PSC Approves Website For Retail Suppliers To Receive Information From Utilities That Utilities Share With Affiliates Providing Value-Added Services
PSC Seeks Comment on Cybersecurity Requirements For Users Of Site
September 26, 2019 Email This Story Copyright 2010-19 EnergyChoiceMatters.com
Reporting by Paul Ring • email@example.com
The following story is brought free of charge to readers byEC Infosystems, the exclusive EDI provider of EnergyChoiceMatters.com
The Michigan PSC today ordered its staff to create a website for utilities to share, with alternative electric suppliers (AESs) and other competitors, information regarding value-added programs and services (VAPS) that a utility shares with an affiliate
Under Rule 9 of the utility code of conduct and as mandated in Act 341, information obtained by a utility in the course of conducting its regulated business shall not be shared with its affiliates offering VAPS unless that same information is provided upon request to competitors.
Stakeholders noted that it is difficult for competitors of utility affiliates that offer VAPS to know when information is being provided by a utility to an affiliate. Similarly, it is difficult for the utilities to know each and every potential VAPS competitor.
The central website, to be hosted by the PSC, will serve as a single platform where competitors will be able to see what value-added programs and services (VAPS) are being offered, be able to track when a utility is sharing information, and be able to make an informational request to each utility.
The website will provide transparency of when information is being shared between a utility and its affiliates, thus removing any guesswork on the competitor-side of wondering if there is new information being utilized and reducing the potential for a utility to receive duplicate/repetitive requests for the same information. The website will also outline the VAPS offered at each utility and the date of the last information sharing update.
The site will allow competitors to search for updates on shared information without searching multiple sites with multiple platforms and templates
The PSC sought comments on whether a final "Appendix B" information request form should be adopted, as well as other matters including data security and privacy, and the timing of utility responses to information requests
The PSC said in a news release that, "the Commission approved the temporary use of a Staff draft of Appendix B until a final order is issued." The temporary form does not include any requirement for competitors seeking information to describe their cybersecurity and data protection policies
Specifically, the PSC sought comment on:
1) Data Security/Privacy: Utilities are required to comply with all data privacy tariffs. Rule 9(1). A customer list may only include the name and address of a customer. Rule 9(2). Does a customer list require the heightened security discussed by the utilities? Customer consumption and billing information requires prior written customer approval in order to be shared. Rule 9(4). In light of the prior written approval requirement, does this information require the heightened security discussed by the utilities? Are there instances where a utility should routinely require an affiliate or VAPS to acquire the requested information from a third party? Alternatively, should the Commission consider amending the rules to allow no information sharing beyond the requirement of MCL 460.10ee(10)(a) for the sharing of customer lists?
2) Timing of Response: MCL 460.10ee(10)(a) allows 5 business days for the provision of customer lists. Should this standard be adopted for all information sharing responses? This would become the meaning of “contemporaneously” under Rule 9(3), (5), and (6).
3) Same Terms and Conditions: Rule 9(3), (5), and (6) require the “same form and manner” for information sharing. Does this mean provision of the identical information?
4) Competitor versus Non-Competitor: How should the requesting party establish that it is a current or potential/new competitor of the party that received the shared information?
Notably, many of the utilities have proposed that the standard information request form include the following information from competitors:
• Explanation of what the data will be used for (Utility believe the data should only be used to
plan, market, implement, bill or collect for unregulated VAPS)
• A description of the business’ electronic data security systems and
protections used to protect customer information.
• Acknowledgement [sic] that competitor must comply with utility-specific
data privacy and security standards/protections
• Include a confidentiality agreement to be signed as part of the process