California's three big investor-owned utilities (IOU) – Pacific Gas & Electric, San Diego Gas & Electric and Southern California Edison – received ruling on July 28, 2011 regarding customer data access and privacy. This order from California Public Utility Commission (CPUC) is an implementation of an already passed Senate Bill (SB) 1476, pertaining to consumer privacy in the smart metering infrastructure. With this ruling in place, commission will closely monitor the three IOUs activitie
The ruling has two components:
- Development of the home area network and real-time information display - Utility is to provide as much real-time information possible to the consumer about the energy consumption and rate calculation. For instance, the commission requires each utility to provide pricing, usage, and cost data to customers. In addition, this data should be available to customers online and on a daily basis. The daily data is captured and updated hourly or 15-minute interval, matching to the smart meter configurations. The ruling also requires each utility to develop a home area network (HAN) implementation plan. The plan should include an initial pilot of at least 5000 HAN devices to the early adopter. The commission feels certain that deployment of HAN will further enable demand response, time of use, and home energy management, and distributed generation activities.
- Adoption of data security and privacy practices - The topic of data security and privacy is discussed in length in this ruling. The commission has tried to align its security and privacy practices with various guidelines such as those from Department of Homeland Security and Fair Information Principles (FIP). Essentially, any utility, third party that provides services to utilities, third party that access customer information either directly from the customer or through a utility are liable to comply by the SB1476; it's called "covered entity". In addition, the 'covered information' is any customer data that helps identify the individual as collected over the Advanced Metering Infrastructure (AMI). Utility companies are also required to give access to third parties, when authorized by the consumers, via its backhaul network. Commission also mandates that utilities conduct independent security audits of their infrastructure on a regular basis.
What it means to utilities – It's a bit early to assess the impact of this decision on utilities. However, it's certain that utilities will have to show rigor and commitment to protecting customers' data as well as providing access to energy management tools. Three IOUs are either already working or have plans to strengthen security and customer enablement. They have recently presented their roadmaps to the commission that focus on number of concerned areas. However, the close monitoring from commission will generate some unease among the utility companies, as they may have to prioritize certain projects which were left on the back burner.
California users are early adopters of smart grid; as in the words of one smart grid utility leader, customers are pushing them to implement many technologies. In another example, California was one of the first states to issue a security breach notification law for the companies dealing with consumers' personally identifiable information. Today many states either have such a law or some parts of it. State regulators will look at California as an example in this respect in the future, although adoption may be more gradual and will depend on smart grid deployment.
What it means to the technology provider - Technology providers that act as service providers to the utility will be under some scrutiny. They will have to develop solutions with security and privacy in mind. At the same time, this initiative will open newer opportunities to the technology providers in the areas of security, privacy, and home energy management.
We'll like to hear your thoughts on this news.