Government // Open Government
02:09 PM
Connect Directly
Repost This

California Proposes Smart Grid Data Privacy Standards

Energy providers and their business partners would be required to follow fair information practices for customer data.

The California Public Utilities Commission (PUC) has released a proposed decision that would specify security and privacy requirements for all data collected and stored by smart meters.

Its 143-page proposal is open for public comment until May 26. In early June, the proposal will be considered by the commission, at which point it may adopt all, some, or none of it.

With experts warning that smart grids too often lack appropriate security controls, California's efforts could serve as a template for how other states work with power providers to improve smart meter and smart grid security.

"The proposed decision represents a significant step towards a set of smart grid privacy rules in the United States during a time that smart grid privacy is attracting increasing global attention," said attorney Timothy Tobin, an associate at law firm Hogan Lovells, in a blog post. Notably, "the European Union's Article 29 Working Party issued smart meter guidelines last month."

The commission said that smart meters are essential for reducing and streamlining energy consumption. But it also said that based on its investigations, "access to detailed, disaggregated data on energy consumption can reveal some information that people may consider private."

Accordingly, the proposed decision opts to use Fair Information Practices. In particular, the commission wants to require smart meter operators to minimize the data they collect, use it only for the intended purpose--namely, to calculate a consumer's energy bill--unless they obtain permission from the consumer to do otherwise, ensure that the data remains accurate to ensure proper billing, and use "reasonable security procedures and practices to protect a customer's unencrypted electrical or gas consumption data from unauthorized access, distribution, use, modification, or disclosure."

The state's requirements would apply to smart meters deployed by Pacific Gas and Electric Company (PG&E), Southern California Edison Company (SCE), and San Diego Gas & Electric Company (SDG&E), all of which are investor-owned electric utilities. But it would also apply to numerous other organizations that work with the utilities.

"A third party would have to comply with the PUC rules when it obtains access to customer's usage data via Home Area Network (HAN)-enabled devices that are 'locked' to automatically transfer usage data to the third party," according to a summary of the proposed directive released by the Future of Privacy Forum, an advocacy group.

"In addition, the proposed rules would require utilities to provide third parties with access to usage data that customers authorize if the third parties comply with the privacy and security rules," it said. "The PUC rejected suggestions that third parties should be required to register for certification to offer services that require access to customer energy consumption data."

The new rules won't also apply to other electrical operators or gas providers, although the commission said that it's also exploring that possibility.

Yes, you can stay safe in the cloud. In this Tech Center report, we explain the risks and guide you in setting appropriate cloud security policies, processes, and controls. Download the report now. (Free with registration.)

Comment  | 
Print  | 
More Insights
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Elite 100 - 2014
Our InformationWeek Elite 100 issue -- our 26th ranking of technology innovators -- shines a spotlight on businesses that are succeeding because of their digital strategies. We take a close at look at the top five companies in this year's ranking and the eight winners of our Business Innovation awards, and offer 20 great ideas that you can use in your company. We also provide a ranked list of our Elite 100 innovators.
Twitter Feed
Audio Interviews
Archived Audio Interviews
GE is a leader in combining connected devices and advanced analytics in pursuit of practical goals like less downtime, lower operating costs, and higher throughput. At GIO Power & Water, CIO Jim Fowler is part of the team exploring how to apply these techniques to some of the world's essential infrastructure, from power plants to water treatment systems. Join us, and bring your questions, as we talk about what's ahead.