Privacy means many things to many people. Information that one person considers private may be information another person regularly shares on a social networking site. So how do we define it? At its most basic level, privacy is the ability of an individual to seclude themselves—or information about themselves—and thereby reveal what they share selectively. More broadly, privacy is about the freedom to make personal choices without undesirable influence. This is the reason secret ballots are secret. Privacy is the peace of mind that information about us is not being used to harm us or those we care about. In some cases, privacy is simply about the right to be left alone. Privacy is not about whether one has something to hide. Each of us possesses some information that is sensitive and personal to us that we do not want to see fall into the hands of the wrong people at the wrong time.
From SGDP: “Customers will benefit from [Smart Grid technologies] while also having confidence that their privacy is protected.” (pg. 13) Pg. 120. Privacy Considerations Sony breach: http://www.csmonitor.com/Business/2011/0503/Sony-data-breach-could-be-most-expensive-ever
Privacy and the Smart Grid
7 Foundational Principles SMART GRID PRIVACY – Why privacy matters in Smart Grid, how SG could put privacy at risk if not executed well. E. L. Quinn, “Privacy and the New Energy Infrastructure” (Working Paper Series, 2009) htto://ssrn.com/abstract=1370731 This lead to a series of meetings with utilities in our jurisdiction of Ontario – which (fortunately) fall under our FOI and Privacy laws. We worked closely with 2 of the largest utilities – Hydro One and Toronto Hydro – who felt it was in their best interest to do so – and the best interests of their customers
Big Data Proactive not Reactive; Preventative not Remedial Privacy as the Default Privacy Embedded into Design Full Functionality: Positive-Sum, not Zero-Sum End-to-End Lifecycle Protection Visibility and Transparency Respect for User Privacy
Data Analytics and Role of Utilities HOW PRIVACY IS CHANGING – New uses for personal information, personal information is used in recent political campaigns, changes to laws on collection of information (Federal , California), calls for central “energy data center” in CA. The Virtuous Cycle of Big Data The virtuous cycle that may emerge: Systems that are respectful of personal information, with privacy assured from the outset, will increase user confidence and trust; This will increase users' engagement, driving more “voluntary” and “accurate” data into the system; More data will yield greater benefits for all stakeholders including users, without trading away their privacy – a positive-sum outcome!
7 Foundational Principles UTILITY ROLE – Why utilities are the best advocates for customer energy privacy.
Privacy by Design Principle #2
Do Not Track – Internet Explorer 10 Caroline Winn’s reference to FTC – Do Not Track
Announcing New IPC Paper – PbD and Third Party Access to CEUD
In partnership with the Information and Privacy Commissioner, Ontario, Canada, and the Future of Privacy Forum, with foreword by Caroline Winn, VP & CPO, SDG&E.
Enlightened Privacy – by Design for a Smarter Grid
Enlightened Privacy – by Design for a Smarter Grid Caroline Winn, Chief Customer Privacy Officer, San Diego Gas & Electric Dr. Ann Cavoukian Information and Privacy Commissioner Ontario, Canada
What is Privacy? I want to make informed choices Freedom without unwanted influence I want you to I want to know my just let me bepersonal information isnot being used to harmme or those I care about Privacy The Right Peace To be Left Of Mind Alone Privacy is NOT about whether one has “something to hide” 2
Why Privacy? – Perceptions of privacy continue to change• Paradigm-changing technologies like the Internet impacted – It’s the right thing to do privacy in ways we could have scarcely imagined 30 years ago – Regulators require it• Today, Smart Grid technologies like smart meters are – CPUC Decision 11-07-056 – Electricity changing the way we look at energy privacy Usage Data Privacy Decision applies strict rules around how customer privacy is respected and protected ● Prudence demands it – Penalties for failure may be large ● We know customers expect it• “SDG&E understands that the full benefits of Smart Grid cannot be achieved if it does not have the confidence of the users of the system.” (SGDP, pg. 139)
Customer Privacy &Information Security Security Privacy Security“Are we doing what we said we “Are we protecting sensitive “Are we adequately protecting would with customer data?” customer data?” company information?” “Are we giving our customers “Are we properly disposing of “Are we in compliance with choices regarding their data?” customer data?” security law & regs?” “Can customers see their data “Does the data have high & request corrections?” integrity?” “Is the data accurate?” “Are we in compliance with privacy law & regs?” 4
SDG&E’s position on privacy• Privacy is a fundamental right of every customer• Energy privacy—privacy around the collection & use of a customer’s usage data—is a relatively new concept that requires extensive awareness & education of risks• SDG&E believes it is a steward of customer information and has an obligation to protect it & our customers’ energy privacy• SDG&E is committed to doing its part to advocate for energy privacy on behalf of its customers & our community• SDG&E desires to work collaboratively with external partners to find ways to advance its customer privacy program
SDG&E View of the Smart Grid• End-to-end transformation of its electric delivery system• Empowers customers• Increases renewable generation• Integrates plug-in electric vehicles (PEVs)• Reduces greenhouse gas (GHG) emissions• Maintain and improving system reliability, operational efficiency, security and customer privacy.
