Privacy & Information Security Law Blog

On October 5, 2010, the Department of Energy (“DOE”) released a report entitled “Data Access and Privacy Issues Related to Smart Grid Technologies.”  The idea behind the Smart Grid is that electricity can be delivered more efficiently using data collected through monitoring consumers’ energy use.  In connection with the preparation of its report, the DOE surveyed industry, state and federal practices with respect to Smart Grid technologies, focusing on the issue of residential consumer data security and privacy.  The DOE noted that advanced meters or “smart meters” were a focal point of the report due to their “ability to measure, record and transmit granular individual consumption.”  That said, a Smart Grid consists of “hundreds of technologies and thousands of components, most of which do not generate data relevant to consumer privacy.”

Some of the key findings in the DOE’s report are summarized below.

• There is considerable consensus that consumer education and flexibility regarding Smart Grid technologies, as well as the pace of deployment of such technologies, will be critical to their long-term success.
• Many Smart Grid technologies generate granular or detailed consumer-specific energy-usage data (“CEUD”) that could reveal personal details about the lives of consumers, “such as their daily schedules (including times when they are at or away from home or asleep), whether their homes are equipped with alarm systems, whether they own expensive electronic equipment such as plasma TVs, and whether they use certain types of medical equipment.”  Because data of this nature is both valuable and sensitive, adequate privacy protections are necessary.
• Utilities should continue to have access to CEUD and be able to use CEUD for utility-related business purposes.
• There is almost universal consensus that consumers should be able to access their CEUD.  Moreover, consumers should be able to decide whether and for what purposes, other than the provision of electrical power, any third-party should be authorized to access their CEUD.
• Although the report focused on residential consumer data security and privacy, many commentators agree that the energy-usage data of commercial or organizational consumers of utilities should be treated as CEUD and commercial or organizational consumers should be able to protect the privacy of their energy-usage data.
• The deployment of Smart Grid technologies should be flexible and take into consideration the special circumstances of rural, low-income, minority and elderly electric utility consumers.
• States should focus on whether, or how, they should regulate the process through which consumer can authorize third-party access to their CEUD.
• A central “clearinghouse” for available information about practices and information relating to the regulation of the privacy and data protection aspects of the Smart Grid technologies should be created.

This report was released with a companion report entitled “Informing Federal Smart Grid Policy: The Communications Requirements of Electric Utilities,” which offers specific recommendations for meeting these communications requirements.  Both reports were prepared to respond to recommendations made in the Federal Communications Commission’s National Broadband Plan.