The document discusses the importance of protecting personal privacy in the development of smart grid technologies through an approach called "Privacy by Design". It advocates embedding privacy protections from the start of new projects rather than as an afterthought. Specifically, it argues that energy consumers should control information about their own energy usage even if not legally required to build confidence in smart grid systems.
Using Energy Data's Power While Protecting Privacy
1. Using the Power of
Non-Identifying Energy Data
Ann Cavoukian, Ph.D.
Information and Privacy Commissioner
Ontario
Future of Energy Summit
June 8, 2012
2. Using the Power of Data
Big Data ………Yes
Energy Data …...Yes
Personal Data – No!
3. Personal Privacy
Must Remain Paramount
“The smart grid is certainly a good
idea, which I strongly support. But the
focus has been so singularly on
controlling energy use that I think the
privacy issue is a sleeper – it is not
top-of-mind.”
— Commissioner Cavoukian
“We’ve taken the advice of the privacy
commissioner upfront before the smart
grid is even put in place.”
— Brad Duguid,
Ontario Minister of Energy and Infrastructure
Toronto Star, May 12, 2010
http://tinyurl.com/24dzn9j
4. “Assets Beyond the Meter –
Who Should Own Them?”
“There are sound reasons why energy consumers should
remain in control of the energy consumption information
they produce, even if there isn’t a law that requires this.
The underlying rationale is that consumer confidence and
trust in the Smart Grid, and in one’s local electricity
distributors, is vital in achieving the vision of a more
energy efficient electrical grid.”
— Commissioner Cavoukian,
Electric Light & Power Magazine
www.elp.com
5. Why Utilities Should Be Concerned
• Little consumer confidence and trust, one example:
• Residents of Marin County, California, created a road
blockade to prevent PG&E trucks from going into their
town to install smart meters;
• Residents were worried about their privacy, saying:
“I don't want to be watched all the time;”
• 79% knew little or nothing about the smart grid;
• 76% didn’t know anything about smart meters;
(Market Strategies International Study, 2010);
• As a result, consumers are wary, and at times, hostile.
7. Adoption of “Privacy by Design”
as an International Standard
Landmark Resolution Passed to Preserve
the Future of Privacy
By Anna Ohlden – October 29th 2010 - http://www.science20.com/newswire/landmark_resolution_passed_preserve_future_privacy
JERUSALEM, October 29, 2010 – A landmark Resolution by
Ontario's Information and Privacy Commissioner, Dr. Ann Cavoukian,
was unanimously passed by International Data Protection and Privacy
Commissioners in Jerusalem today at their annual conference.
The resolution ensures that privacy is embedded into new technologies
and business practices, right from the outset – as an essential
component of fundamental privacy protection.
Full Article:
http://www.science20.com/newswire/landmark_resolution_passed_preserve_future_privacy
8. Privacy by Design:
The 7 Foundational Principles
1. Proactive not Reactive:
Preventative, not Remedial;
3. Privacy as the Default setting;
5. Privacy Embedded into Design;
7. Full Functionality:
Positive-Sum, not Zero-Sum;
9. End-to-End Security:
Full Lifecycle Protection;
11. Visibility and Transparency:
Keep it Open;
13. Respect for User Privacy:
Keep it User-Centric.
www.ipc.on.ca/images/Resources/7foundationalprinciples.pdf
10. Consumer Energy Usage Data = PII
• U.S. Department of Energy identified the issue of third party
access to consumer-specific energy-usage data (CEUD) as…
“perhaps the most critical question in the context of Smart Grid
technologies” … “consumers should have rights to protect the
privacy of their own CEUD and control access to it;”
• California Public Utility Commission issued a decision
adopting rules to protect the privacy and security of customer
electricity usage data, commending Privacy by Design:
“The Privacy by Design methodology offers a promising
approach to ensuring that data practices promote privacy,
not just in the FIP of data minimization, but in all aspects of
privacy planning.”
11. Consumer Energy Usage Data (Cont’d)
• North American Energy Standards Board
(NAESB) issued Business Practices for Third Party
Access to Smart Meter-based Information. This
guidance adopts Fair Information Practices, requiring
informed consent, transparency, and accountability;
• My office is collaborating with NIST, the National
Institute of Standards and Technology as part of its
Cyber Security Working Group where Privacy by
Design was cited in their Guidelines for Smart Grid
Cyber Security: V. 2, Privacy and the Smart Grid.
