property Investing
Owner Tenant Engagement in Sustainable Property InvestingOwner Tenant Engagement in Sustainable Property Investing
Owner Tenant Engagement in Sustainable Property Investing
 

Electricity Journal Article - Henderson and Harak 11-2015

  • 1. How Utilities Can Give Building Owners the Information Needed for Energy Efficiency while Protecting Customer Privacy Many utilities maintain unnecessarily restrictive policies for building owners to get basic energy usage information needed to operate their buildings efficiently. Utilities, utility regulators, and boards of publicly owned utilities should implement reasonable policies to protect customer privacy while delivering aggregated building usage information to the majority of building owners who need it. Philip Henderson and Charlie Harak I. Introduction It is surprising that owners of many large, energy-intensive buildings cannot get even the most basic information about the total energy usage in their buildings, even with the smartest ‘‘smart meters’’ in place. These building owners must manage their buildings blind to how much energy is used. The problem arises in buildings with multiple tenants with their own utility accounts, such as apartment buildings, shopping malls, and office buildings. To obtain an accurate total of all the energy used in such a building, the owner must rely on the utility Philip Henderson is an attorney with the Natural Resources Defense Council in Washington, DC. He holds a J.D. from the University of Virginia. Charlie Harak is Managing Attorney of the energy unit at the National Consumer Law Center in Boston. He holds a J.D. from Northeastern University. The authors are grateful to Maria Stamas and Ralph Cavanagh of NRDC for assistance with this article. November 2015, Vol. 28, Issue 9 1040-6190/# 2015 Elsevier Inc. All rights reserved., http://dx.doi.org/10.1016/j.tej.2015.09.018 33
  • 2. to deliver aggregated building usage information (ABUI) (e.g. 102,000 kilowatt-hours in June 2015) summed up from multiple customer accounts. Building owners need ABUI to obtain Energy Star scores,1 for benchmarking,2 for routine management of building systems, to assess opportunities to make efficiency repairs and improvements, and more. M any utilities make it very difficult for owners to get ABUI because of concern about the privacy of each customer’s account information. The aggregated total does not, on its own, contain any personally identifiable information of any included utility customers. But in a few instances, such as buildings with one tenant, there is a risk of ‘‘re-identification’’ – a building owner might be able to use the anonymous ABUI to discern facts about the utility usage of an individual tenant in the building. Some utilities and advocates have argued any risk of re- identification means a utility may only deliver ABUI to a building owner if the owner has the permission of each included customer or tenant, often on a utility’s paper-based forms. There is no reason for such an overly broad and strict policy. It sacrifices the many beneficial uses of ABUI in order to guard against narrow risks that can be fully addressed in less restrictive ways. Utilities, utility commissions, and boards of publicly owned utilities in many states3 have struggled to implement a reasonable policy to deliver ABUI to building owners who need it while also assuring customer privacy is protected. I n this article we offer a solution. We first examine the privacy question raised when utilities deliver ABUI to building owners. We find that in the vast majority of scenarios, utilities may deliver ABUI to building owners without compromising customers’ confidentiality interests in any way. This is true of commercial and multifamily residential buildings. To handle the situations where ABUI could convey information about a customer, such as in buildings with only a few tenants, we offer specific protective measures for utilities to consider. Useful guidance is available in the practices of federal agencies that routinely publish aggregated information compiled from sensitive personal information. Many utilities have argued it is difficult to meet energy savings goals,4 yet many utilities maintain unnecessarily restrictive policies for building owners to get basic energy usage information needed to operate their buildings efficiently. Utilities, utility regulators, and boards of publicly owned utilities should implement reasonable policies to protect customer privacy while delivering ABUI to the majority of building owners who need it. II. Customers’ Interests in Assuring Owners Have ABUI Most utilities treat customer usage information as confidential information.5 In some places, such as California and New Jersey,6 confidentiality is required by statute, and in some places it is required by utility commission regulations.7 Even if not required by statute or regulation, utilities commonly have privacy policies to treat customer usage information essentially as confidential information.8 Customers’ interests in preserving the confidentiality of usage information are important and well established. Customers also have strong interests in favor of allowing building owners to have ABUI. This customer interest is not established or embodied in policy, but it is compelling and should be included in any assessment of the privacy question posed. The building Many utilities make it very difficult for owners to get ABUI because of concern about the privacy of each customer’s account information. 34 1040-6190/# 2015 Elsevier Inc. All rights reserved., http://dx.doi.org/10.1016/j.tej.2015.09.018 The Electricity Journal
