“Smart grids” are the case where utilities would be able to collect granular data about consumers’ energy consumption — down to the daily electricity use by the fridge in your kitchen or the TV in your bedroom. I’ve spoken about the privacy issues connected with smart grids and smart meters before.
Now, Ontario Privacy Commissioner Ann Cavoukian has partnered with major utility companies in Canada to launch “a publication to guide utilities in how to ensure that consumers’ personal information is protected as the electrical grid becomes ‘smarter.'” Privacy by Design: Achieving the Gold Standard in Data Protection for the Smart Grid (pdf) outlines best practices for embedding privacy in smart grid systems.
From the executive summary:
What constitutes “personal information” on the Smart Grid is the subject of much discussion. Personal information is defined by the Freedom of Information and Protection of Privacy Act (FIPPA) and the Municipal Freedom of Information and Protection of Privacy Act (MFIPPA), as “recorded information about an identifiable individual.” Once it becomes apparent that a Smart Grid technology, system or project will involve the collection of personal information, privacy considerations begin to apply, such as limiting the amount of personal information collected, used or disclosed, and the safeguarding of that information.
The digitization of smart meter information has an impact on privacy experienced in other areas where traditional paper records are being transferred into digital form. Digital smart meter data, like all digital data, is vulnerable to accessing, copying, matching, merging and massive dissemination.
The changing nature and vast increase of information gathered on the Smart Grid is also resulting in changes in the nature of utilities as power providers. Lack of integration between various systems in the area of communications, operations and information systems, is a significant gap within which challenges may arise for utilities. Utilities should be aware of the gaps and opportunities to work Privacy by Design into these systems, such as the introduction of smart transformers and power line monitors, and the centralization and integration of data and processes.
The best practices suggested are:
- Smart Grid systems should feature privacy principles in their overall project governance framework and proactively embed privacy requirements into their designs, in order to prevent privacy-invasive events from occurring;
- Smart Grid systems must ensure that privacy is the default — the “no action required” mode of protecting one’s privacy — its presence is ensured;
- Smart Grid systems must make privacy a core functionality in the design and architecture of Smart Grid systems and practices — an essential design feature;
- Smart Grid systems must avoid any unnecessary trade-offs between privacy and legitimate objectives of Smart Grid projects;
- Smart Grid systems must build in privacy end-to-end, throughout the entire life cycle of any personal information collected;
- Smart Grid systems must be visible and transparent to consumers — engaging in accountable business practices — to ensure that new Smart Grid systems operate according to stated objectives;
- Smart Grid systems must be designed with respect for consumer privacy, as a core foundational requirement.