SlideShare una empresa de Scribd logo

Enlightened Privacy – by Design for a Smarter Grid

B
bradley_g

A presentation by Commissioner Cavoukian at Distributech on how Privacy by Design can ensure the protection of personal information on the Smart Grid.

Educación
1 de 18
Enlightened Privacy – by Design for a Smarter Grid Caroline Winn, Chief Customer Privacy Officer, San Diego Gas & Electric Dr. Ann Cavoukian Information and Privacy Commissioner Ontario, Canada
What is Privacy? I want to make informed choices Freedom without unwanted influence I want you to I want to know my just let me be personal information is not being used to harm me or those I care about Privacy The Right Peace To be Left Of Mind Alone Privacy is NOT about whether one has “something to hide” 2
Why Privacy? – Perceptions of privacy continue to change • Paradigm-changing technologies like the Internet impacted – It’s the right thing to do privacy in ways we could have scarcely imagined 30 years ago – Regulators require it • Today, Smart Grid technologies like smart meters are – CPUC Decision 11-07-056 – Electricity changing the way we look at energy privacy Usage Data Privacy Decision applies strict rules around how customer privacy is respected and protected ● Prudence demands it – Penalties for failure may be large ● We know customers expect it • “SDG&E understands that the full benefits of Smart Grid cannot be achieved if it does not have the confidence of the users of the system.” (SGDP, pg. 139)
Customer Privacy & Information Security Security Privacy Security “Are we doing what we said we “Are we protecting sensitive “Are we adequately protecting would with customer data?” customer data?” company information?” “Are we giving our customers “Are we properly disposing of “Are we in compliance with choices regarding their data?” customer data?” security law & regs?” “Can customers see their data “Does the data have high & request corrections?” integrity?” “Is the data accurate?” “Are we in compliance with privacy law & regs?” 4
SDG&E’s position on privacy • Privacy is a fundamental right of every customer • Energy privacy—privacy around the collection & use of a customer’s usage data—is a relatively new concept that requires extensive awareness & education of risks • SDG&E believes it is a steward of customer information and has an obligation to protect it & our customers’ energy privacy • SDG&E is committed to doing its part to advocate for energy privacy on behalf of its customers & our community • SDG&E desires to work collaboratively with external partners to find ways to advance its customer privacy program
SDG&E View of the Smart Grid • End-to-end transformation of its electric delivery system • Empowers customers • Increases renewable generation • Integrates plug-in electric vehicles (PEVs) • Reduces greenhouse gas (GHG) emissions • Maintain and improving system reliability, operational efficiency, security and customer privacy.
Example Smart Grid Privacy Concerns Energy usage information can reveal preferences & behavior What can be seen now …& perhaps in the future • Makes, models, condition of • Types & quantity of appliances appliances (i.e., refrigerator, A/C) • Whether appliances are • Whether solar panels or operating efficiently electric vehicles are present • Whether refrigerator is full or • Load trends (when customer is empty home & when they’re not) • What is watched on TV •?
How Utilities Can Use FTC “Do Not Track” • Federal Trade Commission supports a “Do Not Track” feature in web browsers that prohibits websites from tracking activities of users with feature enabled. • In theory, utilities could offer a similar feature to customers who wish to minimize the amount of information collected & shared about them Sample Utility Customer Privacy Settings Share it!: “Global opt in.” Customer authorizes utility to share usage data with third parties for any use, including marketing products, research studies, etc. Normal: Default setting. Customer’s privacy is protected. Sharing for secondary purposes requires customer authorization. Minimize: “Do not track.” Collects only enough information to enable bare minimum & mandated services, such as calculating an accurate bill.
Responding to Smart Grid Privacy Concerns
Privacy and the Smart Grid • Increase in the granular collection, use and disclosure of personal energy information; • Data linkage of personally identifiable information with detailed energy use; • The creation of a new “library” of personal information, (Quinn, 2009), and a new terminology: “Consumer Energy Usage Data.” Image – Toronto Star – May 12, 2010
