Bill 140 2015
An Act respecting smart grid cyber security and privacy
Her Majesty, by and with the advice and consent of the Legislative Assembly of the Province of Ontario, enacts as follows:
Ministry of Energy Act, 2011
1. Clause 7 (1) (a) of the Ministry of Energy Act, 2011 is amended by adding "and with regard to the cyber security of the smart grid within the meaning of the Electricity Act, 1998 and related privacy matters" at the end.
Ontario Energy Board Act, 1998
2. The Ontario Energy Board Act, 1998 is amended by adding the following Part:
smart grid cyber security and privacy
35.1 (1) This Part applies with respect to,
(a) a person who is responsible for a distribution system;
(b) the Smart Metering Entity;
(c) service providers contracted to provide data collection, storage and management services to the Smart Metering Entity or in connection with a distribution system;
(d) the IESO; and
(e) any other prescribed participants in the smart grid.
Requirements re cyber security, privacy
(2) A person to whom this Part applies shall comply with the prescribed requirements respecting cyber security and the protection of privacy.
Board to audit
(3) The Board shall, in accordance with the regulations, periodically audit compliance with the requirements.
(4) For the purposes of subsection (1), a person who is responsible for a system is the person who is the head of the system, regardless of whether the title of the position or office is chief executive officer, president or something else.
35.2 (1) The Lieutenant Governor in Council may make regulations for the purposes of this Part,
(a) prescribing participants for the purposes of clause 35.1 (1) (e);
(b) prescribing requirements and standards in connection with cyber security and the protection of privacy;
(c) requiring compliance with the principles of Privacy by Design, as available on the website of Privacy by Design, and governing compliance with those principles;
(d) adopting by reference, in whole or in part, with such changes as the Minister considers necessary or advisable, any other code or standard relevant to the cyber security of the smart grid, requiring compliance with any code or standard that is so adopted, and governing compliance with them;
(e) governing the Board's compliance audits under subsection 35.1 (3).
(2) If a regulation under clause (1) (b), (c) or (d) so provides, a code or standard adopted by reference shall be a reference to it, as amended from time to time, whether before or after the regulation is made.
3. This Act comes into force on the day it receives Royal Assent.
4. The short title of this Act is the Smart Grid Cyber Security and Privacy Act, 2015.
Currently, under the Ministry of Energy Act, 2011, the Minister of Energy is required to review energy matters on a continuing basis with regard to short term, medium term and long term goals in relation to the energy needs of the Province of Ontario. The Bill amends the Act to require that the Minister also have regard to the cyber security of the smart grid and related privacy matters.
The Bill amends the Ontario Energy Board Act, 1998 to create a new Part respecting smart grid cyber security and privacy. Participants in the smart grid listed in new section 35.1 of the Act are required to comply with prescribed requirements respecting cyber security and the protection of privacy. The Lieutenant Governor in Council is given the power to make regulations respecting requirements and standards in connection with cyber security and the protection of privacy. The Ontario Energy Board is required to audit compliance with the requirements.