California Proposes Smart Grid Data Privacy Standards - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Government // Open Government

California Proposes Smart Grid Data Privacy Standards

Energy providers and their business partners would be required to follow fair information practices for customer data.

The California Public Utilities Commission (PUC) has released a proposed decision that would specify security and privacy requirements for all data collected and stored by smart meters.

Its 143-page proposal is open for public comment until May 26. In early June, the proposal will be considered by the commission, at which point it may adopt all, some, or none of it.

With experts warning that smart grids too often lack appropriate security controls, California's efforts could serve as a template for how other states work with power providers to improve smart meter and smart grid security.

"The proposed decision represents a significant step towards a set of smart grid privacy rules in the United States during a time that smart grid privacy is attracting increasing global attention," said attorney Timothy Tobin, an associate at law firm Hogan Lovells, in a blog post. Notably, "the European Union's Article 29 Working Party issued smart meter guidelines last month."

The commission said that smart meters are essential for reducing and streamlining energy consumption. But it also said that based on its investigations, "access to detailed, disaggregated data on energy consumption can reveal some information that people may consider private."

Accordingly, the proposed decision opts to use Fair Information Practices. In particular, the commission wants to require smart meter operators to minimize the data they collect, use it only for the intended purpose--namely, to calculate a consumer's energy bill--unless they obtain permission from the consumer to do otherwise, ensure that the data remains accurate to ensure proper billing, and use "reasonable security procedures and practices to protect a customer's unencrypted electrical or gas consumption data from unauthorized access, distribution, use, modification, or disclosure."

The state's requirements would apply to smart meters deployed by Pacific Gas and Electric Company (PG&E), Southern California Edison Company (SCE), and San Diego Gas & Electric Company (SDG&E), all of which are investor-owned electric utilities. But it would also apply to numerous other organizations that work with the utilities.

"A third party would have to comply with the PUC rules when it obtains access to customer's usage data via Home Area Network (HAN)-enabled devices that are 'locked' to automatically transfer usage data to the third party," according to a summary of the proposed directive released by the Future of Privacy Forum, an advocacy group.

"In addition, the proposed rules would require utilities to provide third parties with access to usage data that customers authorize if the third parties comply with the privacy and security rules," it said. "The PUC rejected suggestions that third parties should be required to register for certification to offer services that require access to customer energy consumption data."

The new rules won't also apply to other electrical operators or gas providers, although the commission said that it's also exploring that possibility.

Yes, you can stay safe in the cloud. In this Tech Center report, we explain the risks and guide you in setting appropriate cloud security policies, processes, and controls. Download the report now. (Free with registration.)

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Commentary
2021 Outlook: Tackling Cloud Transformation Choices
Joao-Pierre S. Ruth, Senior Writer,  1/4/2021
News
Enterprise IT Leaders Face Two Paths to AI
Jessica Davis, Senior Editor, Enterprise Apps,  12/23/2020
Slideshows
10 IT Trends to Watch for in 2021
Cynthia Harvey, Freelance Journalist, InformationWeek,  12/22/2020
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you.
Slideshows
Flash Poll