Enlightened Privacy – by Design for a Smarter Grid
1. Enlightened Privacy – by Design
for a Smarter Grid
Caroline Winn, Chief Customer Privacy
Officer, San Diego Gas & Electric
Dr. Ann Cavoukian
Information and Privacy Commissioner
Ontario, Canada
2. What is Privacy?
I want to make
informed choices Freedom
without unwanted
influence
I want you to
I want to know my just let me be
personal information is
not being used to harm
me or those I care about
Privacy
The Right
Peace
To be Left
Of Mind
Alone
Privacy is NOT about whether one has “something to hide”
2
3. Why Privacy?
– Perceptions of privacy continue to change
• Paradigm-changing technologies like the Internet impacted
– It’s the right thing to do
privacy in ways we could have scarcely imagined 30 years
ago
– Regulators require it
• Today, Smart Grid technologies like smart meters are – CPUC Decision 11-07-056 – Electricity
changing the way we look at energy privacy
Usage Data Privacy Decision applies
strict rules around how customer
privacy is respected and protected
●
Prudence demands it
– Penalties for failure may be
large
●
We know customers expect it
• “SDG&E understands that the full
benefits of Smart Grid cannot be
achieved if it does not have the
confidence of the users of the
system.” (SGDP, pg. 139)
4. Customer Privacy &
Information Security
Security
Privacy Security
“Are we doing what we said we “Are we protecting sensitive “Are we adequately protecting
would with customer data?” customer data?” company information?”
“Are we giving our customers “Are we properly disposing of “Are we in compliance with
choices regarding their data?” customer data?” security law & regs?”
“Can customers see their data “Does the data have high
& request corrections?” integrity?”
“Is the data accurate?” “Are we in compliance with
privacy law & regs?”
4
5. SDG&E’s position on privacy
• Privacy is a fundamental right of every customer
• Energy privacy—privacy around the collection & use of a
customer’s usage data—is a relatively new concept that requires
extensive awareness & education of risks
• SDG&E believes it is a steward of customer information and has an
obligation to protect it & our customers’ energy privacy
• SDG&E is committed to doing its part to advocate for energy
privacy on behalf of its customers & our community
• SDG&E desires to work collaboratively with external partners to
find ways to advance its customer privacy program
6. SDG&E View of the Smart Grid
• End-to-end transformation of its electric delivery system
• Empowers customers
• Increases renewable generation
• Integrates plug-in electric vehicles (PEVs)
• Reduces greenhouse gas (GHG) emissions
• Maintain and improving system reliability, operational efficiency, security and
customer privacy.
7. Example Smart Grid Privacy Concerns
Energy usage information can reveal preferences & behavior
What can be seen now …& perhaps in the future
• Makes, models, condition of
• Types & quantity of appliances appliances
(i.e., refrigerator, A/C) • Whether appliances are
• Whether solar panels or operating efficiently
electric vehicles are present • Whether refrigerator is full or
• Load trends (when customer is empty
home & when they’re not) • What is watched on TV
•?
8. How Utilities Can Use FTC “Do Not Track”
• Federal Trade Commission supports a “Do Not Track” feature in web browsers that prohibits
websites from tracking activities of users with feature enabled.
• In theory, utilities could offer a similar feature to customers who wish
to minimize the amount of information collected & shared about them
Sample Utility Customer Privacy Settings
Share it!: “Global opt in.” Customer authorizes utility to
share usage data with third parties for any use, including
marketing products, research studies, etc.
Normal: Default setting. Customer’s privacy is protected.
Sharing for secondary purposes requires customer
authorization.
Minimize: “Do not track.” Collects only enough
information to enable bare minimum & mandated
services, such as calculating an accurate bill.
10. Privacy and the Smart Grid
• Increase in the granular collection,
use and disclosure of personal
energy information;
• Data linkage of personally
identifiable information with detailed
energy use;
• The creation of a new “library”
of personal information, (Quinn, 2009),
and a new terminology:
“Consumer Energy Usage Data.”
Image – Toronto Star – May 12, 2010
11. Privacy by Design:
The 7 Foundational Principles
1. Proactive not Reactive:
Preventative, not Remedial;
2. Privacy as the Default setting;
3. Privacy Embedded into Design;
4. Full Functionality:
Positive-Sum, not Zero-Sum;
5. End-to-End Security:
Full Lifecycle Protection;
6. Visibility and Transparency:
Keep it Open;
7. Respect for User Privacy:
Keep it User-Centric.
www.ipc.on.ca/images/Resources/7foundationalprinciples.pdf
12. “Big Data”
• Each day we create 2.5 quintillion bytes of data;
• 90% of the data today has been created in the
past 2 years;
• Big data analysis and data analytics promises
new opportunities to gain valuable insights and
benefits, (e.g., improving pandemic response,
advances in cancer research, etc.);
• However, it can also enable expanded surveillance,
on a scale previously unimaginable;
• This situation cries out for a positive-sum
solution – a win-win strategy.
13. Data Analytics and the Role
of Utilities
•Utilities can find opportunities to adopt
Privacy by Design when introducing new
technologies, integrating communications
and information systems, as well as updating
operational business processes;
•Privacy by Design is essential to smart meter
data analytics, enabling both privacy and the
analysis of meter data – not one, to the
exclusion of the other.
