California adopts security standards for smart meters

The California Public Utilities Commission (CPUC) (San Francisco, Calif., U.S.A.), a state regulator of utility companies, recently approved rules to protect the privacy and security of customer usage data generated by smart meters as part of its efforts to build a smart grid for California.

This bill prohibits an electrical or gas corporation from sharing or disclosing a customer’s consumption data to a third party, providing incentives or discounts to a customer for access without consent, and keeping information associated with the smart grid safe, according to the set of standards document. The bill also requires that electrical or gas corporations, which utilize an advanced metering infrastructure that allows a customer to access their consumption data, ensure that customers have the option of accessing data without being required to share his or her personally identifiable information with a 3rd party.

“Our investigation shows that access to detailed, disaggregated data on energy consumption can reveal some information that people may consider private,” says the document. “Thus, the inadvertent release or the theft of this data could provide information that diminishes the privacy of electricity users.”

In addition to the adopted rules protecting the privacy and security of usage data, the decision requires utilities to provide pricing, usage, and cost data to customers online and updated on a daily basis, says CPUC. Each day's usage data, along with applicable price and cost details, and with hourly or 15-minute granularity (matching the time granularity programmed into a smart meter), must be available by the next day.

According to the CPUC, data on energy consumption generated by smart meters and transmitted by the smart grid will prove critical to future conservation and grid management efforts. Enabling consumers and companies to assess and act on this information is key to advancing many of California's energy policies, such as promoting conservation, reducing demand in response to grid events and price signals, reducing summer peak demands, and efficiently incorporating renewable energy and electric vehicles into grid operations, says CPUC.

The unanimous decision by CPUC applies to all the major utilities companies, including Pacific Gas and Electric Company, Southern California Edison, San Diego Gas and Electric Company, the companies that assist utilities in their operations, companies under contract with the utilities, and other companies that, after authorization by a customer or by the action of CPUC, gain access to a customer's usage data directly from a utility, according to CPUC.

"The rules and policies we've adopted are the first such in the nation and should serve as a national model,” said Michael R. Peevey, CPUC president. “They are also consistent with privacy and security principles adopted by the Department of Homeland Security and with the policies adopted in Senate Bill 1476."

In the standards document, CPUC acknowledged that state and federal legislation pertaining to the smart grid are new, which means legal issues can arise over CPUC’s jurisdiction over data. Because of this, CPUC held a briefing cycle to address any questions or issues companies had on the matter.

The second phase of this smart grid proceeding will explore whether the rules and policies adopted in this decision should also apply to community choice aggregators and electrical service providers, according to CPUC.

ArticleTools