WIRAB staff, the Western Grid Group, and representatives of NRDC, submitted joint comments on Peak’s proposed data sharing policy currently out for stakeholder review. Comments were submitted July 24, 2015. Download PDF comments here.
Comments on Peak’s Proposed Data Categories,
Data Sharing Review Process and Data Licensing Agreement
July 24, 2015
The staff of the Western Interstate Regional Advisory Body (WIRAB), Western Grid Group and representatives of NRDC appreciate the opportunity to provide comments on Peak Reliability’s proposed Data Sharing Review Process. We believe that a fundamental part of Peak’s mission is to facilitate and promote long-term planning and research, development, and demonstration that will improve the reliability and efficiency of the grid. Establishing a balanced data sharing policy is key to achieving these aims. The current drafts of the proposed Data Sharing Review Process and Data Licensing Agreement are unduly biased towards denying access to data. We believe there is a policy path that will ensure both the security of sensitive data while providing access to data for planning, research, and products that will improve the reliability of the Western Interconnection.
We offer the following recommendations and accompanying rationale to develop a more balanced data sharing policy:
1. Peak should eliminate the provisions in Sections 2.3 and 4.3 of the Data Licensing Agreement and Sections C and D of the Data Sharing and Use Addendum that prohibit third party data users from making any product or service developed using Peak data available to other parties.
The proposed provisions remove any incentive for a third-party to seek access to data for research and product development, thereby making the entire data-sharing policy moot. Third parties must have the ability to publish research and distribute, sell, license and otherwise commercialize the products and services they develop through the use of Peak data if the research and development is to have any possibility of providing reliability benefits to the Bulk Electric System. Under the proposed prohibitions, a third party could use the data to develop a tool to improve BES reliability but nobody else could know about it or use it. Also, universities and labs must be able to publish their findings to educate the western interconnect on concerns and or benefits found in their research for the improvement of a reliable grid. Without this information, many data providers could lose valuable insight into better grid operations.
The data use provision in Sections 2.3 and 4.3 of the Data Licensing Agreement contradict Peak’s mission and should not be adopted. It is appropriate to require that the underlying data be removed from any tool or product before release but the agreement should not limit the ability to distribute resulting products or research findings unless they pose a threat to the BES.

2. Peak should reduce the number of data classification levels from five to three: Level 1 Restricted; Level 2 Confidential; and Level 3 Non-Sensitive.
For data categorization to be effective, each level or category of data must identify a distinct type of data and the level must serve a legitimate function in the overall data sharing policy. In the proposed categorization, Level 2 Critical is not meaningfully different from Level 1 Restricted. Both categories identify data that “if released could significantly degrade the BES”. The sole function for the Level 2 Critical data category is to provide a subset of data that cannot be released if one or more Data Providers object (see Recommendation #8 below). The Level 2 Critical category of data can be subsumed within the Level 1 Restricted category without any loss of meaning.
Likewise, the Level 5 Public data category is not meaningfully different from Level 4 Non- Sensitive. Both categories identify data that is not commercially or operationally sensitive. In terms of function in the overall data sharing policy, data in both of these categories should be released to a third party requester, absent a compelling case to deny access. The Level 5 Public category of data can be subsumed within the Level 4 Non-Sensitive category without any loss of meaning. If data is already public, then there is no need for a third party request. Peak should establish three data categories: Level 1 “Restricted”; Level 2 “Confidential”; and Level 3 “Non- Sensitive”.
3. Peak should assign data to each of the classification levels based on criteria it develops, and not rely on the current Subject Matter Expert determinations. Those criteria should include the likelihood of release of the information. For Restricted (and Critical) data, Peak should clearly define what “could be used to significantly degrade the Bulk Electric System” means. For Confidential data, Peak should clearly define what constitutes “commercially or operationally sensitive” information. To the extent possible, Peak should use existing NERC and FERC criteria and standards as the basis for making these determinations and provide appropriate citations.
For data categorization to be applied consistently, the rationale for assigning data elements to each category must be clear and stated in advance. Under the proposed categorization, the key question for determining whether a data element should be assigned to Level 1 “Restricted” (and Level 2 “Critical”) is: Could it be used to significantly degrade the Bulk Electric System? Answers to this question will likely be inconsistent without further clarification of the words “could” and “significantly”. Does “could” mean or imply any likelihood of occurrence, however small or de minimis? Does “significant” mean or imply only widespread impacts?
The key question for determining whether a data element should be assigned to Level 3 “Confidential” is: Is the data element commercially or operationally sensitive? Again, Peak needs to apply a consistent standard for making this determination and also should consider the likelihood of release of the data in that determination. In making its determinations, Peak should look to NERC and FERC criteria and standards and provide cites to those standards.
4. Peak should define the criteria it will use to determine if a data request is “valid and has been made by a viable party”. Peak should explain how the information provided by a third party will be used to make the determination that a request is “valid” and a third party is “viable”. Peak should make a reasonable effort to review all data requests on a timely basis.
