[Federal Register Volume 75, Number 90 (Tuesday, May 11, 2010)]
[Notices]
[Pages 26203-26206]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2010-11127]
-----------------------------------------------------------------------
DEPARTMENT OF ENERGY
Implementing the National Broadband Plan by Empowering Consumers
and the Smart Grid: Data Access, Third Party Use, and Privacy
AGENCY: Department of Energy.
ACTION: Request for Information.
-----------------------------------------------------------------------
SUMMARY: The Department of Energy (DOE) is seeking comments and
information from interested parties to assist DOE in understanding
current and potential practices and policies for the states and other
entities \1\ to empower consumers (and perhaps others) through access
to detailed energy information in electronic form--including real-time
information from smart meters, historical consumption data, and pricing
and billing information. This request for information (RFI) asks
interested parties, including industry, consumer groups and State
governments, to report on State efforts to enact Smart Grid privacy and
data collection policies. This RFI also seeks input regarding
individual utility practices and policies regarding data access and
collection; third party access to detailed energy information; and the
role of the consumer in balancing the benefits of access and privacy.
Finally, this RFI seeks comment on what policies and practices should
guide policymakers in determining who can access consumers' energy
information and under what conditions.
---------------------------------------------------------------------------
\1\ e.g. municipalities, public power entities and electric
cooperatives.
DATES: Comments must be postmarked by no later than July 12, 2010.
---------------------------------------------------------------------------
Reply comments must be postmarked by no later than July 26, 2010.
ADDRESSES: You may submit comments, identified by ``NBP RFI: Data
Access,'' by any of the following methods:
Federal eRulemaking Portal: http://www.regulations.gov. Follow the
instructions for submitting comments.
E-mail: [email protected]. Include ``NBP RFI: Data Access'' in
the subject line of the message.
Mail: U.S. Department of Energy, Office of the General Counsel,
1000 Independence Avenue, SW., Room 6A245, Washington, DC 20585.
FOR FURTHER INFORMATION CONTACT:
Maureen C. McLaughlin, Senior Legal Advisor to the General Counsel
(202) 586-5281; [email protected].
For Media Inquires you may contact Jen Stutsman at 202-586-4940.
SUPPLEMENTARY INFORMATION:
Introduction
The promise \2\ of the Smart Grid is enormous and includes improved
reliability, flexibility and power quality, reduction in peak demand,
reduction in transmission congestion costs, environmental benefits
gained by increased asset utilization, increased security, increased
energy efficiency and increased durability and ease of repair in
response to attacks or natural disasters. But the Smart Grid also
presents new challenges. In particular, many of its benefits could be
reduced or delayed and avoidable harms caused unless the Smart Grid
adequately respects consumers' reasonable--and often widely differing--
expectations of privacy, expectations that could be compromised if
detailed household energy consumption data is made too readily
available, too inaccessible, or incorrectly anonymized. The Smart Grid
is also likely to create a far more interactive relationship between
utilities and consumers that will raise new questions about how to
ensure that detailed energy data is properly collected, reported,
managed, shared and disclosed in ways that are both lawful and
adequately transparent to consumers.\3\
---------------------------------------------------------------------------
\2\ A smart meter is a good example of an enabling Smart Grid
technology that can empower both utilities and consumers to extract
value from two-way communications and real-time access to usage
data. Smart meters play an important role in the success of the
Smart Grid because they can generate an array of useful data
including historical energy consumption data, real-time data, and
price-and-demand-response data.
\3\ Dep't of Energy, What the Smart Grid Means to Americans, 2,
23 (Aug. 31, 2009), available at http://www.oe.energy.gov/DocumentsandMedia/ConsumerAdvocates.pdf.
---------------------------------------------------------------------------
This RFI seeks to collect information and open a dialogue about the
challenges inherent in empowering consumers, utilities, and third
parties to realize the many potential benefits of the Smart Grid, while
protecting reasonable consumer expectations of privacy and security,
and ease-of-access and providing the flexibility to manage both.
