Department of Energy.
Request for Information.
The Department of Energy (DOE) is seeking comments and information from interested parties to assist DOE in understanding current and potential practices and policies for the states and other entities  to empower consumers (and perhaps others) through access to detailed energy information in electronic form—including real-time information from smart meters, historical consumption data, and pricing and billing information. This request for information (RFI) asks interested parties, including industry, consumer groups and State governments, to report on State efforts to enact Smart Grid privacy and data collection policies. This RFI also seeks input regarding individual utility practices and policies regarding data access and collection; third party access to detailed energy information; and the role of the consumer in balancing the benefits of access and privacy. Finally, this RFI seeks comment on what policies and practices should guide policymakers in determining who can access consumers' energy information and under what conditions.
Comments must be postmarked by no later than July 12, 2010. Reply comments must be postmarked by no later than July 26, 2010.
You may submit comments, identified by “NBP RFI: Data Access,” by any of the following methods:
Federal eRulemaking Portal: http://www.regulations.gov. Follow the instructions for submitting comments.
E-mail: firstname.lastname@example.org. Include “NBP RFI: Data Access” in the subject line of the message.
Mail: U.S. Department of Energy, Office of the General Counsel, 1000 Independence Avenue, SW., Room 6A245, Washington, DC 20585.
FOR FURTHER INFORMATION CONTACT:
Maureen C. McLaughlin, Senior Legal Advisor to the General Counsel (202) 586-5281; email@example.com.
For Media Inquires you may contact Jen Stutsman at 202-586-4940.End Preamble Start Supplemental Information
The promise  of the Smart Grid is enormous and includes improved reliability, flexibility and power quality, reduction in peak demand, reduction in transmission congestion costs, environmental benefits gained by increased asset utilization, increased security, increased energy efficiency and increased durability and ease of repair in response to attacks or natural disasters. But the Smart Grid also presents new challenges. In particular, many of its benefits could be reduced or delayed and avoidable harms caused unless the Smart Grid adequately respects consumers' reasonable—and often widely differing—expectations of privacy, expectations that could be compromised if detailed household energy consumption data is made too readily available, too inaccessible, or incorrectly anonymized. The Smart Grid is also likely to create a far more interactive relationship between utilities and consumers that will raise new questions about how to ensure that detailed energy data is properly collected, reported, managed, shared and disclosed in ways that are both lawful and adequately transparent to consumers.
This RFI seeks to collect information and open a dialogue about the challenges inherent in empowering consumers, utilities, and third parties to realize the many potential benefits of the Smart Grid, while protecting reasonable consumer expectations of privacy and security, and ease-of-access and providing the flexibility to manage both.
In the context of the Smart Grid, privacy and access are not so much conflicting goals as they are complementary goods: the value of the Smart Grid to consumers, utilities, and third parties depends upon its capacity to encourage and accommodate unpredicted innovations while making usage data reasonably available to those who should have it and respecting consumers' reasonable interests in choosing how to balance the benefits of access against the protection of personal privacy and security. Only solutions that accommodate all of these critical values will maximize the value of the Smart Grid to consumers, utilities, third-party service providers and innovators, and State and Federal governments.
In early 2009, Congress directed the Federal Communications Commission (“FCC”) to create the recently released National Broadband Plan (“NBP”). As Congress instructed, the NBP makes recommendations to various government entities, including Executive Branch agencies like DOE. In particular, the NBP recommended that DOE should consider consumer data accessibility policies when evaluating Smart Grid grant applications, report on states' progress toward enacting consumer data accessibility policies, and develop best-practices guidance for the states. More generally, the NBP's recommendations seek to modernize the electric grid with broadband by increasing reliability and efficiency, to unleash energy innovation in homes and buildings by making energy-usage data readily accessible to consumers, and to improve the energy efficiency and environmental impact of the Information and Communication Technologies (ICT) sector by integrating broadband into the developing Smart Grid.
These new recommendations recognize and build upon DOE's years Start Printed Page 26204of ongoing efforts to assess, implement and deploy Smart Grid technologies. These ongoing efforts implement existing legislation intended to encourage the use of such technologies to attain greater energy independence and security.
