4 Colo. Code Regs. § 723-3-3027

Current through Register Vol. 47, No. 22, November 25, 2024
Section 4 CCR 723-3-3027 - Privacy, Access, and Disclosure
(a) A utility shall protect customer data in the utility's possession or control to maintain the privacy of customers, while providing reasonable access to that data. A utility is only authorized to use customer data to provide regulated utility service in the ordinary course of business.
(b) A utility shall not disclose customer data unless such disclosure conforms to these rules, except as required by law or to comply with Commission rule. Illustratively, this includes responses to requests of the Commission, warrants, subpoenas, court orders, or as authorized by § 16-15.5-102, C.R.S.
(c) A utility shall include in its tariffs a description of customer data that the utility is able to provide to the customer or to any third party recipient to whom the customer has authorized disclosure of the customer's data within the utility's technological and data capabilities. At a minimum, the utility's tariff must provide the following:
(I) a description of standard customer data and non-standard customer data and the frequency of customer data updates that will be available (annual, monthly, daily, etc.);
(II) the method and frequency of customer data transmittal and access available (electronic, paper, etc.) as well as the security protections or requirements for such transmittal;
(III) a timeframe for processing requests;
(IV) any rate associated with processing a request for non-standard customer data; and
(V) any charges associated with obtaining non-standard customer data.
(d) As part of basic utility service, a utility shall provide access to the customer's standard customer data in electronic machine-readable form, without additional charge, to the customer or to any third party recipient to whom the customer has authorized disclosure of the customer's customer data. Such access shall conform to nationally recognized open standards and best practices. The utility shall provide access in a manner that ensures adequate protections for the utility's system security and the continued privacy of the customer data during transmission.
(e) Nothing in these rules shall limit a customer's right to provide his or her customer data to anyone.
(f) A utility and each of its directors, officers and employees that discloses customer data pursuant to a customer's authorization in accordance with these data privacy rules shall not be liable or responsible for any claims for loss or damages resulting from the utility's disclosure of customer data.

4 CCR 723-3-3027

38 CR 17, September 10, 2015, effective 9/30/2015
39 CR 06, March 25, 2016, effective 4/14/2016
39 CR 08, April 25, 2016, effective 5/15/2016
40 CR 22, November 25, 2017, effective 12/15/2017
42 CR 03, February 10, 2019, effective 3/2/2019
42 CR 07, April 10, 2019, effective 4/30/2019
42 CR 09, May 10, 2019, effective 5/30/2019
43 CR 08, April 25, 2020, effective 5/15/2020
43 CR 12, June 25, 2020, effective 7/15/2020
43 CR 20, October 25, 2020, effective 11/14/2020
44 CR 13, July 10, 2021, effective 7/30/2021
44 CR 24, December 25, 2021, effective 1/14/2022
45 CR 18, September 25, 2022, effective 10/15/2022
46 CR 02, January 25, 2023, effective 2/14/2023