Data Policy
Sharper Informatics Solutions LLC is committed to improving our partners’ relationships with their data, and in so doing maximize the value of that data for both our partners and the larger community. Our products, such as My Data Chameleon, are efforts to accomplish this mission and are covered by the Sharper Informatics Solutions LLC Data Policies.
​
Opting Out by clicking Do Not Sell My Personal Data
This data policy defines our practice with respect to data transactions. If you opt to click the "Do Not Sell My Personal Data" button at the bottom of each page, it will bring you here and you can confirm that it is not our intention to sell your personal data to anyone - indeed, some of you may be reading this because you did hit that button. Effectively, therefore, all users have "opted-out" by default, and any data transmission to third parties will occur on an "opt-in" basis only. Please read this policy carefully, as in the future there may be reasons why you may desire that some of this data be shared with others and My Data Chameleon is at its core designed to improve data portability and interoperability. If you have specific needs with respect to sharing some data and not others, please contact us and we would be happy to work with you to increase the utility of your data.
​
The Policy
In the energy efficiency space, increasing data utility can mean some amount of handling and transmitting of data, some of which may contain enough information to reveal things that partners may otherwise wish to keep private. In many places, and certainly in the State of California, there are laws and regulations that have been developed to govern practices that involve data handling in order to protect the rights (including privacy) of the citizens of the state. In particular, in 2018 the State of California passed the California Consumer Privacy Act (AB 375 et seq.) that places some conditions and requirements on businesses that handle other peoples’ data – including Sharper Informatics Solutions LLC. The behaviors that originally motivated AB 375, such as the Cambridge Analytica scandals and massive sale of personal data for third-party microtargeted marketing, are also of concern for us here at Sharper Informatics Solutions LLC, and we are committed to protecting our partners’ rights – especially their privacy – just as much as we would want our own rights respected.
​
It is the nature of our business however, to handle the data of others and in some cases facilitate the transfer of data to third parties, such as the California Public Utilities Commission. Therefore, in order to meet the informatics needs of our partners and comply with regulations such as the California Consumer Privacy Act, we have developed this Data Policy. The Data Policy consists of some core values, some operating principles and some business practices that together demonstrate how we will work with our partners to protect their data and their privacy, and accomplish our joint mission. The Values and Practices statements are adapted from those promulgated by DataPractices.Org. Together the components of this policy manifest Sharper Informatics Solutions commitment to Consumer or Partner rights, which include control of access to data, the ability to delete data and make data portable.
​
Values
-
Inclusion: Maximize diversity, connectivity, and accessibility among data projects, collaborators, and outputs.
-
Experimentation: Emphasize continuously iterative testing and data analysis.
-
Accountability: Behave ethically and transparently, fix mistakes quickly, and hold ourselves and others accountable.
-
Impact: Prioritize projects with well-defined goals, and design them to achieve measurable, substantive outcomes.
Principles
As data teams, we aim to...
-
Use data to improve life for our users, customers, organizations, and communities.
-
Create reproducible and extensible work.
-
Build teams with diverse ideas, backgrounds, and strengths.
-
Prioritize the continuous collection and availability of discussions and metadata.
-
Clearly identify the questions and objectives that drive each project and use to guide both planning and refinement.
-
Be open to changing our methods and conclusions in response to new knowledge.
-
Recognize and mitigate bias in ourselves and in the data we use.
-
Present our work in ways that empower others to make better-informed decisions.
-
Consider carefully the ethical implications of choices we make when using data, and the impacts of our work on individuals and society.
-
Respect and invite fair criticism while promoting the identification and open discussion of errors, risks, and unintended consequences of our work.
-
Protect the privacy and security of individuals represented in our data.
-
Help others to understand the most useful and appropriate applications of data to solve real-world problems.
Practices
We have attempted to manifest these values and principles in a set of business practices.
​
-
Sharper Informatics Solutions LLC will only receive and maintain the data that our partners are willing to knowingly share with us. The specific data elements we will receive and maintain are those required by the California Public Utilities Commission to populate portfolios for their Cost Effectiveness Tool evaluation, and can be found at CPUC CEDARS. Those data are aggregated into one of the 16 California Climate Zones, effectively anonymizing this data. In addition, My Data Chameleon will also contain the following user-specific data:
-
email addresses;
-
passwords (which are securely hashed using Argon2, the winner of the password hashing competition);
-
your portfolios, which include measure and program cost data; and
-
spreadsheets uploaded to import data into portfolios.
-
-
Sharper Informatics Solutions LLC will only receive and maintain that data to accomplish our own business purpose, which will include:
-
Altering the data structures and formats to enable our partners to share or transmit their data as they deem appropriate. Partners should be aware that such alterations may include generating missing or misidentified data in order to make data compliant with CET requirements. My Data Chameleon is committed to replacing missing values with defaults to the least extent possible, and in a manner that is neutral with respect to the estimate of portfolio cost effectiveness.