The Energy Independence and Security Act (EISA) of 2007 established “modernization of the nation's electricity transmission and distribution system” as a U.S. policy goal. Among other things, EISA directed DOE to establish a Smart Grid Task Force whose responsibilities include developing widely accepted smart-grid standards and protocols. EISA also directed the National Institute of Standards and Technologies (NIST) to develop a framework of standards and protocols to ensure interoperability and security for the Smart Grid. Once the Federal Energy Regulatory Commission (FERC) concludes that NIST has developed “sufficient consensus,” EISA then directs FERC to “institute a rulemaking proceeding to adopt such standards and protocols as may be necessary to insure smart-grid functionality and interoperability in interstate transmission of electric power, and regional and wholesale electricity markets.” On July 16, 2009, FERC issued a Policy Statement on Smart Grid Policy, which acknowledged that EISA does not make any such standards mandatory and gave FERC no new authority to enforce such standards. For more than two years, DOE-NIST-FERC coordination on these standards has been ongoing through the Federal Smart Grid Task Force, the EISA-mandated group that involves agencies from across the Federal government.
Section 1307 of EISA also amended section 111(d) of the Public Utilities Regulatory Policy Act (PURPA) by adding two paragraphs regarding the Smart Grid, paragraphs 18 and 19 in 16 U.S.C. 2621(d). As amended, PURPA requires states and other entities to decide whether to adopt a policy requiring its electric utilities to show why they did not invest in qualified smart grid technologies before investing in non-advanced grid technologies. In addition, states and other entities must consider imposing requirements for information disclosure to customers and others regarding price, usage, intervals and projection, sources and customer access to their own electric consumption information at any time through the Internet or other means elected by the utility for Smart Grid applications. EISA requires that states and other entities make such decisions no later than 2 years after December 19, 2007.
DOE's Preliminary Review of Some Ongoing Federal and State Efforts to Implement the Smart Grid-Related Obligations Imposed by EISA and PURPA
To advance its ongoing policies and programs, to implement certain recommendations in the NBP, and to focus this RFI, DOE initiated an informal, high-level review of the status of ongoing Federal, State, and private efforts to implement the Smart Grid related provisions of EISA and PURPA. Even this informal review reveals some of the important issues arising as Federal, State and private entities have begun developing, deploying, and implementing Smart Grid technologies. The following summary is intended to highlight a few of these issues.
Various entities are consulting an array of guidelines and principles when framing their approaches to access-and-privacy issues. For example, to further coordinate development of a framework to achieve interoperability of Smart Grid devices and systems, including protocols and model standards for information management, NIST released Draft Interagency Report 7628 (Feb. 2010)—Smart Grid Cyber Security: Strategy and Requirements. This Draft NISTIR was developed by members of the Smart Grid Interoperability Panel-Cyber Security Working Group (SGIP-CSWG). The Draft Report focuses on security and privacy, two areas that will be important to the success of Smart-Grid development, deployment and implementation.
The SGIP-CSWG Privacy Sub-group conducted a high-level privacy impact assessment (PIA) for the consumer-to-utility portion of the Smart Grid and considered the privacy impacts and risks throughout the entire Smart Grid structure. While the evolving Smart Grid will provide enormous societal benefits including better asset utilization and grid reliability, it will also present potential privacy risks. The ability to access, analyze and respond to much more precise and detailed data from all levels of the electric grid is one of the major benefits of the Smart Grid, but those benefits could be lost or substantially delayed unless consumers recognize that Smart Grid technologies also respect their reasonable expectations of privacy and data security, particularly when usage data and data extrapolations can be associated with individual consumers or locations. The PIA also noted that State utility commissions currently lack formal privacy policies or standards related to the Smart Grid, and that comprehensive and consistent definitions of privacy-affecting information with respect to the Smart Grid typically do not exist at State or Federal regulatory levels, or within the utility industry.
As a result of the assessment, the Privacy Sub-group developed a preliminary set of privacy principles using the following sets of widely accepted privacy principles: The OECD Privacy Principles, the Generally Accepted Privacy Principles (GAPP), and principles from the international information security standard ISO/IEC 27001. The Sub-group considered these to be very general privacy principles designed to be applicable across a broad range of industries; they are not mandatory requirements. These privacy principles are: Management and accountability; notice and purpose; choice and consent; collection and scope; use and retention; individual access; disclosure and limiting use; security and safeguards; accuracy and quality; and, openness, monitoring, and challenging compliance.
