Security and Resilience (Cyber and Physical)

10 tips: Keep customers secure with grid modernization


Utilities well know that some customers are uncomfortable with utilities — or anyone for that matter — possessing fine levels of information about their lives. But more information means more benefits for everyone, customers included. Granular data means customers can better see their energy use patterns and find ways not only to save energy, but to save money.

If utilities want to implement grid modernization projects, an important first step is making customers feel secure about their data. Utilities don't have to follow model business practices for data use, and regulators are still giving leeway while they consider best practices.

So while regulators and policymakers on all levels look at ways to govern consumer data privacy, not just for electricity meters, utilities can take simple steps of their own that mirror what models released to date share at their core. Here are the Top 10 ways to help customers feel secure.





















  1. Get a yes or no answer
    The industry consensus is that customers must provide affirmative, written consent in order for utilities to share customer energy use data or personal customer information with third parties. Utilities should maintain a record of this consent.
  2. Limit what's released
    Once customers have consented, the data provided to third parties should be limited to the scope and purpose for the consent given.
  3. Be clear on aggregation
    Sharing aggregated data generally doesn't require customer consent, but what does aggregated data mean? Utilities should use clear aggregation methodologies to ensure privacy is not breached.
  4. Require a badge
    Utilities can release smart-grid data to third parties without prior consent in very rare circumstances — usually to law enforcement or the like. Utilities should release only the data specifically related to the legal request or investigation.
  5. Make access easy, for customers
    What is the point of all this data if customers can't use it? Customers should be able to access their data easily and in a reasonably timely manner.
  6. Make it accurate
    Utilities should strive to provide data as accurately as possible, though inaccuracies are expected. Customers should have a means to dispute data inaccuracies.
  7. Keep it secure
    Securing data is one of the most sensitive aspects of data privacy. Utilities must be diligent in safeguarding customer data — perform regular audits and risk assessments.
  8. Train handlers carefully
    Employees handling data should be properly trained to do so. They should have access only to the data they need to perform tasks at hand and surrender all customer information upon departure from the utility. Background checks are recommended.
  9. Educate customers
    Educate customers as much as possible about the utility's privacy policies, why their data may be shared, ways they can access their data, and how to file complaints.
  10. Look for liabilities
    Utilities may be held liable if a third party breaches a customer's privacy, depending on their local regulations. Be sure to check local governing documents to see if potential liability is mentioned.