Privacy Policy
What does BED customer rights detail?
Customers of Burlington Electric Department (BED) are entitled to responsible utility operations that include their right to be informed, their right to privacy, their right to have options, and their right to expect that their data will be kept as secure as possible by BED.
The Right to be informed
- Customers will have access to information that will help explain available tariffs and rate structures, outage information, peak demand, and energy consumption through a web-enabled interface. Written material will also be available for customers who do not have on-line access.
- Customers will be informed of electric system enhancements that will support current and future tools (such as HAN- Home Area Network), electric vehicle chargers, distributed generation systems, smart meters, etc.), that empower them to have a better understanding and in some cases better control their electricity usage. The installation of a HAN device may be a requirement, should they choose to participate in certain optional energy control programs.
The Right to Privacy
- Personal information will not be released to any third party without a customer’s written consent or as may be required by law. Verbal consent can suffice once the customer’s identification as the account holder has been positively established by BED personnel.
- Disclosure of energy usage data to any third party (such as in the case of a court order), is subject to federal, state and local laws.
- The purpose of any data collection, use, retention and sharing of energy consumption data shall be made public in a clear and transparent manner and will be shared in either an aggregated or anonymized form.
- Customers who wish to file a privacy policy violation complaint have the right to petition the Vermont Department of Public Service Consumer Advocacy Division for a resolution.
The Right to Data Security
- All customers have the right to a functioning electric meter and in the future a customer web portal that will provide secure and confidential information about electric consumption data.
- A utility specific cyber security plan, designed to protect the BED’s AMI infrastructure from any potential external threats will guide and govern all security policies and practices that apply to user and energy information.
The Right to Options
- Customers have the right to “opt-out” (decline to accept) of an advanced meter installation that uses digital technology to report electric usage data back to BED through an advanced metering infrastructure system (AMI). Opt-out procedures outlined by BED are disclosed to a customer prior to the time when their first advanced meter installation is scheduled or if they are new to the BED system.
- Customers who qualify may voluntarily participate in a utility-managed energy control program (if one should exist), that would control or adjust devices, (e.g., pumps or water heaters, air conditioners, thermostats, etc.) as part of a future Demand Response program.
- Customers who do not opt out of the AMI system will in the future be able to select a rate structure for which they qualify that may better meet their needs. This includes traditional fixed-rate pricing, TOU (Time of Use), and other pricing programs to be designed as the AMI system is fully utilized and its capabilities mature.
What customer information is gathered?
BED requires certain customer information in order to provide electricity, calculate bills and receive payments from its customers. BED collects this information and stores it in their Customer Information System. This information can include:
- Name
- Service address
- Billing address (sometimes different than service address)
- Phone Number
- Email for e-bill customers
- Electric Usage Data (the amount of electricity used as captured by their electric meter)
- Account balance
- Payment history
- Enrollment in any optional energy efficiency programs
- Social security number
- Drivers’ license number
- Telephone number
- Date of birth
- Tax id when appropriate
- Bank information for auto debit when desired by the customer
- Third party information (Name, address and phone number of a relative or friend not residing with the customer)
- E-mail addresses
How is this data used?
This information is collected in order to create and manage customer accounts. BED uses customer information from the categories listed above to assist in operating the utility, providing safe, reliable electricity to customers and creating and maintaining customer accounts. Some examples of these uses include:
- Purchase electricity on behalf of customers from a wholesale power supplier
- Distribute electricity to customers’ homes and businesses.
- Calculate customers’ energy usage for billing purposes.
- Send bills to customers and collect from same.
- Maintain the local electric grid to minimize outages and power disruptions.
- Maintain the safety and operability of the local electric grid.
- Research and develop new, optional energy programs for customers who may be interested and/or may benefit from such programs.
- Plan for future power purchasing.
Who has access to customer data information?
