In a trend-setting decision, the California Public Utilities Commission July 28 adopted sweeping privacy rules covering sensitive energy usage data produced for utilities by “smart” meters. “In short,” said CPUC president Mike Peevey, the rules “prohibit utilities and third parties from taking meter data for any purpose other than power operations without express customer authorization.” Peevey noted that demand-response and energy efficiency programs are considered utility operations under the unanimously adopted policy. The decision places California ahead of the federal government. Federal regulators haven’t developed binding privacy standards for smart meter data. Privacy regulations are supposed to advance the state’s goal of eventually using digital meters to blunt peak power demand. In theory, a response from consumers to reduce energy consumption during peak times avoids building more expensive and polluting fossil-fueled peaker plants. Yet, the connection between customer energy use response and the ability for meters to provide on-time consumption information has not been required by regulators. The CPUC requirements are based on Fair Information Practice Principles advocated by pro-privacy organizations. The principles give utility customers say over whether utilities can release their energy usage data to third parties, such as Internet service providers that want to use it for business purposes like offering energy management services. When consumers choose to allow utilities to release their information, whoever receives the data also falls under the CPUC’s privacy protection rules. The rules further govern any companies to which utility customers themselves decide to release their data--for instance, through installation of a home area network device programmed to receive information from utility smart meters. Commissioner Mike Florio lauded the rules, but questioned whether the commission had sufficient staff and resources to enforce them. The Division of Ratepayer Advocates specifically criticized the enforcement provisions of the rules as inadequate. Commissioner Mark Ferron called the rules a “solid framework” for privacy that enables third-party companies--such as internet service providers, cable television companies, or telephone utilities--to market energy management information systems and services. Under the rules, information would have to be kept confidential by utilities and their contractors, as it would by a third-party. The rules also lay out a number of requirements for utilities, including to: -Make energy usage and pricing information--based on both hourly and 15-minute increments updated at least daily--available online to customers; -Launch a pilot two-year pilot study of real-time pricing that involves enough customers to produce “meaningful results;” and -Install up to 5,000 home area network devices that allow customers who are “early adopters” to create their own in-home systems that automatically manage energy usage. Home area networks--which operate similar to computer networks--tie together energy-using devices and manage their power usage through a central command center that receives information on electricity usage, price, and the condition of the grid from smart meters. The control centers could be controlled remotely via the internet, a phone, or a cable television system. The rules come as California’s investor-owned utilities are completing installation of digital meters. According to consumer advocates, the devices can detect sensitive information about energy-related behavior--from whether you are home to which appliances and devices you are using. They even can reveal if your home alarm system is activated or deactivated. The CPUC adopted the rules after hearing dozens of people protest installation of the meters based on health, privacy, and economic grounds. Noting that most of the protestors left before the commission approved the rules, Peevey lamented it was sad so many of them had no interest in seeing what actions the commission is taking on consumer privacy.