A. DEFINITIONS OF KEY TERMS.
(1) Aggregated Data. The term “aggregated data” means customer data, alone or combined with non-customer data, resulting from processing (e.g., average of a group of customers) or the compilation of customer data from which all unique identifiers have been removed. Aggregated data which has been aggregated to a degree that individual customer information is not identifiable shall not be considered “customer data.”
(2) Commission. The term “Commission” means the Public Service Commission of South Carolina.
(3) Customer Data. For purposes of this section, “customer data” means data about a current or former customer’s water or wastewater usage; information obtained as part of an advanced metering infrastructure; and personal identifying information, as defined in S.C. Code Ann. Section 39-l-90(D)(3) and S.C. Code Ann. Section 16-13-510(D), as amended, including the name, account number, billing history, address of the customer, email address, telephone number, and fax number, in the possession of electric, natural gas, water or wastewater public utilities. Also, “customer data” means non-public retail customer-specific data or information obtained or compiled by Utility in connection with the supplying of Commission-regulated water or wastewater services. Customer data includes data or information that is: (a) collected from the meter, by Utility, and stored in its data systems for billing; (b) customer-specific usage information for regulated public utility service; (c) about the customer’s participation in regulated public utility programs, such as renewable energy, demand-side management, load management, or energy efficiency programs; or ( d) any other non-public information specific to a customer related to electricity consumption, load profile, or billing history.
(4) Non-Public Utility Operations. The term “non-public utility operations” means all business enterprises engaged in by Utility not regulated by the Commission or otherwise subject to public utility regulation at the state or federal level.
(5) Primary Purpose. The term “primary purpose” means the acquisition, storage, or maintenance of customer data by Utility, as defined by Title 58 of the South Carolina Code, which provides services under state law, federal law, or Order of the Commission.
(6) Secondary Commercial Purpose. The term “secondary commercial purpose” means any purpose that is not a primary purpose.
(7) Utility. As used in this document, Utility refers to Lakewood Utilities, LLC.
(8) Third Party. The term “third party” means a person who is not the customer, nor any of the following: (i) an agent of the customer designated by the customer with Utility to act on the customer’s behalf; (ii) a regulated public utility serving the customer; or (iii) a contracted agent of Utility. For purposes of this regulation, “third party” includes any non-public utility operations or affiliate of Utility.
(9) Unique Identifier. The term ”unique identifier” means a customer’s name, account number, meter number, mailing address, telephone number, or email address.
B. CUSTOMER CONSENT.
(1) Utility shall not share, disclose, or otherwise make accessible to any third party a customer’s data, except as provided in subsection (E) or upon the consent of the customer.
(2) Utility shall not sell a customer’s data for any purpose without the consent of the customer.
(3) Utility or its contractors shall not provide an incentive or discount to the customer for accessing the customer’s data without the prior consent of the customer.
(4) Before requesting a customer’s consent for disclosure of customer data, Utility shall have to make a full disclosure to the customer of the data proposed to be disclosed, the identity of the proposed recipient and the intended use of the data by the proposed recipient.
C. THIRD-PARTY CONTRACTORS.
(1) If Utility contracts with a third party for a service that allows a customer to monitor the customer’s usage, and that third party uses the data for a secondary commercial purpose, the contract between Utility and the third party shall provide that the third party prominently discloses that secondary commercial purpose to the customer and secures the customer’s consent to using his or her data for that secondary commercial purpose before the use of the data.
D. DATA PROTECTION.
(1) Utility shall use reasonable security procedures and practices to protect a customer’s unencrypted consumption data from unauthorized access, destruction, use, modification, disclosure, and to prohibit the use of the data for a secondary commercial purpose not related to the primary purpose of the contract without the customer’s consent.
E. EXCEPTIONS TO SECTIONS A THROUGH D.
(1) This section shall not preclude Utility from disclosing aggregated data for analysis, reporting, or program management.
(2) This section shall not preclude Utility from disclosing customer data to a third party for system, grid, or operational needs, or implementing demand response, energy management, or energy efficiency programs, or for fraud prevention purposes, provided that Utility has required by contract that the third party implement and maintain reasonable security procedures and practices appropriate to the nature of the information, to protect the personal identifying information contained in the customer data from unauthorized access, destruction, use, modification, or disclosure, and prohibits the use of the data for a secondary commercial purpose not related to the primary purpose of the contract without the customer’s prior consent to that use.
(3) This section shall not preclude Utility from disclosing customer data in its operations: (a) Where to provide safe and reliable service;
(b) As required or permitted under state or federal law or regulation or by an Order of the Commission;
(c) Including disclosures under and permitted by the Fair Credit Reporting Act Section 1681 et seq., Title 15 of the United States Code including to furnish account and payment history information to and procuring consumer reports from a consumer reporting agency as defined by 15 U.S.C. Section 1681;
(d) Upon request from law enforcement;
(e) To respond to an emergency;
(f) To respond to service interruption reports or service quality issues;
(g) To restore service after a storm or other disruption;
(h) To respond to claims for property damage by Utility operations;
(i) To respond to customer complaints;
(j) To protect the health or welfare of the customer or to prevent damage to the customer’s property;
(k) To assist the customer in obtaining assistance from social services, community action, or charitable agencies;
(l) To perform credit checks or review payment history where customer deposits might otherwise be required or retained;
(m) Where circumstances require prompt disclosure of specific information to protect customers’ interests or meet customers’ reasonable customer service expectations; or
(n) This section shall not preclude Utility from, in its provision of regulated public utility service, disclosing customer data to a third party to the extent necessary for the third party to provide goods or services to Utility and upon written agreement by that third party to protect the confidentiality of such customer data.
(o) Nothing in this section precludes Utility from advising a municipality or other governmental entity when service is disconnected.
F. DISCLOSURE BY CUSTOMER.
(1) If a customer discloses or authorizes Utility to disclose his or her customer data to a third party, Utility shall not be responsible for the security of that data, or its use or misuse.
G. ADDITIONAL GUIDELINES.
(1) Customer Notice and Awareness: Utility publishes will publish this policy on its website.
(2) Customer Choice and Consent: Utility allows customers to access and maintain their personal information upon request.
(3) Customer Data Access: Utility will only collect, use, or process personal information subject to the conditions of this policy.
(4) Data Quality and Security Procedures and Measures: Utility aggregates and anonymizes customer data for internal or external reporting unless information is specifically requested for customer issue resolution.
(5) Public Utility Accountability and Auditing: Utility will report unauthorized data disclosures as required by law. All Utility employees are trained in cybersecurity practices regularly and Utility employs appropriate cyber security measures to protect its data.
(7) Due Diligence Exercised When Sharing Customer Data with Third Parties: Utility takes contractual and procedural measures to engage with trusted third parties and limit or minimize the unauthorized or inadvertent disclosure of customer data.