Implementing the National Broadband Plan by Empowering Consumers and the Smart Grid: Data Access, Third Party Use, and Privacy, 26203-26206 [2010-11127]

Agencies

• DEPARTMENT OF ENERGY

[Federal Register Volume 75, Number 90 (Tuesday, May 11, 2010)]
[Notices]
[Pages 26203-26206]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: 2010-11127]


-----------------------------------------------------------------------

 DEPARTMENT OF ENERGY


Implementing the National Broadband Plan by Empowering Consumers 
and the Smart Grid: Data Access, Third Party Use, and Privacy

AGENCY: Department of Energy.

ACTION: Request for Information.

-----------------------------------------------------------------------

SUMMARY: The Department of Energy (DOE) is seeking comments and 
information from interested parties to assist DOE in understanding 
current and potential practices and policies for the states and other 
entities \1\ to empower consumers (and perhaps others) through access 
to detailed energy information in electronic form--including real-time 
information from smart meters, historical consumption data, and pricing 
and billing information. This request for information (RFI) asks 
interested parties, including industry, consumer groups and State 
governments, to report on State efforts to enact Smart Grid privacy and 
data collection policies. This RFI also seeks input regarding 
individual utility practices and policies regarding data access and 
collection; third party access to detailed energy information; and the 
role of the consumer in balancing the benefits of access and privacy. 
Finally, this RFI seeks comment on what policies and practices should 
guide policymakers in determining who can access consumers' energy 
information and under what conditions.
---------------------------------------------------------------------------

    \1\ e.g. municipalities, public power entities and electric 
cooperatives.

DATES: Comments must be postmarked by no later than July 12, 2010. 
---------------------------------------------------------------------------
Reply comments must be postmarked by no later than July 26, 2010.

ADDRESSES: You may submit comments, identified by ``NBP RFI: Data 
Access,'' by any of the following methods:
    Federal eRulemaking Portal: https://www.regulations.gov. Follow the 
instructions for submitting comments.
    E-mail: broadband@hq.doe.gov. Include ``NBP RFI: Data Access'' in 
the subject line of the message.
    Mail: U.S. Department of Energy, Office of the General Counsel, 
1000 Independence Avenue, SW., Room 6A245, Washington, DC 20585.

FOR FURTHER INFORMATION CONTACT:
    Maureen C. McLaughlin, Senior Legal Advisor to the General Counsel 
(202) 586-5281; broadband@hq.doe.gov.
    For Media Inquires you may contact Jen Stutsman at 202-586-4940.

SUPPLEMENTARY INFORMATION: 

Introduction

    The promise \2\ of the Smart Grid is enormous and includes improved 
reliability, flexibility and power quality, reduction in peak demand, 
reduction in transmission congestion costs, environmental benefits 
gained by increased asset utilization, increased security, increased 
energy efficiency and increased durability and ease of repair in 
response to attacks or natural disasters. But the Smart Grid also 
presents new challenges. In particular, many of its benefits could be 
reduced or delayed and avoidable harms caused unless the Smart Grid 
adequately respects consumers' reasonable--and often widely differing--
expectations of privacy, expectations that could be compromised if 
detailed household energy consumption data is made too readily 
available, too inaccessible, or incorrectly anonymized. The Smart Grid 
is also likely to create a far more interactive relationship between 
utilities and consumers that will raise new questions about how to 
ensure that detailed energy data is properly collected, reported, 
managed, shared and disclosed in ways that are both lawful and 
adequately transparent to consumers.\3\
---------------------------------------------------------------------------

    \2\ A smart meter is a good example of an enabling Smart Grid 
technology that can empower both utilities and consumers to extract 
value from two-way communications and real-time access to usage 
data. Smart meters play an important role in the success of the 
Smart Grid because they can generate an array of useful data 
including historical energy consumption data, real-time data, and 
price-and-demand-response data.
    \3\ Dep't of Energy, What the Smart Grid Means to Americans, 2, 
23 (Aug. 31, 2009), available at https://www.oe.energy.gov/DocumentsandMedia/ConsumerAdvocates.pdf.
---------------------------------------------------------------------------