Privacy by Design: The 7 Foundational Principles 1. Proactive not Reactive: Preventative, not Remedial; 2. Privacy as the Default setting; 3. Privacy Embedded into Design; 4. Full Functionality: Positive-Sum, not Zero-Sum; 5. End-to-End Security: Full Lifecycle Protection; 6. Visibility and Transparency: Keep it Open; 7. Respect for User Privacy: Keep it User-Centric. www.ipc.on.ca/images/Resources/7foundationalprinciples.pdf
“Big Data” • Each day we create 2.5 quintillion bytes of data; • 90% of the data today has been created in the past 2 years; • Big data analysis and data analytics promises new opportunities to gain valuable insights and benefits, (e.g., improving pandemic response, advances in cancer research, etc.); • However, it can also enable expanded surveillance, on a scale previously unimaginable; • This situation cries out for a positive-sum solution – a win-win strategy.
Data Analytics and the Role of Utilities •Utilities can find opportunities to adopt Privacy by Design when introducing new technologies, integrating communications and information systems, as well as updating operational business processes; •Privacy by Design is essential to smart meter data analytics, enabling both privacy and the analysis of meter data – not one, to the exclusion of the other.
7 Foundational Principles of Privacy by Design 1. Proactive not Reactive: Preventative, not Remedial; 2. Privacy as the Default setting; 3. Privacy Embedded into Design; 4. Full Functionality: Positive-Sum, not Zero-Sum; 5. End-to-End Security: Full Lifecycle Protection; 6. Visibility and Transparency: Keep it Open; 7. Respect for User Privacy: Keep it User-Centric.
Privacy by Design Principle No.2 No. 2 – Privacy as the Default Setting • We can be certain of one thing — the default rules! Privacy by Design seeks to deliver the maximum degree of privacy by ensuring that personal data are automatically protected in any given IT system or business practice. • If an individual does nothing (takes no action), their privacy still remains intact. No action is required on the part of the individual to protect their privacy — it is built into the system automatically, by default. http://privacybydesign.ca/about/principles
Do Not Track (DNT) Microsoft Internet Explorer 10 • June 2012 – Microsoft announced a Do Not Track option would be activated by default in Internet Explorer 10 on Windows 8 as part of its commitment to user privacy; • The Default Rules – research shows that the default condition, requiring no action is the one that prevails; • Microsoft was criticized by some companies, who said that Do Not Track must be a choice made by the user and should not be automatically enabled; • They’re wrong – they already made the choice for their users – the existing default is one of tracking/targeting; • Microsoft responded that users would prefer a browser that automatically respects their privacy and lets them make the choice– they’re right!
Conclusions • Big Data promises new opportunities to gain valuable insights and benefits for the energy sector; • However, Big Data may also enable expanded surveillance, increasing the risk of unauthorized use; • Big Data needs Big Privacy – you can achieve both goals in a doubly-enabling, positive-sum paradigm through Privacy by Design; • Lead with Privacy by Design, featuring control over customer energy usage data – thereby preserving consumer confidence and trust; • Avoid privacy by chance, or worse – Privacy by Disaster!
Privacy by Design and Third Party Access to Customer Energy Use Data • A growing class of third parties wish to gain access to granular and customer-specific energy use data (e.g. app developers, consumer service providers, software vendors, device manufacturers, home security companies, etc.); • Innovation advocates argue that allowing third parties access to customer energy use data (CEUD) will lead to new products and services that will support conservation and unleash new market opportunities (e.g. Green Button, White House “Apps for Energy” contest, MaRS Data Catalyst project); • Privacy by Design can ensure that the choice to securely access and use CEUD remains in the consumer’s control, and that the timely disclosure of CEUD in standardized, machine readable format is protected end-to-end. www.privacybydesign.ca