Criteria are standards of judgment or principles of evaluation. The screening criteria in the proposed Data Sharing Review Process are not criteria for judging a request for data but merely a list of information that must be provided by a third party.
Peak should establish clear criteria by which it evaluates the information provided by a third party to judge the request. Peak indicates that the determination to be made is whether the request is “valid and has been made by a viable party”. But the proposal does not fully define a “valid request” or a “viable party”. Criteria should be set in advance and be known by potential data requestors.
5. Using established criteria and standards, Peak should make an initial recommendation regarding release of data to third party requesters for all data classification levels. Peak should post its initial determination to approve or deny a request on its corporate website for a 30-day stakeholder comment period.
To ensure the proper balancing of goals, Peak should have final say over the release of all data. We recommend a staged process starting with a recommendation by Peak – using established criteria and standards – on the release of data to a third-party requester followed by a thorough, transparent comment and evaluation process.
6. The Data Sharing Review Group (DSRG) should be comprised of representatives chosen by each of Peak’s voting membership classes. The DSRG should advise Peak on whether both “supportive” and “unsupportive” comments of stakeholders, including Data Providers, are reasoned and supported by facts and offer recommendations.
The DSRB should consist of representatives chosen by members of all the voting classes (not just class 1and 2) and should serve as advisor to Peak. After the 30-day comment period, the DSRG should thoroughly review and evaluate comments in support of approving or denying the request and offer its recommendation.
7. Peak should make the final determination on the release of data by thoroughly evaluating the information provided by a third party requester, by considering the advice of the DSRG and the input of stakeholders, and by applying the criteria set for determining whether a request is “valid” and a third party is “viable”.
A supermajority of the current DSRG is not sufficient to deny a request.
8. Peak should eliminate the provision in Data Sharing Review Process that limits the release of data to “only data from Data Providers that did not object”. Data Providers should not have the ability to veto a request, regardless of the data classification level.
Data Providers should not have the ability to veto a request for access to data, regardless of its classification level. Data Providers should submit unsupportive comments to the DSRG and may appeal a final determination to release data to the Data Request Appeal Panel.
9. The Data Request Appeal Panel (DRAP) should be comprised of the Peak CEO and two Peak Board Members to ensure that the review of the appeal is independent and unbiased. A third party requester should be able to appeal a determination denying the data request. A Data Provider should be able to appeal a determination granting the data request.
The determination to be made by the DRAP is whether Peak’s final determination to grant the request, or deny the request, was based on consideration of the relevant facts and rationally applied the criteria set for determining the nature of the data, the likelihood of release, and whether a request is “valid” and a third party is “viable”. The DRAP should only override a final determination of Peak management if it first finds the final determination was made in an arbitrary and capricious manner. Any decision of the DRAP should require that 2 out of the 3 members to vote to override Peak’s final determination.
10. If Peak maintains the current proposed composition of the DRAP, then Peak membership classes 3, 4, and 5 should select their own representative to the Appeal Panel. Classes 3, 4, and 5 should have full discretion to select who shall represent their respective class on the DRAP.
The representatives of the class 3, 4, and 5 members should not be selected by class 1 and 2 members but from members of each of those classes. Classes 3, 4, and 5 want the flexibility to select a representative for their respective class without constraints imposed by the proposed Peak rules. In particular, there is no reason to require that Class 3, 4, and 5 representatives must come from senior management positions from their organizations.
11. Peak should provide data to any third party that has received clearance from a signatory to the UDSA.
12. Peak should have a rebuttable presumption that public and non-sensitive data will be provided to any third party requester, absent a compelling case to deny access.
Level 4 and Level 5 data should be made public absent a compelling case to deny access. The burden of proof should be on the entity objecting to the request. Denying information solely because it makes a Peak member uncomfortable is not an adequate rationale. Data that has been in the public domain for years (e.g., historical path flow and limit data) should not be deemed confidential information and withheld from public release unless its release can be shown to significantly degrade the reliability of the Bulk Electric System or its release is commercially or operationally sensitive based on definitions in the NERC Rules of Procedure and FERC Standards of Conduct.
13. Peak should examine the potential for violation of FERC Standards of Conduct to determine if a third party request will “impact electric market competitiveness”.
The FERC Standards of Conduct should be used in making the determination if a request will “impact electric market competitiveness.” Peak should not make determinations that are more or less stringent than FERC’s. The published criteria should demonstrate this.
14. Peak should expand its proposed policy and Data License Agreement to govern both Peak’s sharing of data with contractors and Data Providers’ sharing of data received from Peak with contractors.
Common criteria should govern all of the routes to gaining access to Peak data. It is inconsistent and anti-competitive for an entity to be able to access data as a contractor but not as a third party requester. A third party should not be denied access via one route but granted access via another route. The proposed process is incomplete.
15. Peak needs to carefully balance interests in setting an initial review fee. If an initial review fee is established, it should be set at a level that will incentivize serious data requests and protect Peak from absorbing the costs from potentially large and costly data requests. Universities, national laboratories, and other research institutions should only be charged a minimal flat fee to encourage long-term research and innovation.
