FPF Summary of CPUC Smart Grid Rules

FPF Summary of CPUC Smart Grid Rules

On May 6, 2011, the California Public Utilities Commission (CPUC) issued a proposed decision addressing privacy and security concerns around the Smart Grid.  The CPUC proposed decision is significant, because it presents the most significant step yet in the U.S. towards a comprehensive set of smart grid privacy rules. 
With that in mind, we have prepared a brief summary of the CPUC proposed decision to help navigate the terrain.  

Among the highlights: 

  • Overall, the proposed decision develops a regulatory framework that is wide-ranging in reach.  It would apply privacy and security rules to customers of California’s three investor-owned electric utilities offering or proposing to install smart meters, and extend the proposed rules to the companies that contract with these utilities. 
  • Most notably, the proposed rules would also apply, by utility tariffs, to certain third party companies that are not in contractual privities with a utility.
  • Specifically, a third party would have to comply with the PUC rules when it obtains access to customer’s usage data via Home Area Netwok (HAN)-enabled devices that are “locked” to automatically transfer usage data to the third party. 
  • According to the proposed rules, a covered entity would have to provide customers with transparency through a notice and privacy policy that will be “meaningful, clear, accurate, specific, and comprehensive notice regarding the collection, store, use, and disclosure of covered information.”  Customers would be given access to, and a certain level of control over the collection, storage, use and disclosure of their covered information.  
  • The proposed rules would require utilities to provide third parties with access to usage data that customers authorize if the third parties comply with the privacy and security rules. 

There are several principles targeted toward data management. Covered entities will be limited in their ability to collect data—only information that is “reasonably necessary” or “authorized by the Commission” to accomplish primary or secondary purposes.  Covered entities must have prior customer consent to collect, store and use information, except that electrical corporations may collect and store customer data without customer consent if for a primary purpose.  Subject to certain conditions, covered entities may share information with service providers without consent.  Covered entities must also ensure the quality, integrity, and security of the data. Finally, the PUC imposes data security and privacy audit and reporting requirements which include providing copies of the privacy notices for customers, internal privacy and data security policies, third party disclosure information and secondary uses authorization forms.  The PUC rejected suggestions that third parties should be required to register for certification to offer services that require access to customer energy consumption data.

For a more comprehensive look into the proposed decision, see the FPF summary here

The CPUC is accepting comments regarding its proposed rules until May 26, 2011, with reply comments due five days after that deadline.  FPF will be filing its comments in the upcoming weeks.

Many thanks to our colleague Tim Tobin for his excellent and comprehensive review of the decision.

Leave a Reply


Privacy Calendar

Sep
17
Wed
all-day IAPP Privacy Academy and CSA Con... @ San Jose Convention Center
IAPP Privacy Academy and CSA Con... @ San Jose Convention Center
Sep 17 – Sep 19 all-day
This fall, the International Association of Privacy Professionals (IAPP) and Cloud Security Alliance (CSA) are bringing together the IAPP Privacy Academy and the CSA Congress under one roof, giving you access to even more valuable[...]
Sep
19
Fri
The NSA, Privacy and the Global ... @ Georgetown Law Center
The NSA, Privacy and the Global ... @ Georgetown Law Center
Sep 19 @ 1:15 pm – 2:45 pm
WHAT The NSA, Privacy and the Global Internet: Perspectives on Executive Order 12333 WHEN Friday, September 19, 2014 1:15 – 2:45 p.m. WHERE Georgetown University Law Center McDonough Hall, Room 200 600 New Jersey Avenue,[...]
Sep
23
Tue
Mapping Issues with the Web: An ... @ Tow Center for Digital Journalism/Columbia Journalism School
Mapping Issues with the Web: An ... @ Tow Center for Digital Journalism/Columbia Journalism School
Sep 23 @ 5:00 pm – 6:30 pm
On the occasion of Bruno Latour’s visit to Columbia University, this presentation will show participants how to operationalize his seminal Actor-Network Theory using digital data and methods in the service of social and cultural research.
Sep
26
Fri
Yale Day of Data @ Yale University
Yale Day of Data @ Yale University
Sep 26 @ 8:30 am – 5:00 pm
This day-long event will focus on data science and partnerships across industry, academia, and government initiatives. The day will also include presentations by eight Yale faculty and researchers on issues specific to research data management,[...]
Oct
11
Sat
City by Numbers: Big Data and th... @ Pratt Institute
City by Numbers: Big Data and th... @ Pratt Institute
Oct 11 @ 9:30 am – 6:00 pm
Big Data—the exponential growth and availability of information—is one of the defining phenomena of our time. It affects us all on different levels – with far-reaching social, environmental, and governmental significance. To help make sense[...]
Oct
21
Tue
Consumer Action’s 43rd Annual Aw... @ Google
Consumer Action’s 43rd Annual Aw... @ Google
Oct 21 @ 6:00 pm – Oct 21 @ 8:00 pm
To mark its 43rd anniversary, Consumer Action’s Annual Awards Reception on October 21, 2014, will celebrate the theme of “Train the Trainer.” Through the power of individual and small group trainings, Consumer Action each year is[...]

View Calendar