In the context of the Smart Grid, privacy and access are not so
much conflicting goals as they are complementary goods: the value of
the Smart Grid to consumers, utilities, and third parties depends upon
its capacity to encourage and accommodate unpredicted innovations while
making usage data reasonably available to those who should have it and
respecting consumers' reasonable interests in choosing how to balance
the benefits of access against the protection of personal privacy and
security. Only solutions that accommodate all of these critical values
will maximize the value of the Smart Grid to consumers, utilities,
third-party service providers and innovators, and State and Federal
governments.
Background
In early 2009, Congress directed the Federal Communications
Commission (``FCC'') to create the recently released National Broadband
Plan (``NBP'').\4\ As Congress instructed, the NBP makes
recommendations to various government entities, including Executive
Branch agencies like DOE. In particular, the NBP recommended that DOE
should consider consumer data accessibility policies when evaluating
Smart Grid grant applications, report on states' progress toward
enacting consumer data accessibility policies, and develop best-
practices guidance for the states.\5\ More generally, the NBP's
recommendations seek to modernize the electric grid with broadband by
increasing reliability and efficiency, to unleash energy innovation in
homes and buildings by making energy-usage data readily accessible to
consumers, and to improve the energy efficiency and environmental
impact of the Information and Communication Technologies (ICT) sector
by integrating broadband into the developing Smart Grid.
---------------------------------------------------------------------------
\4\ Fed. Commc'n Comm'n, Connecting America: The National
Broadband Plan, http://www.broadband.gov/plan/ (last visited Apr.
26, 2010).
\5\ Id.
---------------------------------------------------------------------------
These new recommendations recognize and build upon DOE's years
[[Page 26204]]
of ongoing efforts to assess, implement and deploy Smart Grid
technologies. These ongoing efforts implement existing legislation
intended to encourage the use of such technologies to attain greater
energy independence and security.
The Energy Independence and Security Act (EISA) of 2007 established
``modernization of the nation's electricity transmission and
distribution system'' as a U.S. policy goal.\6\ Among other things,
EISA directed DOE to establish a Smart Grid Task Force whose
responsibilities include developing widely accepted smart-grid
standards and protocols.\7\ EISA also directed the National Institute
of Standards and Technologies (NIST) to develop a framework of
standards and protocols to ensure interoperability and security for the
Smart Grid.\8\ Once the Federal Energy Regulatory Commission (FERC)
concludes that NIST has developed ``sufficient consensus,'' EISA then
directs FERC to ``institute a rulemaking proceeding to adopt such
standards and protocols as may be necessary to insure smart-grid
functionality and interoperability in interstate transmission of
electric power, and regional and wholesale electricity markets.'' \9\
On July 16, 2009, FERC issued a Policy Statement on Smart Grid Policy,
which acknowledged that EISA does not make any such standards mandatory
and gave FERC no new authority to enforce such standards.\10\ For more
than two years, DOE-NIST-FERC coordination on these standards has been
ongoing through the Federal Smart Grid Task Force, the EISA-mandated
group that involves agencies from across the Federal government.\11\
---------------------------------------------------------------------------
\6\ 42 U.S.C. 17381 (2010).
\7\ Id. Section 17383.
\8\ Id. Section 17385(a).
\9\ Id.
\10\ Smart Grid Policy Statement, 128 F.E.R.C. ] 61,337, at
61,060-359 (Jul. 16, 2009).
\11\ Cyber Security: Before the S. Comm. On Energy and Natural
Resources, 111th Cong. 1 (May 7, 2009) (Statement of Patricia
Hoffman, Acting Assistant Secretary, Office of Electricity Delivery
and Energy Reliability, U.S. Department of Energy).
---------------------------------------------------------------------------
Section 1307 of EISA also amended section 111(d) of the Public
Utilities Regulatory Policy Act (PURPA) by adding two paragraphs
regarding the Smart Grid, paragraphs 18 and 19 in 16 U.S.C.