Recomendados

Mobile Solutions and Privacy – Not One at the Expense of the Other
Mobile Solutions and Privacy – Not One at the Expense of the Other Mobile Solutions and Privacy – Not One at the Expense of the Other
Mobile Solutions and Privacy – Not One at the Expense of the Other
bradley_g
 
Avoid Privacy by Disaster by Adopting Privacy by Design
Avoid Privacy by Disaster by Adopting Privacy by DesignAvoid Privacy by Disaster by Adopting Privacy by Design
Avoid Privacy by Disaster by Adopting Privacy by Design
bradley_g
 
Privacy by Design as a system design strategy - EIC 2019
Privacy by Design as a system design strategy - EIC 2019 Privacy by Design as a system design strategy - EIC 2019
Privacy by Design as a system design strategy - EIC 2019
Sagara Gunathunga
 
Privacy by Design - taking in account the state of the art
Privacy by Design - taking in account the state of the artPrivacy by Design - taking in account the state of the art
Privacy by Design - taking in account the state of the art
James Mulhern
 
Privacy by Design and by Default + General Data Protection Regulation with Si...
Privacy by Design and by Default + General Data Protection Regulation with Si...Privacy by Design and by Default + General Data Protection Regulation with Si...
Privacy by Design and by Default + General Data Protection Regulation with Si...
Peter Procházka
 
Privacy by Design: White Papaer
Privacy by Design: White PapaerPrivacy by Design: White Papaer
Privacy by Design: White Papaer
Kristyn Greenwood
 
Privacy and Security by Design
Privacy and Security by DesignPrivacy and Security by Design
Privacy and Security by Design
Unisys Corporation
 
Privacy by design
Privacy by designPrivacy by design
Privacy by design
blogzilla
 

Recomendados

Mobile Solutions and Privacy – Not One at the Expense of the Other
Mobile Solutions and Privacy – Not One at the Expense of the Other Mobile Solutions and Privacy – Not One at the Expense of the Other
Mobile Solutions and Privacy – Not One at the Expense of the Other
bradley_g
 
Avoid Privacy by Disaster by Adopting Privacy by Design
Avoid Privacy by Disaster by Adopting Privacy by DesignAvoid Privacy by Disaster by Adopting Privacy by Design
Avoid Privacy by Disaster by Adopting Privacy by Design
bradley_g
 
Privacy by Design as a system design strategy - EIC 2019
Privacy by Design as a system design strategy - EIC 2019 Privacy by Design as a system design strategy - EIC 2019
Privacy by Design as a system design strategy - EIC 2019
Sagara Gunathunga
 
Privacy by Design - taking in account the state of the art
Privacy by Design - taking in account the state of the artPrivacy by Design - taking in account the state of the art
Privacy by Design - taking in account the state of the art
James Mulhern
 
Privacy by Design and by Default + General Data Protection Regulation with Si...
Privacy by Design and by Default + General Data Protection Regulation with Si...Privacy by Design and by Default + General Data Protection Regulation with Si...
Privacy by Design and by Default + General Data Protection Regulation with Si...
Peter Procházka
 
Privacy by Design: White Papaer
Privacy by Design: White PapaerPrivacy by Design: White Papaer
Privacy by Design: White Papaer
Kristyn Greenwood
 
Privacy and Security by Design
Privacy and Security by DesignPrivacy and Security by Design
Privacy and Security by Design
Unisys Corporation
 
Privacy by design
Privacy by designPrivacy by design
Privacy by design
blogzilla
 
Csa privacy by design & gdpr austin chambers 11-4-17
Csa privacy by design & gdpr austin chambers 11-4-17Csa privacy by design & gdpr austin chambers 11-4-17
Csa privacy by design & gdpr austin chambers 11-4-17
Trish McGinity, CCSK
 
Privacy by design for peerlyst meetup
Privacy by design for peerlyst meetupPrivacy by design for peerlyst meetup
Privacy by design for peerlyst meetup
Ishay Tentser
 
Training privacy by design
Training privacy by designTraining privacy by design
Training privacy by design
Tommy Vandepitte
 
Big data security the perfect storm
Big data security the perfect stormBig data security the perfect storm
Big data security the perfect storm
Ulf Mattsson
 
Privacy by Design Seminar - Jan 22, 2015
Privacy by Design Seminar - Jan 22, 2015Privacy by Design Seminar - Jan 22, 2015
Privacy by Design Seminar - Jan 22, 2015
Dr. Ann Cavoukian
 
GDPR solutions (JS Event 28/2/18) | Greenlight Computers
GDPR solutions (JS Event 28/2/18) | Greenlight Computers GDPR solutions (JS Event 28/2/18) | Greenlight Computers
GDPR solutions (JS Event 28/2/18) | Greenlight Computers
Gary Dodson
 
Big data contains valuable information - Protect It!
Big data contains valuable information - Protect It!Big data contains valuable information - Protect It!
Big data contains valuable information - Protect It!
Praveenkumar Hosangadi
 
Cross border - off-shoring and outsourcing privacy sensitive data
Cross border - off-shoring and outsourcing privacy sensitive dataCross border - off-shoring and outsourcing privacy sensitive data
Cross border - off-shoring and outsourcing privacy sensitive data
Ulf Mattsson
 
