Privacy & The Smart Grid (Susanlyon Chtlj01292010)

871 views

Published on

Presentation on Privacy and the Smart Grid presented Jan. 2010 for Santa Clara University Computer and High Technology Law Journal Clean Technology Symposium

  • Be the first to comment

Privacy & The Smart Grid (Susanlyon Chtlj01292010)

  1. 1. The Smart Grid: How Smart is Too Smart? Emerging Privacy Issues Susan L. Lyon CHTLJ Symposium January 2010
  2. 2. Privacy Concerns
  3. 3. <ul><li>Privacy Concerns </li></ul><ul><li>Privacy Laws </li></ul>How Smart is the Smart Grid?
  4. 4. <ul><li>Limited flow of information </li></ul><ul><li>Billing information </li></ul><ul><li>Monthly energy usage </li></ul><ul><li>Payment information </li></ul><ul><li>Name, address </li></ul>Current
  5. 5. Smart Grid <ul><li>Electric grid + digital communication </li></ul><ul><li>Decentralized </li></ul><ul><li>Collaborative </li></ul><ul><li>Much, Much More Data </li></ul>
  6. 7. What can Smart Grid know about you?
  7. 8. How Secure is Smart Grid? <ul><li>Cyber-Attacks </li></ul><ul><li>Wireless transmission </li></ul><ul><li>More information </li></ul><ul><ul><li>ID Theft </li></ul></ul><ul><ul><li>Targeted Home Invasions </li></ul></ul>
  8. 9. Who is involved? <ul><li>Government </li></ul><ul><li>Academic Institutions </li></ul><ul><li>Alliances & Coalitions </li></ul>
  9. 10. Current Privacy Laws
  10. 11. 4 th Amendment <ul><li>Right to be secure in homes against unreasonable searches and seizures </li></ul><ul><li>Business Records – Not protected v. Home Records – </li></ul><ul><li>Protected </li></ul>
  11. 12. FTC Section 5 <ul><li>Deceptive Acts </li></ul><ul><li>Fairness </li></ul><ul><ul><li>Staff Guidance - Fair Information Privacy Principles </li></ul></ul>
  12. 13. Texas PUC Regs <ul><ul><li>Tex. PUC Regs. § 25.472(b). </li></ul></ul><ul><ul><li>Bars retail electric providers from releasing “proprietary customer information…to any other person, including an affiliate…without obtaining the customer’s or applicant’s verifiable authorization </li></ul></ul>
  13. 14. Pennsylvania PUC Regs <ul><ul><li>Pennsylvania - 52 Pa. Code § 54.8. </li></ul></ul><ul><ul><li>Prohibits electric distribution companies from releasing “private customer information to a third party unless the customer has been notified of the intent and has been given a convenient method of notifying the entity of the customer's desire to restrict the release of the private information.” </li></ul></ul>
  14. 15. <ul><li>FERC – Federal Energy Regulatory Commission </li></ul><ul><li>NERC (North American Electric Reliability Corporation) </li></ul><ul><li>State laws </li></ul>Security Regulations
  15. 16. Developing Privacy Laws
  16. 17. Smart Grid Legislation <ul><li>Energy Independence & Security Act of 2007 </li></ul><ul><ul><li>NIST to develop &quot;protocols and model standards for information management to achieve interoperability of Smart Grid devices and systems. . . .” </li></ul></ul><ul><li>American Recovery & Reinvestment Act </li></ul><ul><ul><li>$11 billion - Smart Grid </li></ul></ul>
  17. 18. FCC Regulations? <ul><li>Two-Way Communications </li></ul><ul><li>Wireless </li></ul><ul><li>Privacy Comments Sought </li></ul>
  18. 19. Colorado PUC Regs? <ul><li>Comments Sought </li></ul><ul><li>Collection & analysis of usage information & policies governing access & use </li></ul><ul><li>Trade-offs between privacy & innovation </li></ul><ul><li>Protection of usage information </li></ul><ul><li>Impact of Constitutional or statutory protections on use of information </li></ul><ul><li>Components of effective privacy regulation of usage patterns. </li></ul><ul><li>Amount of information needed by utilities to manage systems </li></ul><ul><li>Effect of privacy regulations on utilities & “edge service providers” </li></ul><ul><li>Ownership of personal information </li></ul><ul><li>Utility’s obligation to “unbundle” metering in homes and businesses </li></ul>
  19. 20. Draft NIST Standards <ul><li>Smart Grid Cyber Security Strategy and Requirements </li></ul><ul><li>Management and Accountability: </li></ul><ul><li>Notice and Purpose </li></ul><ul><li>Choice and Consent </li></ul><ul><li>Collection and Scope </li></ul><ul><li>Use and Retention </li></ul><ul><li>Individual Access </li></ul><ul><li>Disclosure and Limiting Use </li></ul><ul><li>Security and Safeguards </li></ul><ul><li>Accuracy and Quality </li></ul><ul><li>Openness, Monitoring and Challenging Compliance </li></ul>
  20. 21. Questions? <ul><li>[email_address] </li></ul><ul><li>digestiblelaw.com Twitter: @susanlyon @ </li></ul><ul><li>Facebook: Perkins Coie Privacy& Security </li></ul>

×