2621(d).\12\ As amended, PURPA requires states and other entities to
decide whether to adopt a policy requiring its electric utilities to
show why they did not invest in qualified smart grid technologies
before investing in non-advanced grid technologies.\13\ In addition,
states and other entities must consider imposing requirements for
information disclosure to customers and others regarding price, usage,
intervals and projection, sources and customer access to their own
electric consumption information at any time through the Internet or
other means elected by the utility for Smart Grid applications. EISA
requires that states and other entities make such decisions no later
than 2 years after December 19, 2007.\14\
---------------------------------------------------------------------------
\12\ Public Utilities Regulatory Policy Act of 1978, 16 U.S.C.
2621(d) (2010).
\13\ Id. Section 2621(c)(16).
\14\ Id. Section 2622(b)(6).
---------------------------------------------------------------------------
DOE's Preliminary Review of Some Ongoing Federal and State Efforts to
Implement the Smart Grid-Related Obligations Imposed by EISA and PURPA
To advance its ongoing policies and programs, to implement certain
recommendations in the NBP, and to focus this RFI, DOE initiated an
informal, high-level review of the status of ongoing Federal, State,
and private efforts to implement the Smart Grid related provisions of
EISA and PURPA. Even this informal review reveals some of the important
issues arising as Federal, State and private entities have begun
developing, deploying, and implementing Smart Grid technologies. The
following summary is intended to highlight a few of these issues.
Various entities are consulting an array of guidelines and
principles when framing their approaches to access-and-privacy issues.
For example, to further coordinate development of a framework to
achieve interoperability of Smart Grid devices and systems, including
protocols and model standards for information management, NIST released
Draft Interagency Report 7628 (Feb. 2010)--Smart Grid Cyber Security:
Strategy and Requirements.\15\ This Draft NISTIR was developed by
members of the Smart Grid Interoperability Panel-Cyber Security Working
Group (SGIP-CSWG).\16\ The Draft Report focuses on security and
privacy, two areas that will be important to the success of Smart-Grid
development, deployment and implementation.\17\
---------------------------------------------------------------------------
\15\ Cybersecurity Coordination Task Group, Smart Grid Cyber
Security Strategy and Requirements, Draft NIST Report 7628 (Feb.
2010), available at http://csrc.nist.gov/publications/drafts/nistir-7628/draft-nistir-7628_2nd-public-draft.pdf.
\16\ Id. at 3.
\17\ Id. at 1.
---------------------------------------------------------------------------
The SGIP-CSWG Privacy Sub-group conducted a high-level privacy
impact assessment (PIA) for the consumer-to-utility portion of the
Smart Grid and considered the privacy impacts and risks throughout the
entire Smart Grid structure. While the evolving Smart Grid will provide
enormous societal benefits including better asset utilization and grid
reliability, it will also present potential privacy risks. The ability
to access, analyze and respond to much more precise and detailed data
from all levels of the electric grid is one of the major benefits of
the Smart Grid, but those benefits could be lost or substantially
delayed unless consumers recognize that Smart Grid technologies also
respect their reasonable expectations of privacy and data security,
particularly when usage data and data extrapolations can be associated
with individual consumers or locations.\18\ The PIA also noted that
State utility commissions currently lack formal privacy policies or
standards related to the Smart Grid, and that comprehensive and
consistent definitions of privacy-affecting information with respect to
the Smart Grid typically do not exist at State or Federal regulatory
levels, or within the utility industry.\19\
---------------------------------------------------------------------------
\18\ Id. at 8.
\19\ Id. at 103.
---------------------------------------------------------------------------
As a result of the assessment, the Privacy Sub-group developed a
preliminary set of privacy principles using the following sets of
widely accepted privacy principles: The OECD Privacy Principles, the
Generally Accepted Privacy Principles (GAPP), and principles from the
international information security standard ISO/IEC 27001. The Sub-
group considered these to be very general privacy principles designed
to be applicable across a broad range of industries; they are not
mandatory requirements.\20\ These privacy principles are: Management
and accountability; notice and purpose; choice and consent; collection
and scope; use and retention; individual access; disclosure and
limiting use; security and safeguards; accuracy and quality; and,
openness, monitoring, and challenging compliance.\21\
---------------------------------------------------------------------------
\20\ Id. at 104.