Big Data Security and Privacy - Presentation to AFCEA Cyber Symposium 2014
Big Data Security and Privacy - Presentation to AFCEA Cyber Symposium 2014Big Data Security and Privacy - Presentation to AFCEA Cyber Symposium 2014
Big Data Security and Privacy - Presentation to AFCEA Cyber Symposium 2014
kevintsmith
 
Towards Privacy by Design. Key issues to unlock science.
Towards Privacy by Design. Key issues to unlock science.Towards Privacy by Design. Key issues to unlock science.
Towards Privacy by Design. Key issues to unlock science.
Marlon Domingus
 
GDPR FTW, or, How I Learned to Stop Worrying and Love Privacy By Design
GDPR FTW, or, How I Learned to Stop Worrying and Love Privacy By DesignGDPR FTW, or, How I Learned to Stop Worrying and Love Privacy By Design
GDPR FTW, or, How I Learned to Stop Worrying and Love Privacy By Design
John Eckman
 
The REAL Impact of Big Data on Privacy
The REAL Impact of Big Data on PrivacyThe REAL Impact of Big Data on Privacy
The REAL Impact of Big Data on Privacy
Claudiu Popa
 
Privacy by design for startups: legal and technology
Privacy by design for startups: legal and technologyPrivacy by design for startups: legal and technology
Privacy by design for startups: legal and technology
Ishay Tentser
 
Big security for big data
Big security for big dataBig security for big data
Big security for big data
Ari Elias-Bachrach
 
Big Data & Privacy
Big Data & PrivacyBig Data & Privacy
Big Data & Privacy
Abzetdin Adamov
 
How privacy by design can be the key of your success at the time of the digit...
How privacy by design can be the key of your success at the time of the digit...How privacy by design can be the key of your success at the time of the digit...
How privacy by design can be the key of your success at the time of the digit...
Giulio Coraggio
 
Mobile Devices and Internet of Things
Mobile Devices and Internet of ThingsMobile Devices and Internet of Things
Mobile Devices and Internet of Things
Paul Hastings
 
Security bigdata
Security bigdataSecurity bigdata
Security bigdata
Jitendra Chauhan
 
Big data security challenges and recommendations!
Big data security challenges and recommendations!Big data security challenges and recommendations!
Big data security challenges and recommendations!
cisoplatform
 
How to keep out of trouble with GDPR: The case of Facebook, Google and Experian
How to keep out of trouble with GDPR: The case of Facebook, Google and ExperianHow to keep out of trouble with GDPR: The case of Facebook, Google and Experian
How to keep out of trouble with GDPR: The case of Facebook, Google and Experian
PECB
 
Preserving the Privacy of Genetic Information
Preserving the Privacy of Genetic InformationPreserving the Privacy of Genetic Information
Preserving the Privacy of Genetic Information
bradley_g
 
Say Good-Bye to Zero-Sum: Say Hello to Privacy and Marketing, by Design
Say Good-Bye to Zero-Sum: Say Hello to Privacy and Marketing, by DesignSay Good-Bye to Zero-Sum: Say Hello to Privacy and Marketing, by Design
Say Good-Bye to Zero-Sum: Say Hello to Privacy and Marketing, by Design
bradley_g
 

Más contenido relacionado

La actualidad más candente

Big data security the perfect storm
Big data security the perfect stormBig data security the perfect storm
Big data security the perfect storm
Ulf Mattsson
 
Big Data Security and Privacy - Presentation to AFCEA Cyber Symposium 2014
Big Data Security and Privacy - Presentation to AFCEA Cyber Symposium 2014Big Data Security and Privacy - Presentation to AFCEA Cyber Symposium 2014
Big Data Security and Privacy - Presentation to AFCEA Cyber Symposium 2014
kevintsmith
 
GDPR FTW, or, How I Learned to Stop Worrying and Love Privacy By Design
GDPR FTW, or, How I Learned to Stop Worrying and Love Privacy By DesignGDPR FTW, or, How I Learned to Stop Worrying and Love Privacy By Design
GDPR FTW, or, How I Learned to Stop Worrying and Love Privacy By Design
John Eckman
 
Big Data & Privacy
Big Data & PrivacyBig Data & Privacy
Big Data & Privacy
Abzetdin Adamov
 
How to keep out of trouble with GDPR: The case of Facebook, Google and Experian
How to keep out of trouble with GDPR: The case of Facebook, Google and ExperianHow to keep out of trouble with GDPR: The case of Facebook, Google and Experian
How to keep out of trouble with GDPR: The case of Facebook, Google and Experian
PECB
 