  • 3. owner’s ability to obtain ABUI enables better management of energy use in the building and facilitates energy efficiency repairs and investments, which can reduce utility expenses for residents or occupants and improve conditions in the building.9 C ustomers as a class have a well-understood interest in facilitating energy efficiency in all buildings in their utility’s service territory – it makes for a better utility system10 – but the interest is very strong for customers who actually reside in apartment buildings and occupy commercial buildings as tenants. Tenants generally must rely on the owner to address energy-related improvements. ABUI is critical to understand energy use because it reflects how a building is performing as a system. ABUI is required for a building owner to obtain an Energy Star score, which shows energy usage intensity for the entire building and compares total usage against similar buildings in the market. Prospective tenants can use the resulting Energy Star scores to shop among buildings and negotiate lease terms. Without an Energy Star score a building owner might not be eligible to compete for certain tenants.11 Building owners with scores showing high energy efficiency may realize higher returns.12 Customers living in rental housing are often the least able to endure the costs of wasted energy, yet rental housing in many cities has high efficiency potential, indicating the need for owners to improve efficiency.13 Investments to improve efficiency are made more difficult when the owner cannot obtain ABUI. For these reasons, Fannie Mae, one of the country’s largest multifamily mortgage lending institutions, worked with the U.S. EPA to create an Energy Star score tuned to multifamily properties.14 Accurate ABUI helps to solve a problem unique to affordable housing: setting accurate utility allowances. In much federally subsidized housing, a tenant’s total ‘‘shelter costs’’ are capped as a percentage of the tenant’s income. Shelter costs include rent paid to the owner plus an allowance for utility bills paid by the tenant. A larger ‘‘utility allowance’’ means the tenant pays less in rent to the owner, and a smaller utility allowance means the tenant pays more rent to the owner. To justify investing in efficiency repairs and improvements, an owner of subsidized rental units will need ABUI to assure that the utility allowance is adjusted to properly reflect lower actual utility expenses.15 The inability of owners to obtain accurate ABUI is a major barrier to housing agencies implementing corrected utility allowance calculations to give owners incentives to invest to improve the efficiency of affordable housing. For these reasons, the Secretary of the U.S. Department of Housing and Urban Development recently wrote an open letter to utilities seeking their assistance to resolve the problems preventing access to ABUI in order to save taxpayer funds and to help give owners better incentives to invest in efficiency repairs.16 Even if a building owner is unwilling to invest in greater energy efficiency, many cities now require owners to report efficiency information to the city based on ABUI and other efficiency indicators, such as energy usage intensity or Energy Star scores.17 This information, indicting a building’s relative efficiency level, can be used by prospective tenants in rental decisions, by current tenants to persuade the owner to invest in repairs and improvements, by lenders and property insurers, by municipalities for planning purposes, and more. The ability of owners to obtain the needed ABUI is a critical input to the decision of policymakers to ABUI is critical to understand energy use because it reflects how a building is performing as a system. November 2015, Vol. 28, Issue 9 1040-6190/# 2015 Elsevier Inc. All rights reserved., http://dx.doi.org/10.1016/j.tej.2015.09.018 35
  • 4. implement benchmarking requirements in the first place.18 Consumer interests in favor of disclosure are reflected in the resolutions passed by the National Association of State Utility Consumer Advocates, which supported utilities delivering benchmarking information for multifamily buildings (see Resolution 2013-5), the National Association of Regulatory Utility Commissioners (NARUC), supporting benchmarking generally, and the National Association of State Energy Offices (NASEO).19 T hus, when exploring how to protect customers’ interests, it is essential to consider not only interests in confidentiality but also customers’ strong interests in assuring building owners are able to obtain ABUI. III. Applying Utilities’ Confidentiality Obligations: Reasonable Standards ABUI in multi-tenant buildings is aggregated information and does not contain customer information or any personally identifiable information. It is simply the number of kilowatt- hours or units of gas used in a period. Privacy concerns arise if there is risk that a customer’s information could be ‘‘re- identified’’ (or disaggregated) from the total. The California Public Utility Commission (CPUC) correctly addressed this exact question in 2011 in a CPUC decision implementing Sections 8380 and 8381 of the California Public Utility Code, which are the code sections that require utilities to treat customer usage information as confidential information.20 The CPUC held that aggregated usage information is not subject to the restrictions in Sections 8380 and 8381 on sharing customer usage information so long as personally identifiable information ‘‘cannot reasonably be identified or re-identified’’ from the aggregated total21 (emphasis added). The CPUC correctly looked to reasonableness as the guiding standard for whether aggregated information such as ABUI can be re-identified to reveal personally identifiable information (or PII). It is helpful to understand the deep extent to which privacy law is infused with a reasonableness standard in order to understand how to apply it to the question of delivering ABUI to building owners.22 R easonableness is often expressly stated in legal requirements that govern how companies share customer information. The California statute that requires electric and gas utilities to treat customer information as confidential information states: ‘‘An electrical corporation or gas corporation shall use reasonable security