Another potential framework for considering privacy and consumer security issues is the Fair Information Practice Principles (FIPPs) adopted by the U.S. Department of Homeland Security (DHS). The FIPPs form the basis of the Department's privacy compliance policies and procedures governing the use of personally identifiable information (PII). These Start Printed Page 26205principles are: Transparency, Individual Participation, Purpose Specification, Data Minimization, Use Limitation, Data Quality and Integrity, Security, and Accountability and Auditing.
The FIPPs are a widely accepted framework that implement the core provisions of the Privacy Act of 1974 and are mirrored in the laws of many U.S. states, as well as the laws of many foreign nations and international organizations.
While Federal entities have been analyzing the privacy and security implications of the Smart Grid, State public utilities commissions have been conducting their own inquiries and rulemakings on consumer access to energy-usage data. For example, on December 29, 2009, the California Public Utilities Commission issued Decision 09-12-046, Decision Adopting Policies and Findings Pursuant to the Smart Grid Policies.
The decision adopts policies for the three major investor-owned public utilities (SCE, PG&E, and SDG&E) on consumer access to usage and price information that will be available through California's Smart Grid infrastructure; these include a policy goal that SCE, PG&E, and SDG&E provide consumers with access to electricity price information by the end of 2010. The decision also requires that SCE, PG&E, and SDG&E provide consumers and third parties approved by consumers with collected usage data by the end of 2010, as well as requiring that SCE, PG&E and SDG&E provide those customers with smart meters and authorized third parties with access to usage data on a near real-time basis by the end of 2011. The Commission held a separate workshop on March 19, 2010 to consider the best methods for providing access to electricity prices and usage data, due to the high level of interest in the proceeding.
In 2007, The Public Utility Commission of Texas adopted, among other things, a new rule that addressed the importance of balancing the interests of customers, Retail Electric Providers (REPs), and electric utilities, with respect to advanced metering. Texas consumers own all meter data, including data from advanced meters and meter information networks. In March 2010, CenterPoint Energy and other Texas Utilities launched a Smart Meter Texas common portal and data repository to give consumers with smart meters more control over their electricity use. Consumers with installed smart meters can now view their electric usage history down to 15-minute intervals on the Internet. The Web portal was developed and is operated by IBM Corp.
Pennsylvania enacted legislation requiring electric distribution companies with over 100,000 customers to file smart-meter-technology procurement and installation plans for approval by the Public Utility Commission. The Pennsylvania Public Utilities Commission staff drafted a proposal for implementing Act 129 plans, including nondiscriminatory access to information by third parties.
Finally, in 2000, the National Association of Regulatory Utility Commissioners (NARUC) adopted a resolution urging the adoption of general privacy principles for State commissions when assessing the privacy implications of third-party use of utility-customer information. However, it does not appear that many State utility commissions have completed their assessments of access-and-privacy issues related to the Smart Grid.
All of these examples illustrate both common themes and variations in the approaches that numerous entities are taking to address the privacy and security issues inherent in the development, deployment, and implementation of Smart Grid technologies. As a result, DOE is publishing this RFI to seek broader public and private input on the privacy and security issues inherent in the development, deployment, and implementation of Smart Grid technologies. We seek comment on these specific approaches as well as information on additional approaches that are not listed here.
Request for Information
Smart Grid technologies should ensure that both states and consumers retain the flexibility to strike a range of reasonable compromises between the benefits of data collection and access, and the protection of personal privacy. As the California Public Utilities Commission noted in their December 2009 Decision, the availability of information on usage and prices in a consistent format can lead to energy management solutions that at this time we can only begin to imagine.
Balancing these important interests remains an important challenge for Smart Grid development, deployment, and implementation processes. In this RFI, DOE thus seeks input on how to best achieve this desire to foster flexibility, innovation, and consumer privacy and choice.