La actualidad más candente (20)

Csa privacy by design & gdpr austin chambers 11-4-17
Csa privacy by design & gdpr austin chambers 11-4-17Csa privacy by design & gdpr austin chambers 11-4-17
Csa privacy by design & gdpr austin chambers 11-4-17
 
Privacy by design for peerlyst meetup
Privacy by design for peerlyst meetupPrivacy by design for peerlyst meetup
Privacy by design for peerlyst meetup
 
Training privacy by design
Training privacy by designTraining privacy by design
Training privacy by design
 
Big data security the perfect storm
Big data security the perfect stormBig data security the perfect storm
Big data security the perfect storm
 
Privacy by Design Seminar - Jan 22, 2015
Privacy by Design Seminar - Jan 22, 2015Privacy by Design Seminar - Jan 22, 2015
Privacy by Design Seminar - Jan 22, 2015
 
GDPR solutions (JS Event 28/2/18) | Greenlight Computers
GDPR solutions (JS Event 28/2/18) | Greenlight Computers GDPR solutions (JS Event 28/2/18) | Greenlight Computers
GDPR solutions (JS Event 28/2/18) | Greenlight Computers
 
Big data contains valuable information - Protect It!
Big data contains valuable information - Protect It!Big data contains valuable information - Protect It!
Big data contains valuable information - Protect It!
 
Cross border - off-shoring and outsourcing privacy sensitive data
Cross border - off-shoring and outsourcing privacy sensitive dataCross border - off-shoring and outsourcing privacy sensitive data
Cross border - off-shoring and outsourcing privacy sensitive data
 
Big Data Security and Privacy - Presentation to AFCEA Cyber Symposium 2014
Big Data Security and Privacy - Presentation to AFCEA Cyber Symposium 2014Big Data Security and Privacy - Presentation to AFCEA Cyber Symposium 2014
Big Data Security and Privacy - Presentation to AFCEA Cyber Symposium 2014
 
Towards Privacy by Design. Key issues to unlock science.
Towards Privacy by Design. Key issues to unlock science.Towards Privacy by Design. Key issues to unlock science.
Towards Privacy by Design. Key issues to unlock science.
 
GDPR FTW, or, How I Learned to Stop Worrying and Love Privacy By Design
GDPR FTW, or, How I Learned to Stop Worrying and Love Privacy By DesignGDPR FTW, or, How I Learned to Stop Worrying and Love Privacy By Design
GDPR FTW, or, How I Learned to Stop Worrying and Love Privacy By Design
 
The REAL Impact of Big Data on Privacy
The REAL Impact of Big Data on PrivacyThe REAL Impact of Big Data on Privacy
The REAL Impact of Big Data on Privacy
 
Privacy by design for startups: legal and technology
Privacy by design for startups: legal and technologyPrivacy by design for startups: legal and technology
Privacy by design for startups: legal and technology
 
Big security for big data
Big security for big dataBig security for big data
Big security for big data
 
Big Data & Privacy
Big Data & PrivacyBig Data & Privacy
Big Data & Privacy
 
How privacy by design can be the key of your success at the time of the digit...
How privacy by design can be the key of your success at the time of the digit...How privacy by design can be the key of your success at the time of the digit...
How privacy by design can be the key of your success at the time of the digit...
 
Mobile Devices and Internet of Things
Mobile Devices and Internet of ThingsMobile Devices and Internet of Things
Mobile Devices and Internet of Things
 
Security bigdata
Security bigdataSecurity bigdata
Security bigdata
 
Big data security challenges and recommendations!
Big data security challenges and recommendations!Big data security challenges and recommendations!
Big data security challenges and recommendations!
 
How to keep out of trouble with GDPR: The case of Facebook, Google and Experian
How to keep out of trouble with GDPR: The case of Facebook, Google and ExperianHow to keep out of trouble with GDPR: The case of Facebook, Google and Experian
How to keep out of trouble with GDPR: The case of Facebook, Google and Experian
 

Destacado

Succession “Losers”: What Happens to Executives Passed Over for the CEO Job?
Succession “Losers”: What Happens to Executives Passed Over for the CEO Job? Succession “Losers”: What Happens to Executives Passed Over for the CEO Job?
Succession “Losers”: What Happens to Executives Passed Over for the CEO Job?
Stanford GSB Corporate Governance Research Initiative
 

Destacado (7)