\21\ Id. at 104-109.
---------------------------------------------------------------------------
Another potential framework for considering privacy and consumer
security issues is the Fair Information Practice Principles (FIPPs)
adopted by the U.S. Department of Homeland Security (DHS).\22\ The
FIPPs form the basis of the Department's privacy compliance policies
and procedures governing the use of personally identifiable information
(PII). These
[[Page 26205]]
principles are: Transparency, Individual Participation, Purpose
Specification, Data Minimization, Use Limitation, Data Quality and
Integrity, Security, and Accountability and Auditing.\23\
---------------------------------------------------------------------------
\22\ Cal. Pub. Util. Comm'n, Order Instituting Rulemaking to
Consider Smart Grid Technologies Pursuant to Federal Legislation and
on the Commission's Own Motion to Actively Guide Policy in
California's Development of a Smart Grid System, Pub. Util. No. 08-
12-009 (Dec. 18, 2009), available at http://docs.cpuc.ca.gov/published/FINAL_DECISION/95608.htm.
\23\ Department of Homeland Security, Privacy Policy Guidance
Memorandum 2008-01 (2008), available at http://www.dhs.gov/xlibrary/assets/privacy/privacy_policyguide_2008-01.pdf.
---------------------------------------------------------------------------
The FIPPs are a widely accepted framework that implement the core
provisions of the Privacy Act of 1974 and are mirrored in the laws of
many U.S. states, as well as the laws of many foreign nations and
international organizations.\24\
---------------------------------------------------------------------------
\24\ Id. at 2.
---------------------------------------------------------------------------
While Federal entities have been analyzing the privacy and security
implications of the Smart Grid, State public utilities commissions have
been conducting their own inquiries and rulemakings on consumer access
to energy-usage data. For example, on December 29, 2009, the California
Public Utilities Commission issued Decision 09-12-046, Decision
Adopting Policies and Findings Pursuant to the Smart Grid Policies.
\25\
---------------------------------------------------------------------------
\25\ Order Instituting Rulemaking to Consider Smart Grid
Technologies Pursuant to Federal Legislation and on the Commission's
Own Motion to Actively Guide Policy in California's Development of a
Smart Grid System, http://docs.cpuc.ca.gov/published/FINAL_DECISION/95608.htm.
---------------------------------------------------------------------------
The decision adopts policies for the three major investor-owned
public utilities (SCE, PG&E, and SDG&E) on consumer access to usage and
price information that will be available through California's Smart
Grid infrastructure; these include a policy goal that SCE, PG&E, and
SDG&E provide consumers with access to electricity price information by
the end of 2010. The decision also requires that SCE, PG&E, and SDG&E
provide consumers and third parties approved by consumers with
collected usage data by the end of 2010, as well as requiring that SCE,
PG&E and SDG&E provide those customers with smart meters and authorized
third parties with access to usage data on a near real-time basis by
the end of 2011.\26\ The Commission held a separate workshop on March
19, 2010 to consider the best methods for providing access to
electricity prices and usage data, due to the high level of interest in
the proceeding.
---------------------------------------------------------------------------
\26\ Id. at 3.
---------------------------------------------------------------------------
In 2007, The Public Utility Commission of Texas adopted, among
other things, a new rule that addressed the importance of balancing the
interests of customers, Retail Electric Providers (REPs), and electric
utilities, with respect to advanced metering. Texas consumers own all
meter data, including data from advanced meters and meter information
networks.\27\ In March 2010, CenterPoint Energy and other Texas
Utilities launched a Smart Meter Texas common portal and data
repository to give consumers with smart meters more control over their
electricity use. Consumers with installed smart meters can now view
their electric usage history down to 15-minute intervals on the
Internet. The Web portal was developed and is operated by IBM Corp.\28\
---------------------------------------------------------------------------
\27\ Tex. Util. Code Ann. Sec. 39.107(b) (Vernon Supp. 2009).