In addition, DOE also seeks to promote the development of Smart Grid technologies in ways that accommodate both its important national and local implications. The Smart Grid will play a critical role in achieving national priorities like enabling new ways to enhance energy efficiency, enhancing national competitiveness, improving national security by increasing our energy independence, and developing sustainable, long-term energy strategies that protect our environment and economy. But flexibility to experiment is also one of the critical benefits arising from our dual system of Federal-State sovereignty. Federal law already recognizes that Smart Grid technologies implicate traditional State interests in autonomy, utilities-regulation and privacy-management. DOE thus seeks guidance on how to best balance the complementary private and public interests implicated by Smart Grid technologies.
Finally, this request for information seeks to survey whether and how the states are implementing these obligations; whether implementation efforts support the conclusion that the requirements set out in PURPA meet the current and potential needs of utilities, consumers, and third parties; what efforts are being made to implement these requirements; and whether patterns, common practices or consensuses emerge from analysis of Start Printed Page 26206existing implementations of these requirements.
List of Questions for Commenters
The following list of questions represents a preliminary attempt to identify and respond to the issues that have been raised in a variety of public and private forums, including but limited to: DOE's historic investment in Smart Grid technology through the Smart Grid Investment Grants and the Smart Grid Demonstrations projects; Smart Grid Forum blog initiated by the Office of Science and Technology policy titled “Consumer Interface with the Smart Grid  ”; and the National Broadband Plan regarding the Smart Grid and issues of data access and collection, third party access to detailed energy information, and privacy. This list is to assist in the formulation of comments and is not intended to restrict the issues that might be addressed in the comments.
In addressing these questions or others, commenters must also recognize that this RFI is intended to assist and inform DOE's efforts to address the aspects of these questions that most directly implicate the duties and responsibilities assigned by law to DOE and the Secretary of Energy. This qualification is important because the global concept of a Smart Grid inevitably implicates the jurisdiction and expertise of many other Federal agencies as evidenced in the composition of the Federal Smart Grid Task Force, not to mention Federal law enforcement agencies, and others. DOE fully intends to respect the jurisdiction and expertise of these and other Federal entities. Consequently, comments directed to matters deemed more relevant to the jurisdiction and expertise of other Federal entities will provide little assistance relevant to this RFI.
(1) Who owns energy consumption data?
(2) Who should be entitled to privacy protections relating to energy information?
(3) What, if any, privacy practices should be implemented in protecting energy information?
(4) Should consumers be able to opt in/opt out of smart meter deployment or have control over what information is shared with utilites or third parties?
(5) What mechanisms should be made available to consumers to report concerns or problems with the smart meters?
(6) How do policies and practices address the needs of different communities, especially low-income rate payers or consumers with low literacy or limited access to broadband technologies?
(7) Which, if any, international, Federal, or State data-privacy standards are most relevant to Smart-Grid development, deployment, and implementation?
(8) Which of the potentially relevant data privacy standards are best suited to provide a framework that will provide opportunities to experiment, rewards for successful innovators, and flexible protections that can accommodate widely varying reasonable consumer expectations?
(9) Because access and privacy are complementary goods, consumers are likely to have widely varying preferences about how closely they want to control and monitor third-party access to their energy information: what mechanisms exist that would empower consumers to make a range of reasonable choices when balancing the potential benefits and detriments of both privacy and access?
(10) What security architecture provisions should be built into Smart Grid technologies to protect consumer privacy?
(11) How can DOE best implement its mission and duties in the Smart Grid while respecting the jurisdiction and expertise of other Federal entities, states and localities?
(12) When, and through what mechanisms, should authorized agents of Federal, State, or local governments gain access to energy consumption data?
(13) What third parties, if any, should have access to energy information? How should interested third-parties be able to gain access to energy consumption data, and what standards, guidelines, or practices might best assist third parties in handling and protecting this data?
(14) What forms of energy information should consumers or third parties have access to?
(15) What types of personal energy information should consumers have access to in real-time, or near real-time?
(16) What steps have the states taken to implement Smart Grid privacy, data collection, and third party use of information policies?
(17) What steps have investor owned utilities, municipalities, public power entities, and electric cooperatives taken to implement Smart Grid privacy, data collection and third party use of information policies?
(18) Should DOE consider consumer data accessibility policies when evaluating future Smart Grid grant applications?Start Signature
Issued in Washington, DC on May 5, 2010.
