Skip to main content

Privacy and the Smart Grid: California Public Utilities Commission Adopts Smart Grid Data Protection Rules

Written by Julia Siripurapu

Recently the California Public Utilities Commission (CPUC) in a unanimous decision approved data protection rules for the following Smart Grid providers: Pacific Gas and Electric Company, Southern California Edison, San Diego Gas and Electric Company, and the companies that assist them in utility operations, companies under contract with the utilities, and other companies that, after authorization by a customer or by the action of the CPUC, gain access to such customer's usage data directly from the utility.

In addition to the rules protecting the privacy and security of customers’ energy consumption data generated by smart meters and transmitted by the Smart Grid, the CPUC’s decision adopted (1) reporting and audit requirements regarding the utilities’ data privacy and security practices, third-party access to customer usage information, and security breaches of customer usage information, and (2) policies to govern access to customer usage data by customers and by authorized third parties. For example, utilities are required to provide pricing, usage, and cost data to customers online, and the data must be updated at least on a daily basis and made available to customers by the next day. The Colorado and Ohio Public Utilities Commissions are also considering Smart Grid privacy rules and the Vermont Public Service Board is evaluating privacy considerations as part of its implementation of Smart Grid technology.

As way of background, “Smart Grid” refers to the digital technology used to computerize and automate the traditional electric utility grid. This technology allows for two-way digital communication between a smart meter device installed at a consumer’s home and the electric utility’s network operations center regarding energy consumption for monitoring and billing purposes. Congress allocated $4.5 billion in the American Recovery and Reinvestment Act (“Recovery Act”) to the Department of Energy’s Office of Electricity Delivery and Energy Reliability for investment in Smart Grid activities. On June 13, the Department of Energy announced that more than five million smart meters have been installed in homes across the country as part of Recovery Act-funded efforts to accelerate modernization of the nation's electric grid, and as of today, electric utilities in 51 U.S. states and territories were awarded Smart Grid grants.

Advocates of the Smart Grid argue that this technology allows consumers to use energy resources more efficiently and to save money on their utility bills. For more information on Smart Grid technology, click here. Also, here is a good discussion of privacy concerns of the Smart Grid.

Subscribe To Viewpoints


Cynthia J. Larose

Member / Co-Chair, Privacy & Cybersecurity Practice

Cynthia J. Larose is Chair of the firm's Privacy & Cybersecurity Practice, a Certified Information Privacy Professional-US (CIPP-US), and a Certified Information Privacy Professional-Europe (CIPP-E). She works with clients in various industries to develop comprehensive information security programs on the front end, and provides timely counsel when it becomes necessary to respond to a data breach.