    This RFI seeks to collect information and open a dialogue about the 
challenges inherent in empowering consumers, utilities, and third 
parties to realize the many potential benefits of the Smart Grid, while 
protecting reasonable consumer expectations of privacy and security, 
and ease-of-access and providing the flexibility to manage both.
    In the context of the Smart Grid, privacy and access are not so 
much conflicting goals as they are complementary goods: the value of 
the Smart Grid to consumers, utilities, and third parties depends upon 
its capacity to encourage and accommodate unpredicted innovations while 
making usage data reasonably available to those who should have it and 
respecting consumers' reasonable interests in choosing how to balance 
the benefits of access against the protection of personal privacy and 
security. Only solutions that accommodate all of these critical values 
will maximize the value of the Smart Grid to consumers, utilities, 
third-party service providers and innovators, and State and Federal 
governments.

Background

    In early 2009, Congress directed the Federal Communications 
Commission (``FCC'') to create the recently released National Broadband 
Plan (``NBP'').\4\ As Congress instructed, the NBP makes 
recommendations to various government entities, including Executive 
Branch agencies like DOE. In particular, the NBP recommended that DOE 
should consider consumer data accessibility policies when evaluating 
Smart Grid grant applications, report on states' progress toward 
enacting consumer data accessibility policies, and develop best-
practices guidance for the states.\5\ More generally, the NBP's 
recommendations seek to modernize the electric grid with broadband by 
increasing reliability and efficiency, to unleash energy innovation in 
homes and buildings by making energy-usage data readily accessible to 
consumers, and to improve the energy efficiency and environmental 
impact of the Information and Communication Technologies (ICT) sector 
by integrating broadband into the developing Smart Grid.
---------------------------------------------------------------------------

    \4\ Fed. Commc'n Comm'n, Connecting America: The National 
Broadband Plan, https://www.broadband.gov/plan/ (last visited Apr. 
26, 2010).
    \5\ Id.
---------------------------------------------------------------------------

    These new recommendations recognize and build upon DOE's years

[[Page 26204]]

of ongoing efforts to assess, implement and deploy Smart Grid 
technologies. These ongoing efforts implement existing legislation 
intended to encourage the use of such technologies to attain greater 
energy independence and security.
    The Energy Independence and Security Act (EISA) of 2007 established 
``modernization of the nation's electricity transmission and 
distribution system'' as a U.S. policy goal.\6\ Among other things, 
EISA directed DOE to establish a Smart Grid Task Force whose 
responsibilities include developing widely accepted smart-grid 
standards and protocols.\7\ EISA also directed the National Institute 
of Standards and Technologies (NIST) to develop a framework of 
standards and protocols to ensure interoperability and security for the 
Smart Grid.\8\ Once the Federal Energy Regulatory Commission (FERC) 
concludes that NIST has developed ``sufficient consensus,'' EISA then 
directs FERC to ``institute a rulemaking proceeding to adopt such 
standards and protocols as may be necessary to insure smart-grid 
functionality and interoperability in interstate transmission of 
electric power, and regional and wholesale electricity markets.'' \9\ 
On July 16, 2009, FERC issued a Policy Statement on Smart Grid Policy, 
which acknowledged that EISA does not make any such standards mandatory 
and gave FERC no new authority to enforce such standards.\10\ For more 
than two years, DOE-NIST-FERC coordination on these standards has been 
ongoing through the Federal Smart Grid Task Force, the EISA-mandated 
group that involves agencies from across the Federal government.\11\
---------------------------------------------------------------------------

    \6\ 42 U.S.C. 17381 (2010).
    \7\ Id. Section 17383.
    \8\ Id. Section 17385(a).
    \9\ Id.
    \10\ Smart Grid Policy Statement, 128 F.E.R.C. ] 61,337, at 
61,060-359 (Jul. 16, 2009).
    \11\ Cyber Security: Before the S. Comm. On Energy and Natural 
Resources, 111th Cong. 1 (May 7, 2009) (Statement of Patricia 
Hoffman, Acting Assistant Secretary, Office of Electricity Delivery 
and Energy Reliability, U.S. Department of Energy).
---------------------------------------------------------------------------