proceduresandpracticestoprotect a customer’s unencrypted electrical consumption data from unauthorized access, destruction, use, modification, or disclosure. . .’’23 (emphasisadded). Privacy statutes governing other commercial sectors typically rest on a reasonableness standard. The Gramm-Leach- Bliley Act, which regulates how financial institutions handle and share customers’ financial information, essentially requires reasonable care in handling customer information.24 California’s recent Online Privacy Act provides a reasonableness standard for Web sites and online services that collect personally identifiable information. Companies must not ‘‘negligently and materially’’ allow unauthorized disclosures or violate their stated privacy policies.25 Reasonableness is often embodied in utilities’ customer- facing privacy policies. PG&E’s customer-facing privacy policy is typical and states, in part: ‘‘Your Reasonableness is often expressly stated in legal requirements that govern how companies share customer information. 36 1040-6190/# 2015 Elsevier Inc. All rights reserved., http://dx.doi.org/10.1016/j.tej.2015.09.018 The Electricity Journal
  • 5. privacy is a top priority for PG&E and we will make every reasonable effort to protect your personal information.’’26 Utilities routinely share confidential usage information with service providers according to non-disclosure agreements that commit the recipient to use reasonable care in handling the customer information.27 R easonableness is embodied in enforcement of privacy standards. The Federal Trade Commission (FTC) has general enforcement authority for unfair and deceptive practices and has becomeadefactoregulatorofmany privacy-related activities.28 The FTC has adopted a reasonableness standard for its enforcement authority: ‘‘The FTC’s legal authority in the privacy area is broad and flexible, we apply a consistent standard designed to protect consumer privacy and to send clear signals to industry: we expect companies to take reasonablestepstoaddress risks to the security and privacy of individuals’ information. . .’’29 State enforcement of privacy policies, expressed in attorney general actions, typically follows similar standards, directing holders of confidential information to follow reasonable standards.30 IV. What Is Reasonable in a Policy for Sharing ABUI? ‘‘Reasonableness’’ can seem to be vague guidance for a utility or utility commission setting rules for when to share ABUI with a building owner, but there are useful and specific standards to draw upon. The Confidential Information Protection and Statistical Efficiency Act of 2002 (CIPSEA)31 allows publication of statistics, including aggregated energy usage information, so long as individual usage information is not in ‘‘identifiable form,’’ which is defined as ‘‘any representation of information that permits the identity of the respondent to whom the information applies to be reasonably inferred by either direct or indirect means.’’32 The U.S. Department of Health and Human Services (HHS) established rules to implement the Health Insurance Portability and Accountability Act (HIPAA), which requires reasonable safeguards to protect a person’s health information.33 HHS rules give companies two safe-harbor compliance paths to publish aggregated information.34 One option is for the holder of the confidential information to obtain an expert opinion that the risk an anticipated recipient can re- identify the individuals is ‘‘very small’’ using information that is ‘‘reasonably available.’’ The second option is for the holder to remove all PII from the information so long as the holder does not have ‘‘actual knowledge’’ that the aggregated information could be used to re- identify included individuals. Either method will assure the provider of aggregated information will comply with the requirements of HIPAA for aggregated information to be released. It is helpful to also state what reasonableness does not require. Reasonableness means utilities are not obligated to protect every piece of customer information against every remote or de minimis risk of disclosure at all costs. Such an absolutist approach to protecting confidential customer information would over-protect information from benign or trivial risks and would needlessly sacrifice the value to be gained from using and sharing usage information with care. Merely because someone can describe a risk of disclosure or re- identification – for example, that a building owner might possibly discern customer information from ABUI – does not mean the Utilities routinely share confidential usage information with service providers according to non-disclosure agreements that commit the recipient to use reasonable care in handling the information. November 2015, Vol. 28, Issue 9 1040-6190/# 2015 Elsevier Inc. All rights reserved., http://dx.doi.org/10.1016/j.tej.2015.09.018 37
  • 6. information may not be shared in certain circumstances or subject to other protections. V. What Does This Mean for Utilities and Utility Regulators? As utilities and utility regulators consider policies to handle building owner requests for ABUI, reasonableness should be the central guidepost. The essence of a reasonable privacy policy is tailoring protections to actual risks. W e recommend utilities and utility regulators consider a three-step process: First, assess the actual risks ABUI can reveal customer information to a building owner. Second, assess the level of potential harm to building tenants or others associated with disclosure of ABUI to building owners. And third, establish protections tailored to the identified risks.35 This approach draws upon the process set forth in the Gramm- Leach-Bliley Act (GLB) governing how financial institutions protect customer financial information. In GLB, Congress emphasized that the process of assessing risks of unauthorized disclosure, assessing the risk of harm, and assessing the sufficiency of measures to address risks is the