The media is rife with articles about the privacy of the data from your electric (and ultimately gas and water) meters as the nation moves towards implementing two-way communicating meters for residential customers.  The first reaction of many is probably “who cares ?”  But, consumers are increasingly seeing a need to consider their meter data in a similar vein as their cell phones usage/location tracking, healthcare information, and financial transactions.

For decades the local utility entities have walked by our meters and taken monthly readings.  It’s doubtful that anyone worried or cared about what the utility actually did with that data.

What if the meter reader dropped his clipboard and it was found by someone not employed at the utility? What could they glean from the meter readings on that clipboard? Nothing whatsoever.

What You Don’t Want Others To Know About Your Utility Bill

But with the implementation of smart meters, where utilities can take 15-minute interval readings from your meter, the data become more telling. With unauthorized access to your smart meter data, it could be determined when you are not home, making a burglar’s life much easier.   A law enforcement agency could have the ability to determine you might be growing something illegal in your basement, based on your electricity usage.

Some states are looking at passing their own smart grid privacy legislation.  Various entities of the federal government are looking into smart grid privacy legislation.  There are numerous trade and standards organizations reviewing the need for smart grid privacy regulation.   Just google “smart meter data privacy” or similar terminology and you will be bombarded with an abundance of results.

Health Care and Telecommunications

The utility industry isn’t the first industry to face the need for an increasing amount of customer data privacy.  Think about the healthcare industry and the Healthcare Insurance Portability and Accountability Act (HIPAA) in which the HIPAA Privacy Rule provides federal protections for personal health information held by covered entities and gives patients an array of rights with respect to that information1.

Telecommunications carriers are governed by the Federal Communications Commission(FCC) rules protecting Customer Proprietary Network Information (CPNI).  This regulates the privacy of information that telecommunications services such as local, long distance, and wireless telephone companies acquire about their subscribers. It includes not only what services they use but their amount and type of usage  of individual customers. 2

Financial Institutions and Your Privacy

For organizations that handle credit, debit, prepaid, and ATM cards, however, there is a different privacy/security model, and that is one that was established by the industry itself.  While PCI (Payment Card Industry) compliance is arguably more security focused than privacy focused, and was designed to minimize the risk of the card industry.  A number of major breeches into this industry are often in the news, so one does have to wonder how well this model is working.  The Gramm-Leach-Bliley Act mandates that all financial institutions establish appropriate security standards to protect customer data from internal and external threats and unauthorized access.

AT&T is well positioned to assist utilities with increasing concerns around the privacy of their customer information.  Just a few examples include Regulatory Assessments Compliance, AT&T Web Application Firewall Service and SureScan from the AT&T Consulting portfolio.

Consumer Proprietary Network Information concerns what telecommunications companies know about you.  Click here to find out what information about you is contained.