Access to customer information is granted only to authorized BED personnel and authorized contractors approved by the Finance Controller or Customer Services Manager, which is given only if there exists a legitimate business need to do so. For example, if a customer calls with a question about their utility bill, only Customer Service representatives (including System Operation personnel after normal working hours) and/or the Finance Department can access that customer’s account information in order to discuss the matter with the customer. Authorized contractors are held to the same standard as BED personnel in their management of customer info by the terms of their contract with BED. Customer information may be shared with authorized third parties on a limited basis, for example:
- Failure to pay – Customer Service personnel may share customer data with a collection agency if necessary.
- Voluntary data-sharing that customers would choose and authorize.
- Under an appropriate court order or as otherwise required by law.
What if customers want to share their account or electricity usage information?
New advanced meters and associated smart grid technology are likely to increase in the next several years and the number and types of energy products and services offered by third parties will grow accordingly. Private energy services companies may offer personal audits of customers’ energy usage in order to offer suggestions for ways to save money, as well as a growing variety of energy services delivered directly to the utility customer. The decision to share data that includes personally identifiable account information and/or energy usage information with a third party belongs to the customer alone. Customers will need to authorize that release of data to BED either in writing or verbally after their identity has been positively established by telephone.
What steps can a customer take to protect their own data?
If a customer chooses to share his/her information with third parties, it is important to be fully informed about how these third parties plan to use and safeguard their information. Prior to sharing their personal information or energy usage data with a third party, BED strongly suggests that customers review that party’s privacy policies. Customer should review:
- How will the third party use the customer’s information?
- How does the third party safeguard the customer’s information?
- What is the third party’s policy regarding sharing customer information?
- Can a customer revoke the information sharing agreement with the third party? If so, then how, and how will shared data be purged from the contractor’s records?
- What remedy does the customer have if the third party misuses that information?
Whether a customer decides to share usage or personal information with third party organizations or not, BED recommends that customers follow these steps to protect themselves online.
Recommended data security guidelines include the following:
- Use different passwords for all websites that contain sensitive information.
- When creating a password, avoid using familiar terms that easily can identify you, such as your birthday or phone number, for example.
- Never share your login information with another person. If you wish to allow a third party access to an online account, attempt to set up separate login information for them to use.
- If considering data sharing with third party services, research their sharing and data privacy practices to ensure they collect by lawful means, and have the protocols in place to keep your data safe and private.
How do Burlington Electric Department customers access their utility account information?
BED, as part of its website home page, has an area where customers can view and pay their bill online. The ability to view account information is established when a customer sets up an account with his/her own password, required each time the customer logs in to view or manage their account information. All customer information is contained on the website, and is protected with a certificate of authority that strictly limits who can see or transmit the data. The BED home page as well as the customer pay area are secured with processes that require a “handshake” between the sender and the receiver. BED does not handle any payment card Industry processing information. BED customers pay in real time through a third party service company and in the near future, BED’s web portal presentation site will be available for customers to view their energy consumption and monitor their energy usage on a daily basis. As the web portal is developed, customers will be able to view electric usage data in near real-time. All customer information contained on the Web presentation site will be password protected and customers will be encouraged to keep their login and passwords confidential to themselves only.
How does Burlington Electric protect customer information?
The protection of customer information from unauthorized access is the highest priority for BED. All sensitive customer data information is password-protected on secure servers and access is only granted to authorized personnel with a legitimate business need. Personnel with access to customer information must provide a password to access the network, as well as a password to access the server that houses the customer data. Sensitive information (like SSN #’s) are only viewed by authorized personnel.
To protect the electric grid and information systems from unauthorized outside access, BED has developed a cyber security plan incorporating industry wide best practices. This plan has been reviewed and approved by US Department of Energy experts and its policies will be enforced, maintained and updated on an ongoing basis in perpetuity.
How long does BED keep customer information?
Customer information pertaining to energy usage will be stored securely on several servers for a period of five (5) years. After that, customer information will be archived at an aggregated level for use for BED’s future planning. Customer energy usage information will be available to customers on the web portal for three (3) years.