centerpiece of good policy and of compliance, not whether protections prevent every possible unauthorized disclosure.36 Step 1. What are the actual risks ABUI can reveal customer information? The primary scenario in which ABUI could be used by a building owner to discern the usage of an included tenant is buildings with one tenant – the ABUI is essentially the tenant’s usage. If a building with one tenant includes one or more owner’s meters, the owner could discern the tenant’s usage information by subtracting the owner’s information from ABUI. The second scenario is if a building owner collects the usage of all tenants except one, such as by getting copies of paper bills, then subtract that sum from ABUI to identify the usage of the remaining tenant. A quick reality check: any landlord interested in knowing how much electricity or gas a tenant uses would simply manually read the meter, located on the exterior wall of most apartment buildings or in the utility closet in most office buildings. While it is conceivable, there is no reason to think an owner would make a request for ABUI from a utility, then collect other tenants’ bills to disaggregate the whole-building total, all to identify the usage of a tenant. T here appears to be no evidence showing that a building owner could use ABUI alone to re-identify a customer’s usage if the ABUI is composed of two or more active tenants’ meters. The best source of facts about the actual risks presented is the experience of utilities, their customers, and building owners in locations where ABUI is shared with building owners. We understand there are many utilities that share ABUI with owners, without the owner obtaining each included customer’s permission, so long as the ABUI is totaled for at least two customers, as shown in Table 1.37 We made inquiries with several utilities with current practices to deliver ABUI to building owners and we were given no reports of customers complaining of building owners improperly using ABUI to discern the usage of a customer. Utilities and utility regulators examining the question posed should look to the experience of other utilities as an important source of facts about risk. Some critics of releasing ABUI to building owners have cited a recent study from Pacific Northwest National Laboratories that tested the likelihood a 38 1040-6190/# 2015 Elsevier Inc. All rights reserved., http://dx.doi.org/10.1016/j.tej.2015.09.018 The Electricity Journal
  • 7. building owner could guess a tenant’s usage by assuming that every tenant’s use is an equal share of the total whole-building usage. The authors of the PNNL study divided ABUI for buildings by the number of utility meters in the building (using building-level usage data from gas and electric utilities), and compared this whole-building average to each included tenant’s actual usage.38 Evenif one were worried about the risk a landlord might guess a tenant’s usage, the study results were uninformative. The authors found that in commercial buildings with three meters, the whole building average is ‘‘similar to’’ the usage of any one included meter in only about 30 percent of the tested buildings, and only about 40 percent of the time in buildings with only two meters.39 The meter that is ‘‘similar to’’ the wholebuilding averagecould very well be the owner’s meter, not a tenant’s meter. This is a major problem with using the study results for the question at hand because there is no confidentiality problem with an owner using ABUI to guess its own usage.40 Step 2. Assess the threat level associated with disclosure of ABUI to building owners. Not all confidential information requires the same level of protection against disclosure to every potential recipient. A person’s home address might be considered confidential in a transaction, particularly along with other identifying information, but might present no risk to the individual if disclosed on its own because the same information might be easily found in public records. In contrast, a person’s address along with identifying bank account information can be used to cause financial harm and should be handled with greater protection. Reasonableness requires protections to be tailored to prevent disclosures that present risk of actual harm to customers.41 Utilities are not expected to make individualized determinations of the harm associated with unauthorized disclosure, which can be subjective to the person involved, but instead must assess levels of protection based on reasonable judgement and typical understanding of facts and circumstances. T he facts strongly suggest the likelihood is very low a tenant would be harmed if a building owner is somehow able to use ABUI to discern information about the tenant’s utility usage. The main reason for this conclusion about ABUI is that a building owner can already obtain a tenant’s utility usage information directly from the meter if he or she were to want it, without seeking ABUI from the utility. Many meters have eye- readable displays. In many buildings, meters that display usage are located on exterior walls, open to the public! In many commercial office buildings meters are located in a service room or basement area the owner can easily access. Second, the kind of facts the owner might learn about a tenant from disaggregating ABUI – such as the presence of energy- intensive equipment, or long business hours – are facts the owner could obtain directly since owners have access to tenants’ premises, allowing inspection. In many buildings owners have the right to install submetering equipment to directly measure a tenant’s usage if desired. Finally, unlike a person’s financial information, one must conjure an extraordinary fact pattern to even imagine how a building owner would use utility usage information to cause harm to a tenant. The owner only needs Table 1: Selected Utilities’ ABUI Policies. Utility Minimum Number of Meters Austin Energy (Texas) 4 Avista (Washington) 2 Commonwealth Edison (Illinois) 4 Consolidated Edison (New York) 2 Eversource (Boston) 4 National Grid (Boston/NY) 4 Pepco (District of Columbia) 5 Puget Sound Energy (Washington) 5 November 2015, Vol. 28, Issue 9 1040-6190/# 2015 Elsevier Inc. All rights reserved., http://dx.doi.org/10.1016/j.tej.2015.09.018 39