    Section 1307 of EISA also amended section 111(d) of the Public 
Utilities Regulatory Policy Act (PURPA) by adding two paragraphs 
regarding the Smart Grid, paragraphs 18 and 19 in 16 U.S.C. 
2621(d).\12\ As amended, PURPA requires states and other entities to 
decide whether to adopt a policy requiring its electric utilities to 
show why they did not invest in qualified smart grid technologies 
before investing in non-advanced grid technologies.\13\ In addition, 
states and other entities must consider imposing requirements for 
information disclosure to customers and others regarding price, usage, 
intervals and projection, sources and customer access to their own 
electric consumption information at any time through the Internet or 
other means elected by the utility for Smart Grid applications. EISA 
requires that states and other entities make such decisions no later 
than 2 years after December 19, 2007.\14\
---------------------------------------------------------------------------

    \12\ Public Utilities Regulatory Policy Act of 1978, 16 U.S.C. 
2621(d) (2010).
    \13\ Id. Section 2621(c)(16).
    \14\ Id. Section 2622(b)(6).
---------------------------------------------------------------------------

DOE's Preliminary Review of Some Ongoing Federal and State Efforts to 
Implement the Smart Grid-Related Obligations Imposed by EISA and PURPA

    To advance its ongoing policies and programs, to implement certain 
recommendations in the NBP, and to focus this RFI, DOE initiated an 
informal, high-level review of the status of ongoing Federal, State, 
and private efforts to implement the Smart Grid related provisions of 
EISA and PURPA. Even this informal review reveals some of the important 
issues arising as Federal, State and private entities have begun 
developing, deploying, and implementing Smart Grid technologies. The 
following summary is intended to highlight a few of these issues.
    Various entities are consulting an array of guidelines and 
principles when framing their approaches to access-and-privacy issues. 
For example, to further coordinate development of a framework to 
achieve interoperability of Smart Grid devices and systems, including 
protocols and model standards for information management, NIST released 
Draft Interagency Report 7628 (Feb. 2010)--Smart Grid Cyber Security: 
Strategy and Requirements.\15\ This Draft NISTIR was developed by 
members of the Smart Grid Interoperability Panel-Cyber Security Working 
Group (SGIP-CSWG).\16\ The Draft Report focuses on security and 
privacy, two areas that will be important to the success of Smart-Grid 
development, deployment and implementation.\17\
---------------------------------------------------------------------------

    \15\ Cybersecurity Coordination Task Group, Smart Grid Cyber 
Security Strategy and Requirements, Draft NIST Report 7628 (Feb. 
2010), available at https://csrc.nist.gov/publications/drafts/nistir-7628/draft-nistir-7628_2nd-public-draft.pdf.
    \16\ Id. at 3.
    \17\ Id. at 1.
---------------------------------------------------------------------------

    The SGIP-CSWG Privacy Sub-group conducted a high-level privacy 
impact assessment (PIA) for the consumer-to-utility portion of the 
Smart Grid and considered the privacy impacts and risks throughout the 
entire Smart Grid structure. While the evolving Smart Grid will provide 
enormous societal benefits including better asset utilization and grid 
reliability, it will also present potential privacy risks. The ability 
to access, analyze and respond to much more precise and detailed data 
from all levels of the electric grid is one of the major benefits of 
the Smart Grid, but those benefits could be lost or substantially 
delayed unless consumers recognize that Smart Grid technologies also 
respect their reasonable expectations of privacy and data security, 
particularly when usage data and data extrapolations can be associated 
with individual consumers or locations.\18\ The PIA also noted that 
State utility commissions currently lack formal privacy policies or 
standards related to the Smart Grid, and that comprehensive and 
consistent definitions of privacy-affecting information with respect to 
the Smart Grid typically do not exist at State or Federal regulatory 
levels, or within the utility industry.\19\
---------------------------------------------------------------------------

    \18\ Id. at 8.
    \19\ Id. at 103.
---------------------------------------------------------------------------

    As a result of the assessment, the Privacy Sub-group developed a 
preliminary set of privacy principles using the following sets of 
widely accepted privacy principles: The OECD Privacy Principles, the 
Generally Accepted Privacy Principles (GAPP), and principles from the 
international information security standard ISO/IEC 27001. The Sub-
group considered these to be very general privacy principles designed 
to be applicable across a broad range of industries; they are not 
mandatory requirements.\20\ These privacy principles are: Management 
and accountability; notice and purpose; choice and consent; collection 
and scope; use and retention; individual access; disclosure and 
limiting use; security and safeguards; accuracy and quality; and, 
openness, monitoring, and challenging compliance.\21\
---------------------------------------------------------------------------

