.

Editor’s note: This article is a short adaptation of an analysis by Dow Lohnes PLLC attorney Michael Pryor of a proposal to model smart grid privacy and data dissemination after telephone record privacy rules. His full analysis is linked below.

 

By Michael Pryor

 

The customer proprietary network information (CPNI) framework established by Congress and implemented by the FCC to protect users of telecommunications services is comprehensive and reasonably balances the privacy expectations of consumers with the need of service providers to obtain and disseminate information.  It may provide a useful model for the development of rules and regulations governing the use and distribution of personal, sensitive information that will be gathered as smart grid technologies are deployed. 

 

Like the energy consumption data generated by smart grid technologies, CPNI involves usage information associated with a particular customer that can reveal sensitive and confidential information.  Intelligent energy monitoring technologies capture highly granular information regarding individual and household energy consumption that can reveal identifiable private information.  Smart grid stakeholders are thus assessing how to balance protecting consumers’ privacy expectations and control over the dissemination of personally identifiable information with the need of utilities and authorized third parties to have access to this data. 

 

 

The CPNI Framework

The CPNI rules create an overarching “duty” on all telecommunications carriers to protect the confidentiality of their customers’ proprietary data.  Carriers must obtain the customer’s affirmative consent (opt-in) before disclosing CPNI to unaffiliated third parties.  Conversely, consumers need only be given notice and a period of time to object (opt-out) before the carrier can share CPNI with affiliated companies or its agents in order to market communications-related services to which the customer does not currently subscribe.  No customer consent is required for the carrier to use CPNI to provide or market services to which customers already subscribe.

           

Use of CPNI Rules to Address Smart Grid Privacy Principles

The CPNI requirements appear to provide a useful framework to address a number of key principles highlighted in a Department of Energy report last fall on data access and privacy issues related to smart grid technologies:

·         Utilities should have access to customer-specific data and be able to use that data for utility-related business purposes.  The CPNI framework allows carriers to use CPNI to provision and market the same telecommunications services from which the CPNI is derived.  Service providers can use CPNI for billing purposes without consent, and they may disseminate, without consent, aggregate information from which “individual customer identities and characteristics have been removed.”

·         Consumers should be able to access data and decide whether third-parties are entitled to access it for purposes other than providing electrical power.  CPNI rules guarantee customers the right to access their own CPNI and to disclose CPNI to any person designated by the customer in writing.

·         Consumers should be required to provide affirmative consent before releasing information.  The DOE report found substantial consensus on several issues regarding dissemination of information:  (1) affirmative, opt-in consent should be required; (2) opt-in should entail a valid authorization that specifies the purposes for which the third-party is authorized to use data, defines the term during which consent is effective, and how consent can be withdrawn; (3) authorized third-parties should be required to protect the privacy and the security of data and use it only for the purposes specified; and (4) states should enact laws or rules that define the circumstances, conditions and data that utilities should disclose to third parties.  CPNI rules address a number of these issues.

·         Consent through electronic means.  CPNI rules allow electronic consent.  Carriers may obtain opt-in or opt-out approval on a website during the initial sign up for service, as long as the approval request is readily apparent.  Where email is used, the provider must have first obtained “express, verifiable” consent from the customer to send notices via email, allow direct reply to the email, and clearly identify the purpose of the email opt-out notice in the email’s subject line. Carriers must also provide every consumer an opt-out method that is free and available 24 hours/day, seven days/week.

Read the author’s full analysis of this issue.

Michael Pryor is a member of Dow Lohnes, PLLC, a Washington, DC-based law firm. Michael works inside the Communications Group where he focuses on communications law, policy and regulation. His complete bio can be read online.

Talk Back to the Author

Current Comments (2)

Leave a Comment

---

CPNI

While imperfect, CPNI rules have been formed through decades of customer interaction, industry evolution and some lawsuits. They are good role model for privacy rules for not only utility smart grids, but for ISPs like Google or Apple entrusted with location and other sensitive customer data. Indeed this would contribute to a fair "level playing field" since those ISPs often compete with the telecom carriers already subject to CPNI rules.

Bill Blessing - 05/26/2011 - 14:09

Deficiency of the CPNI analogy

CPNI data are associated with an electronic device address that may but usually does not have serial ownership and if it did the usage information would have little legitimate value to the subsequent possessor of the device. In contrast, if I purchase or rent real property that had utility services I have am immediate, beneficial, and legitimate interest in the utility usage data of the property under prior possession. It follows that CPNI principles need to be modified at least so that license to utility usage data runs with property interest.

Douglas Jester - 06/01/2011 - 18:09

Leave a Comment

New to this Blog? Need some help?

Email: [?] We will send you an email with an appproval link you must click for your comment to appear.
Full Real Name:	[?] Real comments need a real name.
Subject:	[?] Please provide a short subject for your comment.
Comment:[?] Do not post commercial/sales messages here. They will be deleted. Try: pr@smartgridnews.com PLEASE NOTE:  All HTML codes will be removed from your comment.
CAPTCHA Security Code The numbers (0) and (1) are not used. [?] Please type the characters you see into the box above.
Remember my name? (Uncheck to forget.)
You can not edit or delete your comment once it is posted. Please check for spelling now. Your IP Address is: 23.22.76.170