  • 8. ABUI if tenants are responsible for some or all of their own utility bills; in a master-metered building, the owner would get whole-building usage information on the owner’s own bills. Even if the owner could discern that a particular tenant, for example, was using much more electricity than other tenants, the owner is unlikely to take any harmful action against that tenant because the tenant, not the owner, is bearing the burden of the higher bills. These facts could allow some to argue that utility usage information is not confidential in the first place vis-a-vis the owner.42 The facts certainly show that disclosing ABUI to the building owner is not likely to create any real threat of harm to tenants that does not already exist. U tility delivery of ABUI to building owners adds speed, data integrity, and saves costs for owners trying to make decisions about energy management and wise energy efficiency investments, which, in turn, provide many benefits to the owner and the tenant. Access to ABUI does not give the owner any facts he or she could not obtain directly from another source, and it is hard to imagine how or why a building owner would harm its tenant due to learning about the tenant’s level of utility consumption.43 Step 3. Tailor protections to the identified risks. A reasonable policy for delivering ABUI to building owners should include protections tailored to the specific risks that are present. It can be tempting to include overly broad protections and to jealously guard customer information in order to foreclose any risk of disclosure, but doing so would impair customers’ interests by inhibiting owners from the many beneficial uses of the information. We offer a specific set of protections for utilities and utility commissions to consider. Our suggestions respond to the specific risks that appear to be present and are subject to any additional state-specific standards that might apply44 : 1. Establish customer protections applicable to all building owner requests for ABUI: o Require building owners to register with the utility to be eligible to obtain ABUI.45 This process could include owners accepting terms of use for the information with a commitment to use it for permissible purposes such as operating the building, complying with benchmarking obligations, and the like. o Require the requesting party to demonstrate that it is the building owner (e.g. by providing proof from property records or other reasonably reliable evidence). o Record all owner requests for ABUI, subject to the utility’s standard record keeping requirements. o Deliver an annual notice to included customers that their building owner has registered to receive ABUI. Notice to customers is widely accepted as a basic Fair Information Practice and allows the customers to respond if they have a particularly heightened concern.46 o Include in the utility’s customer-facing privacy policy that ABUI is shared with owners of buildings along with contact information for the utility or utility commission if the customer has reason to believe ABUI is being misused. 2. Identify those buildings that merit heightened protections. In buildings with one tenant, ABUI, in effect, delivers customer-specific usage information to the owner. For these buildings, the building owner should be required to obtain express customer permission to obtain ABUI. In light of customer sensitivity about confidential information, some utilities and regulators may conclude an additional layer of 40 1040-6190/# 2015 Elsevier Inc. All rights reserved., http://dx.doi.org/10.1016/j.tej.2015.09.018 The Electricity Journal
  • 9. protection is merited. Some utilities and regulators may, for example, require owners to obtain customer permission for any building with two, three, or even four tenants. While there is no evidence showing a building owner could use aggregated ABUI of three tenants to re- identify an individual customer’s usage, it may be reasonable as an added precaution until more experience is available for study. Some utilities have selected a number of meters in a building – e.g. three or four – in lieu of making a determination about whether a meter is held by the owner, an operator, or a tenant.47 Another protective measure for buildings with few meters is to assure that any ABUI sum includes at least two meters with a substantial portion of total usage, which should greatly reduce the likelihood the ABUI would reveal information about any one included tenant. I t would also be reasonable to deem certain customer classes, such as industrial customers, subject to additional requirements, given that these customers are typically single tenants in buildings and may have heightened sensitivity to confidentiality of energy usage information. 3. Improve the process for customers to convey permission in standard leases. Many utilities still have a cumbersome process in place for owners to show they have obtained customer permission to use ABUI – it is often paper- based, requires wet signatures, and is difficult for owners, tenants, and the utility.48 Utilities and utility regulators should explore processes for the utility to accept customer permission incorporated in the owner’s standard lease agreement, without requiring the utility to manually review or keep a copy of every lease agreement. A workable process is used under the Fair Credit Reporting Act (FCRA), which could hold lessons for utilities. The FCRA allows credit reporting agencies (such as Equifax, Experian, and Transunion) to rely on a lender’s representation that it obtained customer permission to receive a credit report in its standard form loan application.49 Credit reporting agencies require