    \20\ Id. at 104.
    \21\ Id. at 104-109.
---------------------------------------------------------------------------

    Another potential framework for considering privacy and consumer 
security issues is the Fair Information Practice Principles (FIPPs) 
adopted by the U.S. Department of Homeland Security (DHS).\22\ The 
FIPPs form the basis of the Department's privacy compliance policies 
and procedures governing the use of personally identifiable information 
(PII). These

[[Page 26205]]

principles are: Transparency, Individual Participation, Purpose 
Specification, Data Minimization, Use Limitation, Data Quality and 
Integrity, Security, and Accountability and Auditing.\23\
---------------------------------------------------------------------------

    \22\ Cal. Pub. Util. Comm'n, Order Instituting Rulemaking to 
Consider Smart Grid Technologies Pursuant to Federal Legislation and 
on the Commission's Own Motion to Actively Guide Policy in 
California's Development of a Smart Grid System, Pub. Util. No. 08-
12-009 (Dec. 18, 2009), available at https://docs.cpuc.ca.gov/published/FINAL_DECISION/95608.htm.
    \23\ Department of Homeland Security, Privacy Policy Guidance 
Memorandum 2008-01 (2008), available at https://www.dhs.gov/xlibrary/assets/privacy/privacy_policyguide_2008-01.pdf.
---------------------------------------------------------------------------

    The FIPPs are a widely accepted framework that implement the core 
provisions of the Privacy Act of 1974 and are mirrored in the laws of 
many U.S. states, as well as the laws of many foreign nations and 
international organizations.\24\
---------------------------------------------------------------------------

    \24\ Id. at 2.
---------------------------------------------------------------------------

    While Federal entities have been analyzing the privacy and security 
implications of the Smart Grid, State public utilities commissions have 
been conducting their own inquiries and rulemakings on consumer access 
to energy-usage data. For example, on December 29, 2009, the California 
Public Utilities Commission issued Decision 09-12-046, Decision 
Adopting Policies and Findings Pursuant to the Smart Grid Policies. 
\25\
---------------------------------------------------------------------------

    \25\ Order Instituting Rulemaking to Consider Smart Grid 
Technologies Pursuant to Federal Legislation and on the Commission's 
Own Motion to Actively Guide Policy in California's Development of a 
Smart Grid System, https://docs.cpuc.ca.gov/published/FINAL_DECISION/95608.htm.
---------------------------------------------------------------------------

    The decision adopts policies for the three major investor-owned 
public utilities (SCE, PG&E, and SDG&E) on consumer access to usage and 
price information that will be available through California's Smart 
Grid infrastructure; these include a policy goal that SCE, PG&E, and 
SDG&E provide consumers with access to electricity price information by 
the end of 2010. The decision also requires that SCE, PG&E, and SDG&E 
provide consumers and third parties approved by consumers with 
collected usage data by the end of 2010, as well as requiring that SCE, 
PG&E and SDG&E provide those customers with smart meters and authorized 
third parties with access to usage data on a near real-time basis by 
the end of 2011.\26\ The Commission held a separate workshop on March 
19, 2010 to consider the best methods for providing access to 
electricity prices and usage data, due to the high level of interest in 
the proceeding.
---------------------------------------------------------------------------

    \26\ Id. at 3.
---------------------------------------------------------------------------

    In 2007, The Public Utility Commission of Texas adopted, among 
other things, a new rule that addressed the importance of balancing the 
interests of customers, Retail Electric Providers (REPs), and electric 
utilities, with respect to advanced metering. Texas consumers own all 
meter data, including data from advanced meters and meter information 
networks.\27\ In March 2010, CenterPoint Energy and other Texas 
Utilities launched a Smart Meter Texas common portal and data 
repository to give consumers with smart meters more control over their 
electricity use. Consumers with installed smart meters can now view 
their electric usage history down to 15-minute intervals on the 
Internet. The Web portal was developed and is operated by IBM Corp.\28\
---------------------------------------------------------------------------

