Assets Beyond the Meter E. L. Quinn, “ Privacy and the New Energy Infrastructure ” (Working Paper Series, 2009) htto://ssrn.com/abstract=1370731 This lead to a series of meetings with utilities in our jurisdiction of Ontario – which (fortunately) fall under our FOI and Privacy laws. We worked closely with 2 of the largest utilities – Hydro One and Toronto Hydro – who felt it was in their best interest to do so – and the best interests of their customers Increase in the granular collection, use and disclosure of personal energy information; Data linkage of personally identifiable information with detailed energy use; The creation of an entirely new “ library ” of personal information. (Elias Quinn, 2009)
Why Utilities Should Be Concerned This article is forthcoming – estimated to be published in September/October.
Privacy by Design However, it was also found that after having the technologies explained to them : 75% of people felt that the smart grid, complete with smart meters, should be a priority over the next 1-5 years; and 67% support their utility company in installing the technologies. Distributech – monetization of their data flows
Jerusalem Landmark Resolution I first developed the concept of Privacy by Design in the ’ 90s, as a response to the growing threats to online privacy that were beginning to emerge; Privacy by Design seeks to build in privacy – up front, right into the design specifications; into the architecture; embedding privacy into the very technology used – bake it in ; Data minimization is key : minimize the routine collection and use of personally identifiable information – use encrypted or coded information, whenever possible; Use privacy-enhancing technologies (PETs) where possible, but make it PETs Plus , invoking a positive-sum paradigm, and giving people maximum control over their own data.
7 Foundational Principles Translated into 25 languages!
IPC Joint Smart Grid Papers Proactive not Reactive; Preventative not Remedial Privacy as the Default Privacy Embedded into Design Full Functionality: Positive-Sum, not Zero-Sum End-to-End Lifecycle Protection Visibility and Transparency Respect for User Privacy
CEUD (Cont ’ d) The U.S. Department of Energy (DOE) has been involved in a number of Smart Grid activities, including among other things: Publishing reports on Data Access and Privacy Issues Related to Smart Grid Technologies and Communications Requirements of Smart Grid Technologies. Leading the Federal Smart Grid Task Force, which ensures awareness, coordination, and integration of the diverse activities of the federal government related to smarter grid technologies, practices, and services. Establishing the Smart Grid Information Clearinghouse (developed and maintained by Virginia Tech Advanced Research Institute) to provide information on Smart Grid pilot projects, use cases, standards, legislation, policy and regulation, lessons learned and best practices, and topics research and development topics. Supporting the development of the Smart Grid Maturity Model: a management tool that organizations can use to appraise, guide, and improve their Smart Grid transformation.
IPC Paper – PbD and Big Data The Virtuous Cycle of Big Data The virtuous cycle that may emerge: Systems that are respectful of personal information, with privacy assured from the outset, will increase user confidence and trust; This will increase users' engagement, driving more “ voluntary ” and “ accurate ” data into the system; More data will yield greater benefits for all stakeholders including users, without trading away their privacy – a positive-sum outcome!
How to Contact Us
Using the Power of Non-Identifying Energy Data Ann Cavoukian, Ph.D.Information and Privacy Commissioner Ontario Future of Energy Summit June 8, 2012
Using the Power of Data Big Data ………YesEnergy Data …...YesPersonal Data – No!
Personal Privacy Must Remain Paramount“The smart grid is certainly a goodidea, which I strongly support. But thefocus has been so singularly oncontrolling energy use that I think theprivacy issue is a sleeper – it is nottop-of-mind.” — Commissioner Cavoukian“We’ve taken the advice of the privacycommissioner upfront before the smartgrid is even put in place.” — Brad Duguid,Ontario Minister of Energy and Infrastructure Toronto Star, May 12, 2010 http://tinyurl.com/24dzn9j
“Assets Beyond the Meter – Who Should Own Them?”“There are sound reasons why energy consumers shouldremain in control of the energy consumption informationthey produce, even if there isn’t a law that requires this.The underlying rationale is that consumer confidence andtrust in the Smart Grid, and in one’s local electricitydistributors, is vital in achieving the vision of a moreenergy efficient electrical grid.” — Commissioner Cavoukian, Electric Light & Power Magazine www.elp.com
Why Utilities Should Be Concerned• Little consumer confidence and trust, one example:• Residents of Marin County, California, created a road blockade to prevent PG&E trucks from going into their town to install smart meters;• Residents were worried about their privacy, saying: “I dont want to be watched all the time;”• 79% knew little or nothing about the smart grid;• 76% didn’t know anything about smart meters; (Market Strategies International Study, 2010);• As a result, consumers are wary, and at times, hostile.