Example Smart Grid Privacy Concerns Energy usage information can reveal preferences & behavior What can be seen now …& perhaps in the future • Makes, models, condition of• Types & quantity of appliances appliances (i.e., refrigerator, A/C) • Whether appliances are• Whether solar panels or operating efficiently electric vehicles are present • Whether refrigerator is full or• Load trends (when customer is empty home & when they’re not) • What is watched on TV •?
How Utilities Can Use FTC “Do Not Track”• Federal Trade Commission supports a “Do Not Track” feature in web browsers that prohibits websites from tracking activities of users with feature enabled. • In theory, utilities could offer a similar feature to customers who wish to minimize the amount of information collected & shared about them Sample Utility Customer Privacy Settings Share it!: “Global opt in.” Customer authorizes utility to share usage data with third parties for any use, including marketing products, research studies, etc. Normal: Default setting. Customer’s privacy is protected. Sharing for secondary purposes requires customer authorization. Minimize: “Do not track.” Collects only enough information to enable bare minimum & mandated services, such as calculating an accurate bill.
Privacy and the Smart Grid• Increase in the granular collection, use and disclosure of personal energy information;• Data linkage of personally identifiable information with detailed energy use;• The creation of a new “library” of personal information, (Quinn, 2009), and a new terminology: “Consumer Energy Usage Data.” Image – Toronto Star – May 12, 2010
Privacy by Design: The 7 Foundational Principles1. Proactive not Reactive: Preventative, not Remedial;2. Privacy as the Default setting;3. Privacy Embedded into Design;4. Full Functionality: Positive-Sum, not Zero-Sum;5. End-to-End Security: Full Lifecycle Protection;6. Visibility and Transparency: Keep it Open;7. Respect for User Privacy: Keep it User-Centric. www.ipc.on.ca/images/Resources/7foundationalprinciples.pdf
“Big Data”• Each day we create 2.5 quintillion bytes of data;• 90% of the data today has been created in the past 2 years;• Big data analysis and data analytics promises new opportunities to gain valuable insights and benefits, (e.g., improving pandemic response, advances in cancer research, etc.);• However, it can also enable expanded surveillance, on a scale previously unimaginable;• This situation cries out for a positive-sum solution – a win-win strategy.
Data Analytics and the Role of Utilities•Utilities can find opportunities to adoptPrivacy by Design when introducing newtechnologies, integrating communicationsand information systems, as well as updatingoperational business processes;•Privacy by Design is essential to smart meterdata analytics, enabling both privacy and theanalysis of meter data – not one, to theexclusion of the other.
7 Foundational Principles of Privacy by Design1. Proactive not Reactive: Preventative, not Remedial;2. Privacy as the Default setting;3. Privacy Embedded into Design;4. Full Functionality: Positive-Sum, not Zero-Sum;5. End-to-End Security: Full Lifecycle Protection;6. Visibility and Transparency: Keep it Open;7. Respect for User Privacy: Keep it User-Centric.
Privacy by Design Principle No.2 No. 2 – Privacy as the Default Setting• We can be certain of one thing — the default rules! Privacy by Design seeks to deliver the maximum degree of privacy by ensuring that personal data are automatically protected in any given IT system or business practice.• If an individual does nothing (takes no action), their privacy still remains intact. No action is required on the part of the individual to protect their privacy — it is built into the system automatically, by default. http://privacybydesign.ca/about/principles
Do Not Track (DNT) Microsoft Internet Explorer 10• June 2012 – Microsoft announced a Do Not Track option would be activated by default in Internet Explorer 10 on Windows 8 as part of its commitment to user privacy;• The Default Rules – research shows that the default condition, requiring no action is the one that prevails;• Microsoft was criticized by some companies, who said that Do Not Track must be a choice made by the user and should not be automatically enabled;• They’re wrong – they already made the choice for their users – the existing default is one of tracking/targeting;• Microsoft responded that users would prefer a browser that automatically respects their privacy and lets them make the choice– they’re right!
Conclusions• Big Data promises new opportunities to gain valuable insights and benefits for the energy sector;• However, Big Data may also enable expanded surveillance, increasing the risk of unauthorized use;• Big Data needs Big Privacy – you can achieve both goals in a doubly-enabling, positive-sum paradigm through Privacy by Design;• Lead with Privacy by Design, featuring control over customer energy usage data – thereby preserving consumer confidence and trust;• Avoid privacy by chance, or worse – Privacy by Disaster!
Privacy by Design and Third Party Access to Customer Energy Use Data• A growing class of third parties wish to gain access to granular and customer-specific energy use data (e.g. app developers, consumer service providers, software vendors, device manufacturers, home security companies, etc.);• Innovation advocates argue that allowing third parties access to customer energy use data (CEUD) will lead to new products and services that will support conservation and unleash new market opportunities (e.g. Green Button, White House “Apps for Energy” contest, MaRS Data Catalyst project);• Privacy by Design can ensure that the choice to securely access and use CEUD remains in the consumer’s control, and that the timely disclosure of CEUD in standardized, machine readable format is protected end-to-end. www.privacybydesign.ca