CPUC Proposes Rule to Protect Customer Data Privacy

California PUC had been directed by the state legislature to publish new rules to ensure that the major electric utilities in the state protect the privacy of smart meter data. In response, the CPUC recently published a proposed decision ["Decision Adopting Rules to Protect the Privacy and Security of the Electricity Usage Data of the Customers of Pacific Gas & Electric Company, Southern California Edison Company, and San Diego Gas & Electric Company,” May 6, 2011]. 

According to a report published in Public Utility Reports' Spark newsletter, utilities must offer residential customers bill-to-date, bill forecast data, projected month-end tiered rate, a rate calculator, and notifications to customers as they cross rate tiers. They must also work with the CAISO to streamline customer access to wholesale electricity prices. To enforce the new rules, the CPUC will require PG&E, SCE, and SDG&E each to file an advice letter within six months that provides customers with access to usage, price, and billing data. Each utility must also conduct a pilot study within six months to demonstrate how they will provide real-time or near real-time pricing information to customers.

The proposed decision makes California data privacy practices consistent with the best national privacy and security practices adopted by the Department of Homeland Security and with the policies adopted in Senate Bill 1476 approved by the California Legislature and signed by the Governor in September 2010.

California’s big three utilities Pacific Gas & Electric, Southern California Edison and San Diego Gas & Electric would file tariffs for CPUC approval that require third parties that seek access to utility customer energy data to agree to follow the same data privacy requirements the CPUC is imposing on the utility. The data privacy rules apply to any home device that uses smart meter data and is “locked” into a single provider’s platform or technology but permits customer-owned data sources outside of its authority. The ruling also applies to any services that keep collecting and using data without any active role on the customers’ part, once the customer has given permission to access. 

Companies that seek to provide services using smart meter data sign up for each utilities’ tariff programs to gain access to the data. The CPUC ruling would give the utilities six months file their tariffs and get their data access programs in service.

Customers may provide their own data to third party vendors without regard to the proposed rules or tariffs. Home energy devices that aren’t “locked” and don’t automatically transfer information to a third party fall under a different category. CPUC lacks authority over data from devices we own and use directly as customers directly because they don’t depend on acquiring data directly from the utility. The CPUC’s proposed rule says utilities must provide customers with “information concerning the potential uses and abuses of usage data should the customer forward or otherwise provide the data to another entity” for example, if they switch from one services provider to another.