Government // Open Government
02:09 PM
Core System Testing: How to Achieve Success
Oct 06, 2016
Property and Casualty Insurers have been investing in modernizing their core systems to provide fl ...Read More>>

California Proposes Smart Grid Data Privacy Standards

Energy providers and their business partners would be required to follow fair information practices for customer data.

The California Public Utilities Commission (PUC) has released a proposed decision that would specify security and privacy requirements for all data collected and stored by smart meters.

Its 143-page proposal is open for public comment until May 26. In early June, the proposal will be considered by the commission, at which point it may adopt all, some, or none of it.

With experts warning that smart grids too often lack appropriate security controls, California's efforts could serve as a template for how other states work with power providers to improve smart meter and smart grid security.

"The proposed decision represents a significant step towards a set of smart grid privacy rules in the United States during a time that smart grid privacy is attracting increasing global attention," said attorney Timothy Tobin, an associate at law firm Hogan Lovells, in a blog post. Notably, "the European Union's Article 29 Working Party issued smart meter guidelines last month."

The commission said that smart meters are essential for reducing and streamlining energy consumption. But it also said that based on its investigations, "access to detailed, disaggregated data on energy consumption can reveal some information that people may consider private."

Accordingly, the proposed decision opts to use Fair Information Practices. In particular, the commission wants to require smart meter operators to minimize the data they collect, use it only for the intended purpose--namely, to calculate a consumer's energy bill--unless they obtain permission from the consumer to do otherwise, ensure that the data remains accurate to ensure proper billing, and use "reasonable security procedures and practices to protect a customer's unencrypted electrical or gas consumption data from unauthorized access, distribution, use, modification, or disclosure."

The state's requirements would apply to smart meters deployed by Pacific Gas and Electric Company (PG&E), Southern California Edison Company (SCE), and San Diego Gas & Electric Company (SDG&E), all of which are investor-owned electric utilities. But it would also apply to numerous other organizations that work with the utilities.

"A third party would have to comply with the PUC rules when it obtains access to customer's usage data via Home Area Network (HAN)-enabled devices that are 'locked' to automatically transfer usage data to the third party," according to a summary of the proposed directive released by the Future of Privacy Forum, an advocacy group.

"In addition, the proposed rules would require utilities to provide third parties with access to usage data that customers authorize if the third parties comply with the privacy and security rules," it said. "The PUC rejected suggestions that third parties should be required to register for certification to offer services that require access to customer energy consumption data."

The new rules won't also apply to other electrical operators or gas providers, although the commission said that it's also exploring that possibility.

Yes, you can stay safe in the cloud. In this Tech Center report, we explain the risks and guide you in setting appropriate cloud security policies, processes, and controls. Download the report now. (Free with registration.)

Comment  | 
Print  | 
More Insights
Threaded  |  Newest First  |  Oldest First
Time to Reconsider Enterprise Email Strategy
Time to Reconsider Enterprise Email Strategy
Cost, time, and risk. It's the demand trifecta vying for the attention of both technology professionals and attorneys charged with balancing the expectations of their clients and business units with the hard reality of the current financial and regulatory climate. Sometimes, organizations assume high levels of risk as a result of their inability to meet the costs involved in data protection. In other instances, it's time that's of the essence, as with a data breach.
Register for InformationWeek Newsletters
White Papers
Current Issue
Top IT Trends to Watch in Financial Services
IT pros at banks, investment houses, insurance companies, and other financial services organizations are focused on a range of issues, from peer-to-peer lending to cybersecurity to performance, agility, and compliance. It all matters.
Twitter Feed
InformationWeek Radio
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.