    \27\ Tex. Util. Code Ann. Sec.  39.107(b) (Vernon Supp. 2009).
    \28\ Houston Business Journal, CenterPoint, state launch Smart 
Meter portal, March 22, 2010, available at https://houston.bizjournals.com/houston/stories/2010/03/22/daily28.html.
---------------------------------------------------------------------------

    Pennsylvania enacted legislation requiring electric distribution 
companies with over 100,000 customers to file smart-meter-technology 
procurement and installation plans for approval by the Public Utility 
Commission.\29\ The Pennsylvania Public Utilities Commission staff 
drafted a proposal for implementing Act 129 plans, including 
nondiscriminatory access to information by third parties.\30\
---------------------------------------------------------------------------

    \29\ Act 2008-129, 66 Pa. C.S. Sec.  2807(f) (Nov. 14, 2008).
    \30\ Lisa Schwartz, State Policies on Smart Grid, (2009), 
available at https://www.raponline.org/docs/RAP_Schwartz_StatePolicyonSmartGrid_2009_05_13.pdf.
---------------------------------------------------------------------------

    Finally, in 2000, the National Association of Regulatory Utility 
Commissioners (NARUC) adopted a resolution urging the adoption of 
general privacy principles for State commissions when assessing the 
privacy implications of third-party use of utility-customer 
information.\31\ However, it does not appear that many State utility 
commissions have completed their assessments of access-and-privacy 
issues related to the Smart Grid.
---------------------------------------------------------------------------

    \31\ National Association Of Regulatory Utility Commissioners, 
Resolution Urging the Adoption of General Privacy Principles For 
State Commission Use in Considering the Privacy implications of the 
Use of Utility Customer Information, available at https://www.naruc.org/Resolutions/privacy_principles.pdf.
---------------------------------------------------------------------------

    All of these examples illustrate both common themes and variations 
in the approaches that numerous entities are taking to address the 
privacy and security issues inherent in the development, deployment, 
and implementation of Smart Grid technologies. As a result, DOE is 
publishing this RFI to seek broader public and private input on the 
privacy and security issues inherent in the development, deployment, 
and implementation of Smart Grid technologies. We seek comment on these 
specific approaches as well as information on additional approaches 
that are not listed here.

Request for Information

    Smart Grid technologies should ensure that both states and 
consumers retain the flexibility to strike a range of reasonable 
compromises between the benefits of data collection and access, and the 
protection of personal privacy. As the California Public Utilities 
Commission noted in their December 2009 Decision, the availability of 
information on usage and prices in a consistent format can lead to 
energy management solutions that at this time we can only begin to 
imagine.\32\
---------------------------------------------------------------------------

    \32\ Order Instituting Rulemaking to Consider Smart Grid 
Technologies Pursuant to Federal Legislation and on the Commission's 
Own Motion to Actively Guide Policy in California's Development of a 
Smart Grid System, https://docs.cpuc.ca.gov/published/FINAL_DECISION/95608.htm at 4.1.2.
---------------------------------------------------------------------------

    Balancing these important interests remains an important challenge 
for Smart Grid development, deployment, and implementation processes. 
In this RFI, DOE thus seeks input on how to best achieve this desire to 
foster flexibility, innovation, and consumer privacy and choice.
    In addition, DOE also seeks to promote the development of Smart 
Grid technologies in ways that accommodate both its important national 
and local implications. The Smart Grid will play a critical role in 
achieving national priorities like enabling new ways to enhance energy 
efficiency, enhancing national competitiveness, improving national 
security by increasing our energy independence, and developing 
sustainable, long-term energy strategies that protect our environment 
and economy. But flexibility to experiment is also one of the critical 
benefits arising from our dual system of Federal-State sovereignty. 
Federal law already recognizes that Smart Grid technologies implicate 
traditional State interests in autonomy, utilities-regulation and 
privacy-management. DOE thus seeks guidance on how to best balance the 
complementary private and public interests implicated by Smart Grid 
technologies.
    Finally, this request for information seeks to survey whether and 
how the states are implementing these obligations; whether 
implementation efforts support the conclusion that the requirements set 
out in PURPA meet the current and potential needs of utilities, 
consumers, and third parties; what efforts are being made to implement 
these requirements; and whether patterns, common practices or 
consensuses emerge from analysis of

[[Page 26206]]

existing implementations of these requirements.