Preserving the Privacy of Genetic Information
Preserving the Privacy of Genetic InformationPreserving the Privacy of Genetic Information
Preserving the Privacy of Genetic Information
 
Say Good-Bye to Zero-Sum: Say Hello to Privacy and Marketing, by Design
Say Good-Bye to Zero-Sum: Say Hello to Privacy and Marketing, by DesignSay Good-Bye to Zero-Sum: Say Hello to Privacy and Marketing, by Design
Say Good-Bye to Zero-Sum: Say Hello to Privacy and Marketing, by Design
 
Market Structure and Types of Market Structure
Market Structure and Types of Market StructureMarket Structure and Types of Market Structure
Market Structure and Types of Market Structure
 
Learn BEM: CSS Naming Convention
Learn BEM: CSS Naming ConventionLearn BEM: CSS Naming Convention
Learn BEM: CSS Naming Convention
 
Lightning Talk #9: How UX and Data Storytelling Can Shape Policy by Mika Aldaba
Lightning Talk #9: How UX and Data Storytelling Can Shape Policy by Mika AldabaLightning Talk #9: How UX and Data Storytelling Can Shape Policy by Mika Aldaba
Lightning Talk #9: How UX and Data Storytelling Can Shape Policy by Mika Aldaba
 
SEO: Getting Personal
SEO: Getting PersonalSEO: Getting Personal
SEO: Getting Personal
 
Succession “Losers”: What Happens to Executives Passed Over for the CEO Job?
Succession “Losers”: What Happens to Executives Passed Over for the CEO Job? Succession “Losers”: What Happens to Executives Passed Over for the CEO Job?
Succession “Losers”: What Happens to Executives Passed Over for the CEO Job?
 

Similar a Enlightened Privacy – by Design for a Smarter Grid

The Accidental Cloud: Privacy and Security Issues in a BYOD World
The Accidental Cloud: Privacy and Security Issues in a BYOD WorldThe Accidental Cloud: Privacy and Security Issues in a BYOD World
The Accidental Cloud: Privacy and Security Issues in a BYOD World
mkeane
 
MISA Cloud Workshop_ ipc privacy in the cloud
MISA Cloud Workshop_ ipc privacy in the cloudMISA Cloud Workshop_ ipc privacy in the cloud
MISA Cloud Workshop_ ipc privacy in the cloud
MISA Ontario Cloud SIG
 
Big Data Expo 2015 - Data Science Innovation Privacy Considerations
Big Data Expo 2015 - Data Science Innovation Privacy ConsiderationsBig Data Expo 2015 - Data Science Innovation Privacy Considerations
Big Data Expo 2015 - Data Science Innovation Privacy Considerations
BigDataExpo
 
Data Privatisation, Data Anonymisation, Data Pseudonymisation and Differentia...
Data Privatisation, Data Anonymisation, Data Pseudonymisation and Differentia...Data Privatisation, Data Anonymisation, Data Pseudonymisation and Differentia...
Data Privatisation, Data Anonymisation, Data Pseudonymisation and Differentia...
Alan McSweeney
 
Dynamic Cyber Defense
Dynamic Cyber DefenseDynamic Cyber Defense
Dynamic Cyber Defense
EnergySec
 

Similar a Enlightened Privacy – by Design for a Smarter Grid (20)

Introduction by ann cavoukian
Introduction by ann cavoukianIntroduction by ann cavoukian
Introduction by ann cavoukian
 
Introduction by ann cavoukian
Introduction by ann cavoukianIntroduction by ann cavoukian
Introduction by ann cavoukian
 
The Accidental Cloud: Privacy and Security Issues in a BYOD World
The Accidental Cloud: Privacy and Security Issues in a BYOD WorldThe Accidental Cloud: Privacy and Security Issues in a BYOD World
The Accidental Cloud: Privacy and Security Issues in a BYOD World
 
Global Data Privacy Regulation
Global Data Privacy RegulationGlobal Data Privacy Regulation
Global Data Privacy Regulation
 
TLabs - deutsche telekom
TLabs - deutsche telekomTLabs - deutsche telekom
TLabs - deutsche telekom
 
Security Management in Cloud Computing by Shivani Gogia - Aravali College of ...
Security Management in Cloud Computing by Shivani Gogia - Aravali College of ...Security Management in Cloud Computing by Shivani Gogia - Aravali College of ...
Security Management in Cloud Computing by Shivani Gogia - Aravali College of ...
 