lenders to complete a registration process before being eligible to request credit reports. The Act provides for penalties for any lender misrepresentation. Credit reporting agencies record every request on the customer’s report, allowing customers to raise alarms if there are unauthorized requests. It is not a perfect system, but it is a reasonable one to employ in the context of release of ABUI and would reduce transactions costs for all involved.50 I mproving the permission path could also deliver particular value to owners and residents of affordable housing and housing agencies because unit-specific information is often needed for accurate utility allowances. VI. Conclusion Utilities have a great track record of protecting customer information. They are rightly protective of their position of trust and skeptical of proposals to share customer information in new ways. But utilities also have ambitious and vital energy efficiency objectives and their customers have a strong interest in the lower energy expenses and improved property conditions that come with greater energy efficiency. Fortunately, utilities can accomplish both objectives. Utilities are positioned to help building owners to manage the energy use in their buildings and assess efficiency opportunities by delivering better information. With sensible terms and conditions, such as the policy we propose in this paper, utilities can share ABUI with building owners while protecting customers’ privacy interests.& November 2015, Vol. 28, Issue 9 1040-6190/# 2015 Elsevier Inc. All rights reserved., http://dx.doi.org/10.1016/j.tej.2015.09.018 41
  • 10. Endnotes: 1. The U.S. EPA operates the Energy Star program, which offers building owners the ability to obtain a score based on energy use intensity of a building (e.g., energy use per square foot) using a system (Portfolio Manager) that combines utility usage information and building attributes. Energy Star gives a 1 to 100 score based on how energy usage of a building compares to usage of other similar buildings. A score of50meansenergyperformanceisatthe median, and a score of 75 means 25 percent of buildings have better performance. 2. ‘‘Energy use benchmarking is a process that either compares the energy use of a building or group of buildings with other similar structures or looks at how energy use varies from a baseline.’’ U.S. Environmental Protection Agency, Energy Star Building Upgrade Manual, 2008 (Section 2.1, page 2). 3. The question has arisen recently in California (Cal. Pub. Utilities Comm’n Rulemaking 08-12-009, Phase III Energy Data Center), Arizona (Az. Corp. Comm’n Docket No. RU-00000A-14- 0014), Colorado (Col. Pub. Utilities Comm’n Proceeding 14R-0394EG), Minnesota (Minn. Pub. Utilities Comm’n Docket E999/CI-12-1344), Maryland (Md. Pub. Serv. Comm’n Order No. 86581), among others. In September, 2015, the California legislature passed Assembly Bill 802 directing utilities in California to deliver whole-building usage information to building owners, even if compiled of multiple customer accounts. Cal. Assembly Bill 802, Enrolled Sept. 23, 2015 (pending governor’s signature as of date this article went to print). 4. See, e.g., Southern Company, comments to the EPA on Carbon Pollution Emission Guidelines for Existing Stationary Sources: Electric Utility Generating Units; Proposed Rule, Notice of Data Availability, and Notice (Docket ID EPA-HQ-OAR-2013- 0602) (at Section X, p. 166); and, Final Order In Re: MidAmerican Energy Co. (Docket No. EEP-2012-0002), State of Iowa, Dept. of Commerce, Utilities Board, Dec. 16, 2013. 5. There are some exceptions. For example, Gainesville Regional Utilities, a publicly owned utility in Gainesville, Fla., appears to provide usage information by address at a Web site (www.gainesville-green.com) that allows users to identify the usage of houses by address with mapping and search functions. 6. Cal. Pub. Util. Code § 8380(b)(1). See also CPUC Decision 11-07-056, July 28, 2011, implementing rules that govern how investor-owned utilities share customer information. For New Jersey, see N.J.S.A. 48:3-85(b)(1). 7. 16 Tex.Adm. Code § 25.44. 8. See, e.g., Duke Energy’s Code of Conduct (located at: www.duke-energy. com/pdfs/NC_Code_of_Conduct_ 07-02-2012.pdf), Consolidated Edison’s Privacy Policy (www.coned.com/ privacy/), and PG&E’s Privacy Policy (located at: www.pge.com/en/about/ company/privacy/). 9. For case studies describing how specific building owners use ABUI to achieve energy savings, see, e.g., studies prepared by the Seattle Office of Sustainability and Environment, Seattle (located at: www.seattle.gov/ environment/buildings-and-energy/ energy-benchmarking-and-reporting/ save-energy—case-studies), and studies on buildings in Philadelphia and Washington DC, by Institute for Market Transformation (http://www. imt.org/policy/building-energy- performance-policy/case-studies). 10. Jim Lazar and Ken Colburn, Recognizing the Full Value of Energy Efficiency, Regulatory Assistance Project, September 2013. 11. Some tenants will only lease space in a building with a high Energy Star score. Section 435 of The Energy Independence Security Act of 2007 requires U.S. General Services Administration (GSA) (the largest tenant in the country) to only lease space in buildings that have achieved the Energy Star designation, subject to certain exemptions. A full description of GSA’s lease requirements can be found in LAC-2011-13, located on the GSA website www.gsa.gov 12. Eichholtz, P., Kok, N., Quigley, J.M., 2010. Doing well by doing good? Green office buildings. Am. Econ. Rev. 100 (5), 2492–2509. 13. See Michael Carliner, Reducing Energy Costs in Rental Housing: The Need and the Potential, Harvard Joint Center for Housing, December 2013 (finding lower income families often spend up to 10 times what higher income families spend on utility expenses as a percent of income). For a description of efficiency potential, see Potential for Energy Savings in Affordable Multifamily Housing, prepared by Optimal Energy for Natural Resources Defense Council, May 2015 (located here: www.energyefficiencyforall. org/potential-energy-savings). 