Using the Power of Non-Identifying Energy Data Ann Cavoukian, Ph.D.Information and Privacy Commissioner Ontario Future of Energy Summit June 8, 2012
Using the Power of Data Big Data ………YesEnergy Data …...YesPersonal Data – No!
Personal Privacy Must Remain Paramount“The smart grid is certainly a goodidea, which I strongly support. But thefocus has been so singularly oncontrolling energy use that I think theprivacy issue is a sleeper – it is nottop-of-mind.” — Commissioner Cavoukian“We’ve taken the advice of the privacycommissioner upfront before the smartgrid is even put in place.” — Brad Duguid,Ontario Minister of Energy and Infrastructure Toronto Star, May 12, 2010 http://tinyurl.com/24dzn9j
“Assets Beyond the Meter – Who Should Own Them?”“There are sound reasons why energy consumers shouldremain in control of the energy consumption informationthey produce, even if there isn’t a law that requires this.The underlying rationale is that consumer confidence andtrust in the Smart Grid, and in one’s local electricitydistributors, is vital in achieving the vision of a moreenergy efficient electrical grid.” — Commissioner Cavoukian, Electric Light & Power Magazine www.elp.com
Why Utilities Should Be Concerned• Little consumer confidence and trust, one example:• Residents of Marin County, California, created a road blockade to prevent PG&E trucks from going into their town to install smart meters;• Residents were worried about their privacy, saying: “I dont want to be watched all the time;”• 79% knew little or nothing about the smart grid;• 76% didn’t know anything about smart meters; (Market Strategies International Study, 2010);• As a result, consumers are wary, and at times, hostile.
Adoption of “Privacy by Design” as an International StandardLandmark Resolution Passed to Preserve the Future of PrivacyBy Anna Ohlden – October 29th 2010 - http://www.science20.com/newswire/landmark_resolution_passed_preserve_future_privacyJERUSALEM, October 29, 2010 – A landmark Resolution byOntarios Information and Privacy Commissioner, Dr. Ann Cavoukian,was unanimously passed by International Data Protection and PrivacyCommissioners in Jerusalem today at their annual conference.The resolution ensures that privacy is embedded into new technologiesand business practices, right from the outset – as an essentialcomponent of fundamental privacy protection. Full Article: http://www.science20.com/newswire/landmark_resolution_passed_preserve_future_privacy
Privacy by Design: The 7 Foundational Principles1. Proactive not Reactive: Preventative, not Remedial;3. Privacy as the Default setting;5. Privacy Embedded into Design;7. Full Functionality: Positive-Sum, not Zero-Sum;9. End-to-End Security: Full Lifecycle Protection;11. Visibility and Transparency: Keep it Open;13. Respect for User Privacy: Keep it User-Centric. www.ipc.on.ca/images/Resources/7foundationalprinciples.pdf
Consumer Energy Usage Data = PII• U.S. Department of Energy identified the issue of third party access to consumer-specific energy-usage data (CEUD) as… “perhaps the most critical question in the context of Smart Grid technologies” … “consumers should have rights to protect the privacy of their own CEUD and control access to it;”• California Public Utility Commission issued a decision adopting rules to protect the privacy and security of customer electricity usage data, commending Privacy by Design:“The Privacy by Design methodology offers a promising approach to ensuring that data practices promote privacy, not just in the FIP of data minimization, but in all aspects of privacy planning.”
Consumer Energy Usage Data (Cont’d)• North American Energy Standards Board (NAESB) issued Business Practices for Third Party Access to Smart Meter-based Information. This guidance adopts Fair Information Practices, requiring informed consent, transparency, and accountability;• My office is collaborating with NIST, the National Institute of Standards and Technology as part of its Cyber Security Working Group where Privacy by Design was cited in their Guidelines for Smart Grid Cyber Security: V. 2, Privacy and the Smart Grid.
“Big Data”• Each day we create 2.5 quintillion bytes of data – 90% of the data today has been created in the past 2 years;• Big data analysis and data analytics promises new opportunities to gain valuable insights and benefits, (e.g., improving pandemic response, advances in cancer research, etc.);• However, it can also enable expanded surveillance, on a scale previously unimaginable;• This situation cries out for a positive-sum solution, win-win strategy.
Announcing:“Privacy by Design in the Age of Big Data”• The Big Difference with Big Data;• “Sensemaking” Systems;• Privacy by Design in the Age of Big Data;• The Creation of a Big Data Sensemaking System through PbD. www.privacybydesign.ca
Conclusions• Lead with Privacy by Design, featuring control over customer energy usage data – maintaining consumer confidence and trust will be essential;• Make sure that privacy is strongly addressed – right from the outset – make it a priority by embedding it into technology and business practices;• Enable both the Smart Grid and Privacy to grow in tandem – not one at the expense of the other – prevent the data breach … enable the service;• If you don’t lead with Privacy, by Design, you may end up with privacy by chance – or worse, Privacy by Disaster!
How to Contact Us Ann Cavoukian, Ph.D. Information & Privacy Commissioner of Ontario 2 Bloor Street East, Suite 1400 Toronto, Ontario, Canada M4W 1A8 Phone: (416) 326-3948 / 1-800-387-0073 Web: www.ipc.on.ca E-mail: firstname.lastname@example.orgFor more information on Privacy by Design, please visit: www.privacybydesign.ca