The traditional central-station grid is evolving toward a more distributed architecture, accommodating a variety of resources spread out across the network. An open and thoughtful planning...
Keeping Your Kilowatts Private
A survey of state policies on release of customer data.
While the electric industry always has collected energy usage information, smart grid technology, specifically advanced metering, can dramatically increase the granularity of the information collected, and other customer-facing smart grid technologies might collect even more information to support their functions.
In contrast to data available from a standard usage meter that just measures aggregate usage, data available from advanced metering and usage monitoring technologies and other customer-facing systems—including home area networks (HAN)—might include information regarding the number and types of appliances in a home, and provide data revealing daily schedules, who works from home, and whether a house has a security system. In the case of business users, this information can reveal production schedules, volume of business, and new equipment purchases. The issues of who owns this data, and to whom and under what conditions such data is shared, initially sparked smart grid privacy concerns.
The U.S. Federal Trade Commission first broached the subject in June 1998, years before “smart grid” became a household term, in a report to Congress regarding online privacy, when the FTC promoted a detailed set of “Fair Information Practice Principles” (FIPPS). 2 For example, the Federal Trade Commission defines the five “core principles of privacy protection” as: i) notice and awareness; ii) choice and consent; iii) access and participation; iv) integrity and security; and v) enforcement and redress. 3 Other agencies since then have adopted their own sets of FIPPS. For example, the Department of Homeland Security (DHS) has adopted eight FIPPS principles: i) transparency; ii) individual participation; iii) purpose specification; iv) data minimization; v) use limitation; vi) data quality and integrity; vii) security; and viii) accountability and auditing. 4 Regarding energy usage and the smart grid, however, the DOE, NIST, and White House reports are key.
DOE issued its report Data Access and Privacy Issues Related to Smart Grid Technologies (DOE privacy report) in October 2010, based on input received in response to a request for information issued earlier that year, as well as during public meetings held in the summer of 2010. 5 The DOE report focuses on the legal and regulatory aspects of protecting and controlling the sharing of customer data, and acknowledges that state and local governments should still play leading roles in deploying smart grid technologies and regulating consumer privacy. 6 Among the key findings summarized in the DOE Report: 1) utilities should continue to have access to customer-specific energy usage data as required for their utility business purposes; 2) consumers should be able to access their own energy usage and to decide whether third parties other than the utility are entitled to access it; and 3) states must carefully consider the conditions under which consumers can authorize access to customer-specific energy usage data. 7 The DOE found substantial consensus that utilities shouldn’t be permitted to disclose customer-specific data to third parties unless the customer has provided affirmative, informed consented to such disclosure. 8
The NIST Guidelines for Smart Grid Cyber Security: Vol. 2, Privacy and the Smart Grid (NIST privacy guidelines), issued in August 2010, focused primarily on the appropriate technical standards