Digital Resilience Pays Off
Download this e-book to learn about the role of Digital Resilience across enterprises.
I had the pleasure of attending a two day seminar on Managing SCADA Network Security Risks. One of the most interesting seminars was Data Access and Privacy Issues Related to Smart Grid Technologies by Megan Hertzler, Assistant General Council with Xcel Energy. She said that when the meter reader used to come to the house and record your electrical usage, it was aggregate data. There were no privacy issues and the electric company owned the data. Now with Smart Meters the electric company can:
This data is considered granular data and can be used to track what you do and where you are. Once data becomes granular, the ‘Pandora’s box’ of data privacy is opened up. Questions like, data ownership, data usage and data protection become new challenges for utility companies.
Several states’ public utility commissions have begun to tackle these issues and implement laws. California (Docket No: 08-12-009), Oklahoma (H.B. 1079, 59 Leg., 1st Sess. Okla. 2011) , and Colorado (Docket No. 10R-799E) have implemented similar but slightly different laws. For-instance, in business friendly Oklahoma the law stipulates that the utility owns usage data and that the utility may provide access to third-parties and they can charge a fee.
Colorado and California say the utility owns the data but can’t use it without customer consent and must secure the data. Oddly, what’s missing from all these state laws are any penalties for data breaches and what defines a data breach. Ms. Hertzler went on to say that she expects that is coming. It isn’t like the utilities don’t know they have to protect the data or how to do it. They have to protect SSN#s and credit card data collected for online and auto-pay options. Where there seems to be some agreement over these issues is that the data needs to be protected, it’s owned by the utility but customers should have full access, responsibility for security of the data should be extended to third parties that are given access, utilities can use the data for their own business purposes without customer consent and utilities can recover their costs for providing access. I’ll bet a shinny new nickle that the state PUCs will want to regulate what the utilities charge for providing third-parties access. All the other privacy issues are still being played out at various levels of state, local, and federal governments.
This is a case where utilities will actually welcome the federal government stepping in and passing a single privacy standard for this kind of data. For utilities that operate in many states, adhering to all the state regulations with their nuanced differences will be far too onerous.
The Splunk platform removes the barriers between data and action, empowering observability, IT and security teams to ensure their organizations are secure, resilient and innovative.
Founded in 2003, Splunk is a global company — with over 7,500 employees, Splunkers have received over 1,020 patents to date and availability in 21 regions around the world — and offers an open, extensible data platform that supports shared data across any environment so that all teams in an organization can get end-to-end visibility, with context, for every interaction and business process. Build a strong data foundation with Splunk.