Peak should establish a fee schedule that serves multiple ends: (1) Incents serious data requests; (2) Ensures that Peak can recoup costs of large and costly requests; and (3) encourages research by reputable universities, national laboratories, and other research institutions.
Answers to Peak’s Questions on Data Sharing
Question #1
1. It has been suggested that the NERC Operating Reliability Data (ORD) agreement should be used to govern data sharing in the Western Interconnection. However, others have noted omissions and other issues with the ORD that in their opinion render it inadequate to effectively protect operating data. Would your organization support use of the ORD to govern data sharing in the Western Interconnection, and if not, why not?
Response to Question #1: No, there is not sufficient support for the ORD in the Western Interconnection to warrant the application to Peak’s data sharing policy. Instead of relying on the ORD, Peak should focus on developing criteria proposed in Recommendations 3 and 4.
Question #2
2. Assuming that Peak moves forward with developing a UDSA specific for the Western Interconnection, do you believe that a Balancing Authority (BA)/Transmission Operator’s (TOP) rights to share data with their direct contractors should be limited to their own data or should allow for use of data that the BA/TOP receives pursuant to the UDSA from other BA/TOPs? For example, could a BA commission a contractor to perform research on that BA’s behalf using data from the entire Western Interconnection? Could that BA use a contractor to perform research including that BA’s immediate neighbors?
Response to Question #2: Common criteria should govern all of the routes to gaining access to Peak data. It is inconsistent and anti-competitive for an entity to be able to access data as a contractor but not as a third party requester. A third party should not be denied access via one route but granted access via another route. The proposed process is incomplete. (See Recommendation 14)
Question #3
3. Is there a specific period of time after which data can be considered “historical” and shared differently? If so, what time period and why?
Response to Question #3: As operational and commercial conditions change, the classification of data elements should change. Peak should establish a default period of time after which “Confidential” information is no longer commercially or operationally sensitive. One year is a reasonable amount of time. The Appeal Panel should consider requested exceptions to the default time period.
Question #4
4. Do you support WECC being a full signatory to the UDSA with all of the rights and obligations of other signatories (i.e. access to all data)? If not, do you support defining data that WECC would receive, for purposes other than compliance, in the UDSA? Could you support sharing the list of data identified in WECC’s draft 1600 data request? If not, why?
Response to Question # 4: We recommend that the question of defining the data that WECC should receive is more appropriately considered at WECC, not at Peak. Peak is not in a position to tell WECC what data to request. It is up to WECC whether it will become a full signatory to any UDSA or use its Section 1600 data request authority.
Question #5
5. Do you support sharing operational data and experience with Planning Coordinators and Natural Gas Pipelines for the purpose of improving coordination? If so, what data would you support sharing? If not, why not?
Response to Question # 5: The same common criteria should govern the sharing of operational data with Planning Coordinators and Natural Gas Pipelines for the purpose of improving coordination and reliability. Planning Coordinators need the best available information to perform their function in planning for a reliable power system. Since the gas industry is becoming more interdependent with the operations of the electric sector, Natural Gas Pipelines need relevant operational information on the power system to plan for a reliable natural gas system.
Question #6
6. Do you support the vetting process (including description of the categories) as described? If not why not?
Response to Question # 6: No, for the reasons set forth in Recommendations 2-15.
Question #7
7. Do you believe that the competitive advantage besides the Standards of Conduct should be considered in the Initial Review?
Response to Question # 7: No, the FERC Standards of Conduct is the appropriate source to address the issue of market competitiveness.
Question #8
8. For Confidential Data, would you support a threshold of unsupportive comments that would allow Peak discretion to make a determination? For example if less than 25% the affected Data Providers submit unsupportive comments, Peak must consider comments but has discretion to determine whether to share the data. If more than 25% of affected Data Providers submit unsupportive comments, the Data Sharing Review Group process would be used.
Response to Question #8: No, Peak’s ability to exercise its discretion should not be limited by a threshold of unsupportive comments by Data Providers.
Question #9
9. Do you support the proposed categorization [of the SME proposed levels for each of the data categories that Peak receives]? For items with multiple categories, please indicate which category you support.
Response to Question #9: No, Peak should reduce the number of data classification levels from five to three. (See Recommendation 2). Peak should assign data to each of the classification levels based on criteria it develops, and not rely on the current SME determinations. (See Recommendation 3).
Question #10
10. How should aggregated data be treated? Is there a difference between aggregation at the entity level (i.e. BA/TOP) versus aggregation where no individual entity can be identified (i.e. Peak totals, regional totals)?
Response to Question # 10: As a general rule, aggregation makes data less granular and reduces the potential for releasing commercially sensitive data. Aggregation can therefore serve as a tool to release certain types of masked data to third-party
researchers that would otherwise not be released. The important threshold question is whether the underlying data meets the established criteria for the data request.