Sharechat Logo

Electricity Authority urged to test privacy status of meter data

Tuesday 18th June 2019

Text too small?

The Electricity Authority has been urged to clarify the status of consumers’ meter data under the Privacy Act and how third-parties should be given access to it.

The regulator wants to streamline access to consumers’ historic usage data to speed up the process and lower costs for all parties. Among a collection of “quick” changes it proposed was establishment of an automated tool to communicate a customer’s authorisation of a third-party agent – such as a budget advisor, a switching agent, or an energy consultant – to their retailer.

Retailers including Meridian Energy and Contact Energy urged the authority to seek guidance from the Privacy Commission before it went any further so that processes could be developed that would meet their obligations under the Privacy Act to protect their customers’ data.

Mercury disputed the authority’s legal advice that the revised industry code would take precedence over the Privacy Act and said the proposals would be unworkable and would put it at risk of breaching the act.

Requiring a customers’ signature would not work as Mercury and other retailers don’t hold specimen signatures, it said.

“In our view, the procedure set out in the code creates a real risk that the agent may not actually have authority to access the data requested from retailers. The proposed process does not allow for a retailer to create a process which accurately verifies the customer’s identity, nor does it require the authorisation from the customer to be specifically for the information requested from the retailer,” Mercury says in a submission on the authority’s proposal.

The authority is acting because industry rule changes made in 2016 to speed up sharing of customer data haven’t been as effective as hoped. Firms have developed their own processes for handling information requests and many aren’t completed within the five-day target.

Privacy of meter data is not a new issue for the sector, even though it is most frequently handled only by a numerical identifier – rather than being personally identifiable – often relates to households of multiple individuals, so is not strictly ‘personal’ and is often used in planning and management situations only in aggregate and in anonymised ways.

Energy management consultancy Cortexo says its efforts on behalf of clients have been “severely hampered” by the lack of standardisation and the lack of adherence to the current prescribed process and information formats.

In the past eight months the firm requested data from more than 600 meters from 13 retail brands. “Our average wait time, over all retailers, is 17 working days, well outside the code stipulation of five working days after the day of receipt of the request.”

Managing Director Terry Paddy says his firm understands the need to protect private information and have good processes for managing its release.

But he says the level of protection and authorisation differs for different types of information, and the authority needs to seek a determination from the Privacy Commissioner on how “sensitive” electricity consumption data is and what “serious harm” would be done by its release.

“It seems that often the Privacy Act is used to block access to information that the holder considers valuable to themselves. This stifles innovation,” he said in Cortexo’s submission.

EmhTrade, a peer-to-peer operator, was disappointed it had taken three years for the authority to act when signs of problems with the new rules were clear after one year. Nor was it convinced the proposed arrangements would be as quick as the EA hopes.

It said it would be “naïve” to think that retailers will not seek copies of most, if not all, the authorisations customers make for third-parties to access their data.

“The industry has clearly demonstrated that left to their own devices, retailers will err towards their own self-interest - protecting against privacy breach risk - at the expense of a consumers’ data portability. “

Contact and Trustpower urged the authority to consider a scheme for accrediting third-party agents in order to speed their interactions with retailers and verify their authorisations. Nova Energy said agents should have to indemnify retailers against any use of data that has not been authorised by the customer.

Mercury said it already provides customers free 24/7 access to an online portal where individual consumption data can be accessed.

“Third-party agent requests are subject to a simple security token authorisation process by the customer which is secure and verifiable. Mercury would be pleased to discuss with the authority how this authorisation process operates and whether it could be an appropriate model for the wider sector.”


  General Finance Advertising    

Comments from our readers

No comments yet

Add your comment:
Your name:
Your email:
Not displayed to the public
Comments to Sharechat go through an approval process. Comments which are defamatory, abusive or in some way deemed inappropriate will not be approved. It is allowable to use some form of non-de-plume for your name, however we recommend real email addresses are used. Comments from free email addresses such as Gmail, Yahoo, Hotmail, etc may not be approved.

Related News:

MARKET CLOSE: NZ shares edge lower; power companies under pressure
NZ dollar rises as bets on another OCR cut fade
Broad-based manufacturing pick-up offers silver lining
Global economic outlook not as dark as in August: RBNZ
NZ dollar slips on slew of weak global data, lack of US-China progress
MARKET CLOSE: NZ shares recover as investors re-think RBNZ review
NZ dollar falls on weak Aussie jobs numbers, poor China data
Govt media plan won't weaken commercial players - TVNZ
Goodman trust's 1H net profit quadruples on unrealised property gains
Regional house price inflation accelerates in October

IRG See IRG research reports