Adoption of “Privacy by Design” as an International StandardLandmark Resolution Passed to Preserve the Future of PrivacyBy Anna Ohlden – October 29th 2010 - http://www.science20.com/newswire/landmark_resolution_passed_preserve_future_privacyJERUSALEM, October 29, 2010 – A landmark Resolution byOntarios Information and Privacy Commissioner, Dr. Ann Cavoukian,was unanimously passed by International Data Protection and PrivacyCommissioners in Jerusalem today at their annual conference.The resolution ensures that privacy is embedded into new technologiesand business practices, right from the outset – as an essentialcomponent of fundamental privacy protection. Full Article: http://www.science20.com/newswire/landmark_resolution_passed_preserve_future_privacy
Privacy by Design: The 7 Foundational Principles1. Proactive not Reactive: Preventative, not Remedial;3. Privacy as the Default setting;5. Privacy Embedded into Design;7. Full Functionality: Positive-Sum, not Zero-Sum;9. End-to-End Security: Full Lifecycle Protection;11. Visibility and Transparency: Keep it Open;13. Respect for User Privacy: Keep it User-Centric. www.ipc.on.ca/images/Resources/7foundationalprinciples.pdf
Consumer Energy Usage Data = PII• U.S. Department of Energy identified the issue of third party access to consumer-specific energy-usage data (CEUD) as… “perhaps the most critical question in the context of Smart Grid technologies” … “consumers should have rights to protect the privacy of their own CEUD and control access to it;”• California Public Utility Commission issued a decision adopting rules to protect the privacy and security of customer electricity usage data, commending Privacy by Design:“The Privacy by Design methodology offers a promising approach to ensuring that data practices promote privacy, not just in the FIP of data minimization, but in all aspects of privacy planning.”
Consumer Energy Usage Data (Cont’d)• North American Energy Standards Board (NAESB) issued Business Practices for Third Party Access to Smart Meter-based Information. This guidance adopts Fair Information Practices, requiring informed consent, transparency, and accountability;• My office is collaborating with NIST, the National Institute of Standards and Technology as part of its Cyber Security Working Group where Privacy by Design was cited in their Guidelines for Smart Grid Cyber Security: V. 2, Privacy and the Smart Grid.
“Big Data”• Each day we create 2.5 quintillion bytes of data – 90% of the data today has been created in the past 2 years;• Big data analysis and data analytics promises new opportunities to gain valuable insights and benefits, (e.g., improving pandemic response, advances in cancer research, etc.);• However, it can also enable expanded surveillance, on a scale previously unimaginable;• This situation cries out for a positive-sum solution, win-win strategy.
Announcing:“Privacy by Design in the Age of Big Data”• The Big Difference with Big Data;• “Sensemaking” Systems;• Privacy by Design in the Age of Big Data;• The Creation of a Big Data Sensemaking System through PbD. www.privacybydesign.ca
Conclusions• Lead with Privacy by Design, featuring control over customer energy usage data – maintaining consumer confidence and trust will be essential;• Make sure that privacy is strongly addressed – right from the outset – make it a priority by embedding it into technology and business practices;• Enable both the Smart Grid and Privacy to grow in tandem – not one at the expense of the other – prevent the data breach … enable the service;• If you don’t lead with Privacy, by Design, you may end up with privacy by chance – or worse, Privacy by Disaster!
How to Contact Us Ann Cavoukian, Ph.D. Information & Privacy Commissioner of Ontario 2 Bloor Street East, Suite 1400 Toronto, Ontario, Canada M4W 1A8 Phone: (416) 326-3948 / 1-800-387-0073 Web: www.ipc.on.ca E-mail: email@example.comFor more information on Privacy by Design, please visit: www.privacybydesign.ca