California Looks to Protect Smart Meter Data

The California Public Utilities Commission has proposed state rules for ensuring the security of data collected by new smart metering technology.

California's Public Utilities Commission (PUC) has proposed a new set of rules for protecting the security and privacy of consumer data collected by the state's utility companies via new smart metering technology .

The proposal aims to secure customer usage data collected by smart meters deployed by the Pacific Gas and Electric Company, the San Diego Gas & Electric Company and Southern California Edison. The rules would also cover all contractors and other third parties that work with utility companies in the state and have access to the usage data.

A 143-page document detailing the proposed rules was released by the utilities commission earlier this month and is open for public comment until the end of May.

If the rules are adopted, California would become the first state to implement standards for protecting the privacy of data collected by smart meters.

The U.S. Department of Energy along with several privacy groups have issued warnings about privacy risks posed by the collection and use of electricity usage data from smart meters.

Smart meters, designed to collect energy consumption data from homes and to transmit it back to power distribution companies for billing, network and demand management purposes, are a crucial component of the smart grid.

The technology is also designed to let consumers view their energy usage patterns in near-real time to help them better manage home energy use.

While smart meters are expected to help utility companies and consumers better manage electricity consumption, critics and some backers have expressed concerns that they could disclose detailed information about the behavior and activities of households. In fact, the federal Energy Department last year called for regulating how utility companies can collect, store, access and share data collected by smart meters.

California's proposed rules would require that utility companies implement specific steps for controlling third-party access to the data, and to allow consumers to have greater control of it. For example, utility companies would have to provide consumers with up-to-date billing data, forecast data, rate calculators, and to notify customers when their usage crosses different rate tiers.

Customers would also eventually have access to near real-time usage, pricing and billing data under the proposal.

The rules would require utilities to give consumers greater opt-in and opt-out control over the manner in which their electricity usage data is accessed and used by any third-party contractors.

Consumers would also get clear disclosure about what data utility companies are collecting, how it is used and who has access to it. Utility companies would be required to minimize data collected and would be responsible for ensuring that contractors and other third-party partners handle consumer data according to the rules.

If adopted, the rules could become a model for other states, much like California's landmark SB 1386 data breach notification rules that became law in 1993.

Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan , or subscribe to Jaikumar's RSS feed . His e-mail address is .

Read more about gov't legislation/regulation in Computerworld's Gov't Legislation/Regulation Topic Center.

Copyright © 2011 IDG Communications, Inc.

22 cybersecurity myths organizations need to stop believing in 2022