\28\ Houston Business Journal, CenterPoint, state launch Smart
Meter portal, March 22, 2010, available at http://houston.bizjournals.com/houston/stories/2010/03/22/daily28.html.
---------------------------------------------------------------------------
Pennsylvania enacted legislation requiring electric distribution
companies with over 100,000 customers to file smart-meter-technology
procurement and installation plans for approval by the Public Utility
Commission.\29\ The Pennsylvania Public Utilities Commission staff
drafted a proposal for implementing Act 129 plans, including
nondiscriminatory access to information by third parties.\30\
---------------------------------------------------------------------------
\29\ Act 2008-129, 66 Pa. C.S. Sec. 2807(f) (Nov. 14, 2008).
\30\ Lisa Schwartz, State Policies on Smart Grid, (2009),
available at http://www.raponline.org/docs/RAP_Schwartz_StatePolicyonSmartGrid_2009_05_13.pdf.
---------------------------------------------------------------------------
Finally, in 2000, the National Association of Regulatory Utility
Commissioners (NARUC) adopted a resolution urging the adoption of
general privacy principles for State commissions when assessing the
privacy implications of third-party use of utility-customer
information.\31\ However, it does not appear that many State utility
commissions have completed their assessments of access-and-privacy
issues related to the Smart Grid.
---------------------------------------------------------------------------
\31\ National Association Of Regulatory Utility Commissioners,
Resolution Urging the Adoption of General Privacy Principles For
State Commission Use in Considering the Privacy implications of the
Use of Utility Customer Information, available at http://www.naruc.org/Resolutions/privacy_principles.pdf.
---------------------------------------------------------------------------
All of these examples illustrate both common themes and variations
in the approaches that numerous entities are taking to address the
privacy and security issues inherent in the development, deployment,
and implementation of Smart Grid technologies. As a result, DOE is
publishing this RFI to seek broader public and private input on the
privacy and security issues inherent in the development, deployment,
and implementation of Smart Grid technologies. We seek comment on these
specific approaches as well as information on additional approaches
that are not listed here.
Request for Information
Smart Grid technologies should ensure that both states and
consumers retain the flexibility to strike a range of reasonable
compromises between the benefits of data collection and access, and the
protection of personal privacy. As the California Public Utilities
Commission noted in their December 2009 Decision, the availability of
information on usage and prices in a consistent format can lead to
energy management solutions that at this time we can only begin to
imagine.\32\
---------------------------------------------------------------------------
\32\ Order Instituting Rulemaking to Consider Smart Grid
Technologies Pursuant to Federal Legislation and on the Commission's
Own Motion to Actively Guide Policy in California's Development of a
Smart Grid System, http://docs.cpuc.ca.gov/published/FINAL_DECISION/95608.htm at 4.1.2.
---------------------------------------------------------------------------
Balancing these important interests remains an important challenge
for Smart Grid development, deployment, and implementation processes.
In this RFI, DOE thus seeks input on how to best achieve this desire to
foster flexibility, innovation, and consumer privacy and choice.
In addition, DOE also seeks to promote the development of Smart
Grid technologies in ways that accommodate both its important national
and local implications. The Smart Grid will play a critical role in
achieving national priorities like enabling new ways to enhance energy
efficiency, enhancing national competitiveness, improving national
security by increasing our energy independence, and developing
sustainable, long-term energy strategies that protect our environment
and economy. But flexibility to experiment is also one of the critical
benefits arising from our dual system of Federal-State sovereignty.
Federal law already recognizes that Smart Grid technologies implicate
traditional State interests in autonomy, utilities-regulation and
privacy-management. DOE thus seeks guidance on how to best balance the
complementary private and public interests implicated by Smart Grid
technologies.
Finally, this request for information seeks to survey whether and
how the states are implementing these obligations; whether
implementation efforts support the conclusion that the requirements set
out in PURPA meet the current and potential needs of utilities,
consumers, and third parties; what efforts are being made to implement
these requirements; and whether patterns, common practices or
consensuses emerge from analysis of
[[Page 26206]]
existing implementations of these requirements.