Scott Blake Harris,
1. e.g. municipalities, public power entities and electric cooperatives.Back to Citation
2. A smart meter is a good example of an enabling Smart Grid technology that can empower both utilities and consumers to extract value from two-way communications and real-time access to usage data. Smart meters play an important role in the success of the Smart Grid because they can generate an array of useful data including historical energy consumption data, real-time data, and price-and-demand-response data.Back to Citation
3. Dep't of Energy, What the Smart Grid Means to Americans, 2, 23 (Aug. 31, 2009), available at http://www.oe.energy.gov/DocumentsandMedia/ConsumerAdvocates.pdf.Back to Citation
4. Fed. Commc'n Comm'n, Connecting America: The National Broadband Plan, http://www.broadband.gov/plan/ (last visited Apr. 26, 2010).Back to Citation
5. Id.Back to Citation
7. Id. Section 17383.Back to Citation
8. Id. Section 17385(a).Back to Citation
9. Id.Back to Citation
10. Smart Grid Policy Statement, 128 F.E.R.C. ¶ 61,337, at 61,060-359 (Jul. 16, 2009).Back to Citation
11. Cyber Security: Before the S. Comm. On Energy and Natural Resources, 111th Cong. 1 (May 7, 2009) (Statement of Patricia Hoffman, Acting Assistant Secretary, Office of Electricity Delivery and Energy Reliability, U.S. Department of Energy).Back to Citation
13. Id. Section 2621(c)(16).Back to Citation
14. Id. Section 2622 (b)(6).Back to Citation
15. Cybersecurity Coordination Task Group, Smart Grid Cyber Security Strategy and Requirements, Draft NIST Report 7628 (Feb. 2010), available at http://csrc.nist.gov/publications/drafts/nistir-7628/draft-nistir-7628_2nd-public-draft.pdf.Back to Citation
16. Id. at 3.Back to Citation
17. Id. at 1.Back to Citation
18. Id. at 8.Back to Citation
19. Id. at 103.Back to Citation
20. Id. at 104.Back to Citation
21. Id. at 104-109.Back to Citation
22. Cal. Pub. Util. Comm'n, Order Instituting Rulemaking to Consider Smart Grid Technologies Pursuant to Federal Legislation and on the Commission's Own Motion to Actively Guide Policy in California's Development of a Smart Grid System, Pub. Util. No. 08-12-009 (Dec. 18, 2009), available at http://docs.cpuc.ca.gov/published/FINAL_DECISION/95608.htm.Back to Citation
24. Id. at 2.Back to Citation
25. Order Instituting Rulemaking to Consider Smart Grid Technologies Pursuant to Federal Legislation and on the Commission's Own Motion to Actively Guide Policy in California's Development of a Smart Grid System, http://docs.cpuc.ca.gov/published/FINAL_DECISION/95608.htm.Back to Citation
26. Id. at 3.Back to Citation
27. Tex. Util. Code Ann. § 39.107(b) (Vernon Supp. 2009).Back to Citation
28. Houston Business Journal, CenterPoint, state launch Smart Meter portal, March 22, 2010, available at http://houston.bizjournals.com/houston/stories/2010/03/22/daily28.html.Back to Citation
29. Act 2008-129, 66 Pa. C.S. § 2807(f) (Nov. 14, 2008).Back to Citation
30. Lisa Schwartz , State Policies on Smart Grid, (2009), available at http://www.raponline.org/docs/RAP_Schwartz_StatePolicyonSmartGrid_2009_05_13.pdf.Back to Citation
31. National Association Of Regulatory Utility Commissioners, Resolution Urging the Adoption of General Privacy Principles For State Commission Use in Considering the Privacy implications of the Use of Utility Customer Information, available at http://www.naruc.org/Resolutions/privacy_principles.pdf.Back to Citation
32. Order Instituting Rulemaking to Consider Smart Grid Technologies Pursuant to Federal Legislation and on the Commission's Own Motion to Actively Guide Policy in California's Development of a Smart Grid System, http://docs.cpuc.ca.gov/published/FINAL_DECISION/95608.htm at 4.1.2.Back to Citation
33. TMCnet, Consumer Interface with the Smart Grid, http://sip-trunking.tmcnet.com/news/2010/02/09/4613238.htm (last visited Apr. 27, 2010)Back to Citation
[FR Doc. 2010-11127 Filed 5-10-10; 8:45 am]
BILLING CODE 6450-01-P