14. Fannie Mae, Transforming Multifamily Housing: Fannie Mae’s Green Initiative and Energy Star for Multifamily, September, 2014. For a description of Fannie Mae’s loan program to provide discounts to properties achieving a ‘‘green’’ designation, see www.fanniemae. com/content/fact_sheet/competitive- advantage-green-financing.pdf 15. In some cases, the owner’s ability to obtain unit-specific usage information can solve the problem noted. See Enterprise Community Partners, Fact Sheet: Energy Efficient Utility Allowance (located at: www. enterprisecommunity.com). 16. See Letter of Julian Castro, Secretary of the U.S. Department of 42 1040-6190/# 2015 Elsevier Inc. All rights reserved., http://dx.doi.org/10.1016/j.tej.2015.09.018 The Electricity Journal
  • 11. Housing and Urban Development, to Utilities, Nov. 13, 2014 (located at: http://portal.hud.gov/hudportal/ documents/huddoc?id=SecOpen LtrUtil11-20-14.pdf). 17. For a description of city requirements and an estimate of effects, see K. Palmer and M. Walls, Can Benchmarking and Disclosure Laws Provide Incentives for Energy Efficiency Improvements in Buildings? Resources for the Future Discussion Paper DP 15- 09, March 2015 (reporting a preliminary finding of statistically significant correlation between disclosure and reduced energy use, subject to further analysis to follow). 18. Obtaining usage information manually on a monthly basis is time- consuming, costly, and likely to be error-prone. With access to tenants’ bills, the information on different accounts is on different billing cycles and must be conformed to a calendar month. For many building owners, the utility is the only practical source of ABUI. 19. NARUC Resolution on Access to Whole-Building Energy Data and Automated Benchmarking, July 20, 2011 (available at: http://www.naruc. org/Resolutions/Resolution on Access to Whole-Building Energy Data and automated Benchmarking.pdf). NASEO Resolution in Support of Access to Whole-Building Energy Data and Benchmarking, July 23, 2015 (available at: www.naseo.org/ news-article?NewsID=753). 20. Cal. Pub. Util. Code § 8380 applies to a utility corporation, and § 8381 to any publicly-owned utility, and both sections apply to utility usage information ‘‘made available as part of an advanced metering infrastructure.’’ See CPUC Decision 11-07-056 (Rulemaking 08-12-009), July 28, 2011. 21. CPUC Decision 11-07-056, Conclusions of Law, page 151. 22. See Solove and Hartzog, The FTC and the New Common Law of Privacy, 114 Columbia L. Rev. 583 (2014). Betzel, Privacy Law Developments in California, Vol. 2 I/S Journal of Law and Privacy, p. 831 (2012). 23. Cal. Pub. Util. Code § 8380(d). 24. See How To Comply with the Privacy of Consumer Financial Information Rule of the Gramm-Leach-Bliley Act, Federal Trade Commission, July 2002. 25. Cal Bus. & Prof. Code § 22576. Essentially, a firm is not negligent if it uses reasonable care. The Act’s requirement that a violation must be ‘‘material’’suggests another dimension – that the harm cannot be de minimis or abstract to violate the Act. See also Kelsey Finch, The Evolving Nature of Consumer Privacy Harm, https:// privacyassociation.org/news/a/ the-evolving-nature-of-consumer- privacy-harm/ 26. PG&E privacy policy, located online at: www.pge.com/en/about/ company/privacy/ 27. Electric Sample Form No. 79-948, Non Disclosure Agreement with Electric Service Provider, Section 11.1 (located at: http://www.pge.com/ tariffs/tm2/pdf/ELEC_FORMS_ 79-948.pdf). 28. See Solove and Hartzog, The FTC and the New Common Law of Privacy, 114 Columbia L. Rev. 583 (2014). There are no federal statutes specifically governing how utilities handle customer usage information. Statutes of general application could potentially be triggered by a utility’s customer information practices, such as the Gramm Leach Bliley Act which generally applies to consumer financial information, and the Fair Credit Reporting Act, which governs information related to creditworthiness. ABUI does not appear to be governed by either Act. 29. U.S. Federal Trade Commission Staff Comments to the European Commission on its ‘‘Draft Recommendation on the implementation of privacy, data protection and information security principles in applications supported by RadioFrequencyIdentification(RFID).’’ (Located on the FTC Web site). Also see, a recent FTC settlement with data broker, Compete, Inc., required the company to implement ‘‘reasonable safeguards tocontrol the risks identified through risk assessment, and regular testing or monitoring of the effectiveness of the safeguards’ key controls, systems, and procedures.’’ Compete, Inc.; Analysis of Proposed ConsentOrder ToAidPublicComment, 77 Fed. Reg. 2089, Oct. 29, 2012. 30. See Massachusetts standards issued by the Office of Consumer Affairs and Business Regulation which provide a detailed description of how companies should assess risks and establish practices to protect customer information, emphasizing reasonableness and care appropriate to risks presented. Standards for the Protection of Personal Information of Residents of the Commonwealth, 201 CMR 17.00. 31. Enacted as Title V of the E- Government Act of 2002 (Pub. L. 107- 3347). 32. E-Government Act of 2002, Pub. L. 107-347, § 502(4). See also Office of Management and Budget, M-03-22, OMB Guidance for Implementing the Privacy Provisions of the E- Government Act of 2002. 33. Pub. L. No. 104-191, 110 Stat. 1936 (1996). 34. See 45 CFR § 164.514. Also stated in ‘‘Guidance Regarding Methods for De-identification of Protected Health Information in Accordance with the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule,’’ located at: http://www.hhs. gov/ocr/privacy/hipaa/ November 2015, Vol. 28, Issue 9 1040-6190/# 2015 Elsevier Inc. All rights reserved., http://dx.doi.org/10.1016/j.tej.2015.09.018 43