-
This functionality provides partners with data access and portability.
-
Organizing the data and its structure to allow partners to evaluate and assess their own data
-
Organizing the data and its structures to allow partners to collaborate with Sharper Informatics Solutions or with other partners to increase the information capacity and/or the inferential power of their data.
-
My Data Chameleon uses Stripe as the vendor to manage billing, and during billing transactions, customer data is communicated with the Stripe platform. The data policy, including a list of the personal data Stripe collects is available here.
​
-
-
Sharper Informatics Solutions LLC will only receive and maintain data from our partners, or with the knowledge of our partners.
-
At this time, we are set up to address the desire for partners to increase the usefulness of their own data. We can imagine that in the future, it may be possible to add value to partner data by federating that with data from other sources. Examples include: energy use and efficiency data for a housing development could be made more useful if combined with local data on water availability or climatology data from open data sources. In the future, this sort of data synthesis may be part of the services provided by Sharper Informatics Solutions LLC. In these cases, no data addition, synthesis or confederation will proceed without the knowledge and consent of our partners whose data would be affected.
​
-
-
Sharper Informatics Solutions LLC will only disclose partners’ data at the direction of the partner.
-
The “sale” of data to third parties is a central focus of the California Consumer Privacy Act, and to ensure that the act can apply to all relevant cases, the state has defined the term “sale” so as to capture all the relevant exchanges of data. The act is likely to apply to many of the data exchanges that Sharper Informatics Solutions would undertake on behalf of our partners, and which would be considered a part of our business practice under the act. In spite of potential exemptions to the act that Sharper Informatics Solutions LLC may qualify for, we share the values that motivated the act. Therefore, we are committed to not selling, or otherwise transferring data to any third party, unless directed to do so by our partners.
-
The categories of third parties to whom data could be transmitted, and which would be covered under the California Consumer Privacy Act is likely to grow in the future. For now, it is apparent that transmitting data to the California Public Utility Commission is a likely transmission of partner data, but in the future that could change. For example, in the future it may be desirable for partners to collaborate with each other and for Sharper Informatics Solutions LLC to facilitate such collaborations would require all of those partners to be each other’s “third parties”, and which we would need to disclose. It is hard to know now how complex that is likely to get, but regardless, we are committed to transparency with respect to any disclosure of data to third parties, and no disclosures will occur unless directed by the partners.
​
-
-
If partners opt to terminate a partnership with Sharper Informatics Solutions LLC, any of that partner’s data in our possession will be deleted.
-
Sharper Informatics Solutions LLC is committed to maintaining the integrity and security of partner data while in our possession. To that end we have committed to meeting industry standards in terms of data security. For My Data Chameleon, specific features of this commitment include the following practices:
-
Server Configuration: My Data Chameleon runs on Heroku, a managed platform for web applications. They provide a very high level of physical and software security using industry best practice and a distributed Amazon Web Services infrastructure.
-
Secure Backups: Backups are provided by Heroku PGBackups which are taken and verified daily.
-
Authorized Personnel: Access to your data through the application is controlled by Django's built-in user authentication and authorization controls. The staff of My Data Chameleon do not have access to your data as part of normal operations, though some technical staff can access the database directly via Heroku's dashboard in case of emergencies.
-
Third Party Software
-
As indicated, My Data Chameleon runs on Heroku which is a third party software, but its features are described above as well.
-
We use Sendinblue to deliver email. Your email address is sent to Sendinblue over an encrypted connection. Sendinblue have published a privacy policy and a number of articles describing how they maintain the privacy and confidentiality of your information.
-
We use CloudAMPQ to manage a queue of tasks required for the functioning of the site (such as delivering email and downloading reference data from the CPUC). We send data to CloudAMPQ over an encrypted connection, and the message bodies in CloudAMPQ are encrypted using a key only we have access to.
-
We use Stripe to manage billing. Stripe forces HTTPS for all services using TLS (SSL), and uses HSTS to ensure that browsers interact with Stripe only over HTTPS. All card numbers are encrypted with AES-256, with decryption keys stored on separate machines. Additional security documentation for Stripe is available here.
-
-
Version Control
-
We use GitHub to maintain a full history of every version of My Data Chameleon. Whenever a commit is made to the main branch of the My Data Chameleon repository, it is run through a set of automated tests and (as long as those tests pass) automatically deployed to our production environment. We have the ability to restore any version of the software within minutes.
-
-
Continuity of Operations
-
We take a daily backup of the database, and verify that our latest database backup is able to be restored daily.
-
-