The concept of “informational privacy” is presently undergoing a dramatic new interpretation as a result of new technologies and digital transactions. Playing a rather prominent role in this debate is the smart grid and its array of new devices, which in turn puts electric utilities right in the thick of the national privacy debate.

The concept of an individual’s right to privacy is, relatively speaking, a modern concern. In fact, it was not until early in the 20th Century that the U.S. Supreme Court first began to recognize an individual’s constitutional right to privacy. Even more recently, the concept of “informational privacy” was born and is presently undergoing a dramatic new interpretation as a result of new technologies and digital transactions. Playing a rather prominent role in this debate is the smart grid and its array of new devices, which in turn puts electric utilities right in the thick of the national privacy debate. The debate is enormously important for the energy industry as it has regulatory, business, and customer-relations implications that, no matter how the debate is resolved, will undoubtedly impact electric utilities and the ways in which they conduct their business.

Out of the approximately 3,000 electric utilities in the U.S., a significant number of them are planning, developing, and deploying smart meters and other smart grid related technologies in their service territories. The number of applications that can be used on the smart grid once data communications technologies are deployed is growing fast, but what the applications have in common is that they enable the transmission of customer data back to utilities, where it can be used for a number of important planning and forecasting functions, such as forecasting load, controlling demand, and assisting customers in reducing their own usage. Once it is transmitted back to the utility, customer data is often stored in utility servers for a period of time. There are security concerns in both the transmitting and storage cycles because, regardless the devices or communications infrastructure selected by a utility, no system is 100-percent immune from security malfunctions and outright attacks.

Thus, part of the national debate is what kinds of electric utility customer data should be considered private? Some kinds of data may more obviously warrant protection, such as social security numbers, birth information, and financial institute account numbers. Other kinds of data are not so obvious, like which types of home appliances are being used, their frequency of usage, consumption amount, and the carbon footprint left by the use of the appliances. Customers are increasingly skeptical about the installation of these intelligent monitoring devices on their premises, and how the data that is collected will be used and safeguarded.

The policy debate is unfolding on both the individual state and federal levels. This in itself is significant because there is no small amount of uncertainty about which entity will ultimately have the jurisdictional authority to impose enforceable codes of conduct on electric utilities to protect their customers’ data. Some would argue that state public commissions are in the best position to set customer privacy regulations given their jurisdiction over distribution of electricity in their respective states. Others believe that a federal entity, like the Federal Energy Regulatory Commission (FERC), is better suited to build privacy controls into the smart grid model so that a consistent privacy standard can exist across the country and throughout the grid.

Unfolding simultaneously with the policy debate is the effort of the National Institute of Standards and Technology (NIST) to develop the technical standards and protocols for cyber security protection of the nation’s energy infrastructure. NIST is required by the Energy Independence and Security Act of 2007 to coordinate the development of a framework that includes protocols and model standards that are applicable to achieve interoperability of smart grid devices and systems. NIST has also taken up the specific issue of customer privacy with the development of a set of “privacy controls” that are presently under review.

While both the policy debate and the tactical process of standards development continue to unfold, there are immediate actionable strategies that electric utilities—particularly those planning or implementing a smart grid project, would be advised to take.

To learn more about customer privacy, the Smart Grid or West Monroe Partners, please contact Will McNamara at wmcnamara@westmonroepartners.com.