List of Questions for Commenters
The following list of questions represents a preliminary attempt to
identify and respond to the issues that have been raised in a variety
of public and private forums, including but limited to: DOE's historic
investment in Smart Grid technology through the Smart Grid Investment
Grants and the Smart Grid Demonstrations projects; Smart Grid Forum
blog initiated by the Office of Science and Technology policy titled
``Consumer Interface with the Smart Grid \33\''; and the National
Broadband Plan regarding the Smart Grid and issues of data access and
collection, third party access to detailed energy information, and
privacy. This list is to assist in the formulation of comments and is
not intended to restrict the issues that might be addressed in the
comments.
---------------------------------------------------------------------------
\33\ TMCnet, Consumer Interface with the Smart Grid, http://sip-trunking.tmcnet.com/news/2010/02/09/4613238.htm (last visited Apr.
27, 2010)
---------------------------------------------------------------------------
In addressing these questions or others, commenters must also
recognize that this RFI is intended to assist and inform DOE's efforts
to address the aspects of these questions that most directly implicate
the duties and responsibilities assigned by law to DOE and the
Secretary of Energy. This qualification is important because the global
concept of a Smart Grid inevitably implicates the jurisdiction and
expertise of many other Federal agencies as evidenced in the
composition of the Federal Smart Grid Task Force, not to mention
Federal law enforcement agencies, and others. DOE fully intends to
respect the jurisdiction and expertise of these and other Federal
entities. Consequently, comments directed to matters deemed more
relevant to the jurisdiction and expertise of other Federal entities
will provide little assistance relevant to this RFI.
(1) Who owns energy consumption data?
(2) Who should be entitled to privacy protections relating to
energy information?
(3) What, if any, privacy practices should be implemented in
protecting energy information?
(4) Should consumers be able to opt in/opt out of smart meter
deployment or have control over what information is shared with
utilites or third parties?
(5) What mechanisms should be made available to consumers to report
concerns or problems with the smart meters?
(6) How do policies and practices address the needs of different
communities, especially low-income rate payers or consumers with low
literacy or limited access to broadband technologies?
(7) Which, if any, international, Federal, or State data-privacy
standards are most relevant to Smart-Grid development, deployment, and
implementation?
(8) Which of the potentially relevant data privacy standards are
best suited to provide a framework that will provide opportunities to
experiment, rewards for successful innovators, and flexible protections
that can accommodate widely varying reasonable consumer expectations?
(9) Because access and privacy are complementary goods, consumers
are likely to have widely varying preferences about how closely they
want to control and monitor third-party access to their energy
information: what mechanisms exist that would empower consumers to make
a range of reasonable choices when balancing the potential benefits and
detriments of both privacy and access?
(10) What security architecture provisions should be built into
Smart Grid technologies to protect consumer privacy?
(11) How can DOE best implement its mission and duties in the Smart
Grid while respecting the jurisdiction and expertise of other Federal
entities, states and localities?
(12) When, and through what mechanisms, should authorized agents of
Federal, State, or local governments gain access to energy consumption
data?
(13) What third parties, if any, should have access to energy
information? How should interested third-parties be able to gain access
to energy consumption data, and what standards, guidelines, or
practices might best assist third parties in handling and protecting
this data?
(14) What forms of energy information should consumers or third
parties have access to?
(15) What types of personal energy information should consumers
have access to in real-time, or near real-time?
(16) What steps have the states taken to implement Smart Grid
privacy, data collection, and third party use of information policies?
(17) What steps have investor owned utilities, municipalities,
public power entities, and electric cooperatives taken to implement
Smart Grid privacy, data collection and third party use of information
policies?
(18) Should DOE consider consumer data accessibility policies when
evaluating future Smart Grid grant applications?
Issued in Washington, DC on May 5, 2010.
Scott Blake Harris,
General Counsel.
[FR Doc. 2010-11127 Filed 5-10-10; 8:45 am]
BILLING CODE 6450-01-P