  • 12. understanding/coveredentities/ De-identification/guidance.html 35. See Hunton and Williams, A Risk- based Approach to Privacy: Improving Effectiveness in Practice(located at www. hunton.com/files/upload/ Post-Paris_Risk_Paper_June_2014. pdf); Paul Ohm, Broken Promises of Privacy: Responding to the Surprising Failure of Anonymization, 57 UCLA Law Review 1701 (2010); and Jane Yakowitz, Tragedy of the Data Commons, Harvard Journal of Law and Technology, Vol. 25, 2011 (March 18, 2011). 36. See 12 C.F.R. pt. 30, App. B(III)(B) (2014) (OCC). See also Peter Sloan, The Reasonable Information Security Program (paper located at http://jolt. richmond.edu/index.php/the- reasonable-information-security- program). 37. See Regulatory Assistance Project, Driving Building Efficiency with Aggregated Customer Data, July 2013. We supplemented the information in the RAP report with additional information compiled from utilities. We note that Colorado has an open proceeding on this subject and has issued a proposed decision to implement a minimum of four customers. Proposed Decision, Col. PUC Docket14R-0394EG, published Jan. 25, 2015. 38. Livingston, et al, Commercial Building Tenant Energy Usage Data Aggregation and Privacy, Pacific Northwest NationalLaboratory, Report PNNL-23786, October 2004. 39. Delivery of ABUI to owners will likely have the most value in larger buildings with more than two or three tenants. As we note at Step 3, a cautious regulator could require that ABUI can only be released in buildings with four or more meters, as is currently implemented by six of the eight utilities listed in Table 1. 40. Another problem with the report is that electricity or gas usage on an individual meter could be deemed ‘‘similar to’’ the whole building average even if the amount of usage is quite different, so long as the ‘‘shape’’ of the usage curves across 12 months are similar to each other. See Technical Appendix, November 2014, located at www.pnnl.gov/main/publications/ external/technical_reports/ PNNL-SA-106581.pdf 41. See Ohm, Broken Promises of Privacy: Responding to the Surprising Failure of Anonymization, 57 UCLA Law Review 1701 (2010); Yakowitz, Tragedy of the Data Commons, Harvard Journal of Law and Technology, Vol. 25, 2011 (March 18, 2011); Hunton & Williams LLP, A Risk-based Approach to Privacy, https://www.hunton. com/files/upload/Post-Paris_Risk_ Paper_June_2014.pdf 42. Confidential information is typically defined in non-disclosure agreements as excluding information the other party already has or could obtain. See Electric Sample Form No. 79-948, Non Disclosure Agreement with Electric Service Provider, Section 11.1 (located at: www.pge.com/tariffs/ tm2/pdf/ELEC_FORMS_ 79-948.pdf). 43. This point is further underscored by a recent law review article on privacy in which the author argues against a reliance on ‘‘math and statistics’’ to protect against the risk of re-identification, and argues instead in favor of ‘‘contextual’’ factors, such as examining the relationship between the parties, the history of disclosures between similar parties, and whether traditions and structural features of the industry ‘‘instill confidence or doubt about the likelihood of privacy.’’ Ohm, Broken Promises of Privacy: Responding to the Surprising Failure of Anonymization, 57 UCLA Law Review 1701 (2010) (see text at pps. 1762–1769). 44. These specific protections are not intended to be legal advice or relied upon without the advice and guidance of counsel. 45. Registration of building owners is similar to a function used by credit reporting agencies to comply with the requirement of the Fair Credit Reporting Act to assure users of credit reports have a ‘‘permissible purpose.’’ A reasonable safeguard is for the agencies to require users of credit reports to register, certify to the expected use of the reports, and commit to only request information in accord with that use. This allows the credit bureau to fulfill requests with automation. See 15 U.S.C § 1681e, and see Consumer Financial Protection Bureau, Examination Procedures, Consumer Protection Agencies, 2012 (http://files.consumerfinance.gov/f/ 201209_cfpb_Consumer_ Reporting_ Examination_Procedures.pdf). 46. Fair Information Practices are described in Federal Trade Commission’s Privacy Online: Fair Information Practices in the Electronic Marketplace, A Report to Congress, May 2000. We do not suggest that notice to customers alone is sufficient to enable any practice, but that notice to customers can be an important element of a policy in combination with other protective practices. 47. We understand Sacramento Municipal Utility District allows the owner to obtain ABUI for benchmarking purposes by providing the account number of each included tenant in the building, which serves as a proxy for customer permission. It may be reasonable in light of the low risk of harm involved and the likelihood that the owner could only obtain account numbers with the tenant’s knowledge and consent. 48. Even with online methods (such as ‘‘Green Button Connect’’ or similar functions), utilities may require each included tenant to manually enter account information and information about the intended recipient. This can mean problems for the integrity of the ABUI when one tenant moves out or fails to conform. It also means substantial cost for the owner to monitor and maintain all tenant approvals at all times. 49. 15 U.S.C § 1681b (a)(3)(A). The Section reads: ‘‘. . .any consumer reporting agency may furnish a consumer report . . . (3) To a person which it has reason to believe. . . (A) intends to use the information in connection with a credit transaction involving the consumer. . .’’ 50. See Consumer Financial Protection Bureau, Key Dimensions and Processes in the U.S. Credit Reporting System: A review of how the nation’s largest credit bureaus manage consumer data, December 2012. 44 1040-6190/# 2015 Elsevier Inc. All rights reserved., http://dx.doi.org/10.1016/j.tej.2015.09.018 The Electricity Journal