12. “Big Data”
• Each day we create 2.5 quintillion bytes of data
– 90% of the data today has been created in the
past 2 years;
• Big data analysis and data analytics promises new
opportunities to gain valuable insights and benefits,
(e.g., improving pandemic response, advances in
cancer research, etc.);
• However, it can also enable expanded surveillance,
on a scale previously unimaginable;
• This situation cries out for a positive-sum solution,
win-win strategy.
13. Announcing:
“Privacy by Design in the Age of Big Data”
• The Big Difference with
Big Data;
• “Sensemaking” Systems;
• Privacy by Design in the
Age of Big Data;
• The Creation of a Big Data
Sensemaking System
through PbD.
www.privacybydesign.ca
14. Conclusions
• Lead with Privacy by Design, featuring control over
customer energy usage data – maintaining consumer
confidence and trust will be essential;
• Make sure that privacy is strongly addressed – right
from the outset – make it a priority by embedding it into
technology and business practices;
• Enable both the Smart Grid and Privacy to grow in tandem
– not one at the expense of the other – prevent the data
breach … enable the service;
• If you don’t lead with Privacy, by Design, you may end up
with privacy by chance – or worse, Privacy by Disaster!
15. How to Contact Us
Ann Cavoukian, Ph.D.
Information & Privacy Commissioner of Ontario
2 Bloor Street East, Suite 1400
Toronto, Ontario, Canada
M4W 1A8
Phone: (416) 326-3948 / 1-800-387-0073
Web: www.ipc.on.ca
E-mail: info@ipc.on.ca
For more information on Privacy by Design, please
visit: www.privacybydesign.ca
Notas del editor
Using the Power of Big Data
Toronto Star Smart Grid Article
Assets Beyond the Meter E. L. Quinn, “ Privacy and the New Energy Infrastructure ” (Working Paper Series, 2009) htto://ssrn.com/abstract=1370731 This lead to a series of meetings with utilities in our jurisdiction of Ontario – which (fortunately) fall under our FOI and Privacy laws. We worked closely with 2 of the largest utilities – Hydro One and Toronto Hydro – who felt it was in their best interest to do so – and the best interests of their customers Increase in the granular collection, use and disclosure of personal energy information; Data linkage of personally identifiable information with detailed energy use; The creation of an entirely new “ library ” of personal information. (Elias Quinn, 2009)
Why Utilities Should Be Concerned This article is forthcoming – estimated to be published in September/October.
Privacy by Design However, it was also found that after having the technologies explained to them : 75% of people felt that the smart grid, complete with smart meters, should be a priority over the next 1-5 years; and 67% support their utility company in installing the technologies. Distributech – monetization of their data flows
Jerusalem Landmark Resolution I first developed the concept of Privacy by Design in the ’ 90s, as a response to the growing threats to online privacy that were beginning to emerge; Privacy by Design seeks to build in privacy – up front, right into the design specifications; into the architecture; embedding privacy into the very technology used – bake it in ; Data minimization is key : minimize the routine collection and use of personally identifiable information – use encrypted or coded information, whenever possible; Use privacy-enhancing technologies (PETs) where possible, but make it PETs Plus , invoking a positive-sum paradigm, and giving people maximum control over their own data.
7 Foundational Principles Translated into 25 languages!
IPC Joint Smart Grid Papers Proactive not Reactive; Preventative not Remedial Privacy as the Default Privacy Embedded into Design Full Functionality: Positive-Sum, not Zero-Sum End-to-End Lifecycle Protection Visibility and Transparency Respect for User Privacy
CEUD
CEUD (Cont ’ d) The U.S. Department of Energy (DOE) has been involved in a number of Smart Grid activities, including among other things: Publishing reports on Data Access and Privacy Issues Related to Smart Grid Technologies and Communications Requirements of Smart Grid Technologies. Leading the Federal Smart Grid Task Force, which ensures awareness, coordination, and integration of the diverse activities of the federal government related to smarter grid technologies, practices, and services. Establishing the Smart Grid Information Clearinghouse (developed and maintained by Virginia Tech Advanced Research Institute) to provide information on Smart Grid pilot projects, use cases, standards, legislation, policy and regulation, lessons learned and best practices, and topics research and development topics. Supporting the development of the Smart Grid Maturity Model: a management tool that organizations can use to appraise, guide, and improve their Smart Grid transformation.
Big Data
IPC Paper – PbD and Big Data The Virtuous Cycle of Big Data The virtuous cycle that may emerge: Systems that are respectful of personal information, with privacy assured from the outset, will increase user confidence and trust; This will increase users' engagement, driving more “ voluntary ” and “ accurate ” data into the system; More data will yield greater benefits for all stakeholders including users, without trading away their privacy – a positive-sum outcome!