14. 7 Foundational Principles
of Privacy by Design
1. Proactive not Reactive: Preventative, not Remedial;
2. Privacy as the Default setting;
3. Privacy Embedded into Design;
4. Full Functionality: Positive-Sum, not Zero-Sum;
5. End-to-End Security: Full Lifecycle Protection;
6. Visibility and Transparency: Keep it Open;
7. Respect for User Privacy: Keep it User-Centric.
15. Privacy by Design Principle No.2
No. 2 – Privacy as the Default Setting
• We can be certain of one thing — the default rules!
Privacy by Design seeks to deliver the maximum
degree of privacy by ensuring that personal data are
automatically protected in any given IT system or
business practice.
• If an individual does nothing (takes no action), their
privacy still remains intact. No action is required on
the part of the individual to protect their privacy — it
is built into the system automatically, by default.
http://privacybydesign.ca/about/principles
16. Do Not Track (DNT)
Microsoft Internet Explorer 10
• June 2012 – Microsoft announced a Do Not Track option would be
activated by default in Internet Explorer 10 on Windows 8 as part of
its commitment to user privacy;
• The Default Rules – research shows that the default condition,
requiring no action is the one that prevails;
• Microsoft was criticized by some companies, who said that Do Not
Track must be a choice made by the user and should not be
automatically enabled;
• They’re wrong – they already made the choice for their users – the
existing default is one of tracking/targeting;
• Microsoft responded that users would prefer a browser that
automatically respects their privacy and lets them make the choice–
they’re right!
17. Conclusions
• Big Data promises new opportunities to gain valuable
insights and benefits for the energy sector;
• However, Big Data may also enable expanded
surveillance, increasing the risk of unauthorized use;
• Big Data needs Big Privacy – you can achieve both
goals in a doubly-enabling, positive-sum paradigm
through Privacy by Design;
• Lead with Privacy by Design, featuring control over
customer energy usage data – thereby preserving
consumer confidence and trust;
• Avoid privacy by chance, or worse – Privacy by Disaster!
18. Privacy by Design and Third Party Access
to Customer Energy Use Data
• A growing class of third parties wish to gain
access to granular and customer-specific
energy use data (e.g. app developers,
consumer service providers, software
vendors, device manufacturers, home
security companies, etc.);
• Innovation advocates argue that allowing
third parties access to customer energy use
data (CEUD) will lead to new products and
services that will support conservation and
unleash new market opportunities (e.g.
Green Button, White House “Apps for
Energy” contest, MaRS Data Catalyst
project);
• Privacy by Design can ensure that the choice
to securely access and use CEUD remains in
the consumer’s control, and that the timely
disclosure of CEUD in standardized, machine
readable format is protected end-to-end.
www.privacybydesign.ca
Notas del editor
Privacy means many things to many people. Information that one person considers private may be information another person regularly shares on a social networking site. So how do we define it? At its most basic level, privacy is the ability of an individual to seclude themselves—or information about themselves—and thereby reveal what they share selectively. More broadly, privacy is about the freedom to make personal choices without undesirable influence. This is the reason secret ballots are secret. Privacy is the peace of mind that information about us is not being used to harm us or those we care about. In some cases, privacy is simply about the right to be left alone. Privacy is not about whether one has something to hide. Each of us possesses some information that is sensitive and personal to us that we do not want to see fall into the hands of the wrong people at the wrong time.
From SGDP: “Customers will benefit from [Smart Grid technologies] while also having confidence that their privacy is protected.” (pg. 13) Pg. 120. Privacy Considerations Sony breach: http://www.csmonitor.com/Business/2011/0503/Sony-data-breach-could-be-most-expensive-ever
Privacy and the Smart Grid
7 Foundational Principles SMART GRID PRIVACY – Why privacy matters in Smart Grid, how SG could put privacy at risk if not executed well. E. L. Quinn, “Privacy and the New Energy Infrastructure” (Working Paper Series, 2009) htto://ssrn.com/abstract=1370731 This lead to a series of meetings with utilities in our jurisdiction of Ontario – which (fortunately) fall under our FOI and Privacy laws. We worked closely with 2 of the largest utilities – Hydro One and Toronto Hydro – who felt it was in their best interest to do so – and the best interests of their customers
Big Data Proactive not Reactive; Preventative not Remedial Privacy as the Default Privacy Embedded into Design Full Functionality: Positive-Sum, not Zero-Sum End-to-End Lifecycle Protection Visibility and Transparency Respect for User Privacy
Data Analytics and Role of Utilities HOW PRIVACY IS CHANGING – New uses for personal information, personal information is used in recent political campaigns, changes to laws on collection of information (Federal , California), calls for central “energy data center” in CA. The Virtuous Cycle of Big Data The virtuous cycle that may emerge: Systems that are respectful of personal information, with privacy assured from the outset, will increase user confidence and trust; This will increase users' engagement, driving more “voluntary” and “accurate” data into the system; More data will yield greater benefits for all stakeholders including users, without trading away their privacy – a positive-sum outcome!
7 Foundational Principles UTILITY ROLE – Why utilities are the best advocates for customer energy privacy.
Privacy by Design Principle #2
Do Not Track – Internet Explorer 10 Caroline Winn’s reference to FTC – Do Not Track
Conclusions
Announcing New IPC Paper – PbD and Third Party Access to CEUD
In partnership with the Information and Privacy Commissioner, Ontario, Canada, and the Future of Privacy Forum, with foreword by Caroline Winn, VP & CPO, SDG&E.