California adopts nation’s first privacy and security rules for smart grid customer data

The CPUC is requiring utilities to regularly conduct independent security audits of their wireless meters and to restrict the access of third parties, such as energy-efficiency consultants, to customers' personal details.

In addition to the privacy and security rules, the commission is requiring utilities to provide pricing, usage, and cost data to customers online and update the data at least on a daily basis. Each day's usage data, along with applicable price and cost details, must be available by the next day.

The new rules apply to Pacific Gas and Electric Company, Southern California Edison, San Diego Gas and Electric Company, the companies that assist utilities in their operations, companies under contract with the utilities, and other companies that, after authorization by a customer or by the action of the CPUC, gain access to a customer's usage data directly from a utility.

CPUC President Michael R. Peevey commented: "Our action today will protect the privacy and security of customer usage data while enabling utilities and authorized third-parties to use the information to provide useful energy management and conservation services to customers. The rules and policies we've adopted are the first such in the nation and should serve as a national model. They are also consistent with privacy and security principles adopted by the Department of Homeland Security and with the policies adopted in Senate Bill 1476, bringing California's practices into conformity with the best national privacy and security practices."

Phase 2 of the CPUC's smart grid proceeding will explore whether the privacy and security rules and data disclosure policies should also apply to community choice aggregators and electrical service providers.

What’s Hot on Infosecurity Magazine?