California PUC Proposes Energy Data Privacy Rules

The California Public Utilities Commission (CPUC) issued a proposed decision regarding the privacy and security of electricity usage data on May 6.  This proposal sets the stage for how consumer consumption data is managed by the three investor-owned utilities (IOUs) in California – Pacific Gas and Electric, Southern California Edison, and San Diego Gas and Electric.  Energy use data is created by Smart Grid technologies – specifically smart meters, and displayed through a variety of devices that range from web-based portals using computers, smart phones, or dedicated in-home displays (IHDs).  

The proposed privacy rules are based on the Fair Information Practice (FIP) Principles, which originated in 1973 and have subsequently become the basis of many privacy laws in the USA and many other countries.  Descriptions of these principles and additional information about data privacy can be found at the Organisation for Economic Cooperation and Development (OECD) website.

The CPUC assessed how the FIP principles map to provisions in the Public Utility Code and a California law passed in 2010 – SB1376 – that specifically addressed energy use data.  Analysis determined that there is clear alignment with five principles – Transparency, Individual Participation, Purpose Specification, Use Limitation and Data Security.  The principles that did not have direct linkages are still considered to be “consistent with California law and policy objectives”.

As part of this proposed decision, the California IOUs must deliver pricing, usage and cost data to residential customers, including bill-to-date, bill forecast data, projected month-end tiered rate, a rate calculator, and notifications to customers as they cross rate tiers.  The IOUs must also improve customer access to wholesale electricity prices.  California takes another step closer to realtime pricing with the requirement that the IOUs must initiate studies within 6 months on how to provide this information to customers.  And the IOUs must start pilots that provide consumers with direct access to the information in smart meters and support for HAN-enabled devices.  These are all exciting developments to accelerate new service offerings that help consumers manage their energy consumption and demonstrate the value of the ongoing investments in smart meters and other Smart Grid technologies. 

The decision also responded to questions about the jurisdiction of the CPUC over data created by smart meters and those obtaining access to this data through utilities.  Regardless of how the data is obtained – from smart meters or from third party devices, the CPUC stated it will ensure equal regulatory treatment for third parties who acquire usage data from the utility via a smart meter or through an internet-connected device.  However, it ducked the question about whether or not it has the authority to regulate either the customer or other entities that acquire any energy usage data that bypasses the utility.  A separate phase of this proceeding will address whether or not these rules apply to gas corporations, community choice aggregators, energy service providers, and other electric utilities outside of the IOUs. 

The full Commission has to act on this proposal, and has the options to enact some or all of it; modify some or all of it; or ignore it and prepare its own decision.   Comments may be filed on this proposed decision, and I’m sure we’ll see a number of parties offering reactions. 

These data privacy policies are crucial to help deliver promised Smart Grid benefits to California consumers, and should be implemented as soon as possible.  To avoid confusion on the part of consumers, the same privacy policies and practices should be extended to all parties that could gain consumer-authorized access to that energy use data, regardless of whether it is obtained from the utility or from another source.