HomeGB EnergyCross-cuttingElectricityGasOil and upstreamHydrogenHeatNuclearCCUSInterconnectors

Governance scenario

Smart Meter Data Breach

DCC reports a data breach affecting 50,000 smart meter records. ICO and Ofgem must coordinate response. Consumer trust in smart metering is at risk.

Back to scenarios

This is a fictionalised teaching scenario grounded in real institutional roles, published reforms, and current public-source context.

Scenario player

Work through the decision path below. Each choice changes the route, the institutional trade-offs, and the metrics the scenario tracks.

Smart Meter Data Breach

Step 1 of 2

DCC

Breach discovered and reported

DCC discovers that an unauthorised third party accessed smart meter consumption data for 50,000 households via a vulnerable API endpoint. The data includes half-hourly consumption, which can reveal household occupancy patterns and behaviour. DCC immediately notifies Ofgem, ICO, and affected suppliers. The breach was open for 5 days before discovery. DCC must decide on public disclosure approach.

What is at stake

  • -Delayed disclosure may violate GDPR.
  • -Immediate full disclosure may cause panic and reduce smart meter uptake.
  • -Consumers have right to know but also right to proportionate response.

How do you disclose the breach?

Current Metrics

Customer Protection70
Stakeholder Trust65
System Security68
Affordability62
Net Zero Progress62
Operational Efficiency62

Actors Involved

DCCOfgemSuppliersCitizensCitizens Advice

Regulatory Context

Data Protection Act 2018 and Privacy and Electronic Communications Regulations

Governance relationship map

View mode

Operating loop breadcrumb

GovernancePlanningOperationsOutcomesEvidence

Current focus: Rules and accountability

Legend

Governance and policy

Rules, remits, and accountability

Planning and investment

Connections, queue progression, and delivery planning

System operations

Real-time balancing and network operation

Market and consumer outcomes

Prices, settlement, reliability, affordability

Evidence and learning

Telemetry, assurance, and continuous improvement

Glossary

  • Dispatch

    Real-time instructions to increase or reduce generation or demand so supply stays in balance.

  • Balancing

    The continuous process of matching electricity supply to demand while maintaining system frequency.

  • Constraint

    A technical limit in the network that restricts how power can flow under current conditions.

  • Industry code

    A formal rulebook that defines obligations and processes for specific market and network activities.

  • Connection agreement

    The formal agreement setting technical and milestone conditions for connecting a project to the network.

  • Settlement

    The process that turns metered and contractual positions into final market cashflow outcomes.

  • Conformance gate

    A quality checkpoint that verifies whether data or implementation meets agreed standards.

  • LTDS

    Long Term Development Statement publication requirements for distribution network data.

Guided tour

Step 1 of 8

Who sets the rules?

Start with governance: policy direction, regulatory oversight, licences, and code obligations.

Why it matters: Newcomers should first understand where authority sits before interpreting operational decisions.

Open Ofgem licence and code guidance

Preparing system graph…

Use this map to keep scenario decisions anchored to policy, coordination, operational delivery, and evidence feedback relationships.

Sources and methodology

How this page was assembled

Scenarios are designed as regulator-safe teaching runs. Institutional roles, programme context, and cited reform pathways stay grounded in current public sources, while event details and numbers inside the run remain fictionalised unless explicitly evidenced elsewhere. This scenario is framed against Data Protection Act 2018 and Privacy and Electronic Communications Regulations.

Last reviewed 18 March 2026

Primary sources

Ransford's Notes