List of Questions for Commenters

    The following list of questions represents a preliminary attempt to 
identify and respond to the issues that have been raised in a variety 
of public and private forums, including but limited to: DOE's historic 
investment in Smart Grid technology through the Smart Grid Investment 
Grants and the Smart Grid Demonstrations projects; Smart Grid Forum 
blog initiated by the Office of Science and Technology policy titled 
``Consumer Interface with the Smart Grid \33\''; and the National 
Broadband Plan regarding the Smart Grid and issues of data access and 
collection, third party access to detailed energy information, and 
privacy. This list is to assist in the formulation of comments and is 
not intended to restrict the issues that might be addressed in the 
comments.
---------------------------------------------------------------------------

    \33\ TMCnet, Consumer Interface with the Smart Grid, https://sip-trunking.tmcnet.com/news/2010/02/09/4613238.htm (last visited Apr. 
27, 2010)
---------------------------------------------------------------------------

    In addressing these questions or others, commenters must also 
recognize that this RFI is intended to assist and inform DOE's efforts 
to address the aspects of these questions that most directly implicate 
the duties and responsibilities assigned by law to DOE and the 
Secretary of Energy. This qualification is important because the global 
concept of a Smart Grid inevitably implicates the jurisdiction and 
expertise of many other Federal agencies as evidenced in the 
composition of the Federal Smart Grid Task Force, not to mention 
Federal law enforcement agencies, and others. DOE fully intends to 
respect the jurisdiction and expertise of these and other Federal 
entities. Consequently, comments directed to matters deemed more 
relevant to the jurisdiction and expertise of other Federal entities 
will provide little assistance relevant to this RFI.
    (1) Who owns energy consumption data?
    (2) Who should be entitled to privacy protections relating to 
energy information?
    (3) What, if any, privacy practices should be implemented in 
protecting energy information?
    (4) Should consumers be able to opt in/opt out of smart meter 
deployment or have control over what information is shared with 
utilites or third parties?
    (5) What mechanisms should be made available to consumers to report 
concerns or problems with the smart meters?
    (6) How do policies and practices address the needs of different 
communities, especially low-income rate payers or consumers with low 
literacy or limited access to broadband technologies?
    (7) Which, if any, international, Federal, or State data-privacy 
standards are most relevant to Smart-Grid development, deployment, and 
implementation?
    (8) Which of the potentially relevant data privacy standards are 
best suited to provide a framework that will provide opportunities to 
experiment, rewards for successful innovators, and flexible protections 
that can accommodate widely varying reasonable consumer expectations?
    (9) Because access and privacy are complementary goods, consumers 
are likely to have widely varying preferences about how closely they 
want to control and monitor third-party access to their energy 
information: what mechanisms exist that would empower consumers to make 
a range of reasonable choices when balancing the potential benefits and 
detriments of both privacy and access?
    (10) What security architecture provisions should be built into 
Smart Grid technologies to protect consumer privacy?
    (11) How can DOE best implement its mission and duties in the Smart 
Grid while respecting the jurisdiction and expertise of other Federal 
entities, states and localities?
    (12) When, and through what mechanisms, should authorized agents of 
Federal, State, or local governments gain access to energy consumption 
data?
    (13) What third parties, if any, should have access to energy 
information? How should interested third-parties be able to gain access 
to energy consumption data, and what standards, guidelines, or 
practices might best assist third parties in handling and protecting 
this data?
    (14) What forms of energy information should consumers or third 
parties have access to?
    (15) What types of personal energy information should consumers 
have access to in real-time, or near real-time?
    (16) What steps have the states taken to implement Smart Grid 
privacy, data collection, and third party use of information policies?
    (17) What steps have investor owned utilities, municipalities, 
public power entities, and electric cooperatives taken to implement 
Smart Grid privacy, data collection and third party use of information 
policies?
    (18) Should DOE consider consumer data accessibility policies when 
evaluating future Smart Grid grant applications?

    Issued in Washington, DC on May 5, 2010.
Scott Blake Harris,
General Counsel.
[FR Doc. 2010-11127 Filed 5-10-10; 8:45 am]
BILLING CODE 6450-01-P