Why We Require GDPR?
Why We Require GDPR?Why We Require GDPR?
Why We Require GDPR?
 
MISA Cloud Workshop_ ipc privacy in the cloud
MISA Cloud Workshop_ ipc privacy in the cloudMISA Cloud Workshop_ ipc privacy in the cloud
MISA Cloud Workshop_ ipc privacy in the cloud
 
Privacy Policies: Guide to Protecting User Data
Privacy Policies: Guide to Protecting User DataPrivacy Policies: Guide to Protecting User Data
Privacy Policies: Guide to Protecting User Data
 
Internet of Things With Privacy in Mind
Internet of Things With Privacy in MindInternet of Things With Privacy in Mind
Internet of Things With Privacy in Mind
 
Applied data analytics_v1_6.23
Applied data analytics_v1_6.23Applied data analytics_v1_6.23
Applied data analytics_v1_6.23
 
Ethics and Big Data
Ethics and Big Data Ethics and Big Data
Ethics and Big Data
 
Big Data Expo 2015 - Data Science Innovation Privacy Considerations
Big Data Expo 2015 - Data Science Innovation Privacy ConsiderationsBig Data Expo 2015 - Data Science Innovation Privacy Considerations
Big Data Expo 2015 - Data Science Innovation Privacy Considerations
 
Data Privatisation, Data Anonymisation, Data Pseudonymisation and Differentia...
Data Privatisation, Data Anonymisation, Data Pseudonymisation and Differentia...Data Privatisation, Data Anonymisation, Data Pseudonymisation and Differentia...
Data Privatisation, Data Anonymisation, Data Pseudonymisation and Differentia...
 
Sharp Cookie Advisors legal_botar_ai_dataskydd_gdpr
Sharp Cookie Advisors legal_botar_ai_dataskydd_gdprSharp Cookie Advisors legal_botar_ai_dataskydd_gdpr
Sharp Cookie Advisors legal_botar_ai_dataskydd_gdpr
 
Data protection within development
Data protection within developmentData protection within development
Data protection within development
 
GDPR and evolving international privacy regulations
GDPR and evolving international privacy regulationsGDPR and evolving international privacy regulations
GDPR and evolving international privacy regulations
 
Data protection and smart grids
Data protection and smart gridsData protection and smart grids
Data protection and smart grids
 
Dynamic Cyber Defense
Dynamic Cyber DefenseDynamic Cyber Defense
Dynamic Cyber Defense
 
Lock it or Lose It: Why Every Company Should be Concerned About Data Security
Lock it or Lose It: Why Every Company Should be Concerned About Data SecurityLock it or Lose It: Why Every Company Should be Concerned About Data Security
Lock it or Lose It: Why Every Company Should be Concerned About Data Security
 

Último

Salient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functionsSalient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functions
KarakKing
 

Último (20)

Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...
Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...
Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...
 
General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...
 
Google Gemini An AI Revolution in Education.pptx
Google Gemini An AI Revolution in Education.pptxGoogle Gemini An AI Revolution in Education.pptx
Google Gemini An AI Revolution in Education.pptx
 
Micro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdfMicro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdf
 
Sociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning ExhibitSociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning Exhibit
 
Unit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptxUnit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptx
 
This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.
 
Food safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdfFood safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdf
 
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptxHMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
 
Salient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functionsSalient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functions
 
How to setup Pycharm environment for Odoo 17.pptx
How to setup Pycharm environment for Odoo 17.pptxHow to setup Pycharm environment for Odoo 17.pptx
How to setup Pycharm environment for Odoo 17.pptx
 
REMIFENTANIL: An Ultra short acting opioid.pptx
REMIFENTANIL: An Ultra short acting opioid.pptxREMIFENTANIL: An Ultra short acting opioid.pptx
REMIFENTANIL: An Ultra short acting opioid.pptx
 
Understanding Accommodations and Modifications
Understanding Accommodations and ModificationsUnderstanding Accommodations and Modifications
Understanding Accommodations and Modifications
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdf
 
Wellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptxWellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptx
 
Fostering Friendships - Enhancing Social Bonds in the Classroom
Fostering Friendships - Enhancing Social Bonds in the ClassroomFostering Friendships - Enhancing Social Bonds in the Classroom
Fostering Friendships - Enhancing Social Bonds in the Classroom
 
Spatium Project Simulation student brief
Spatium Project Simulation student briefSpatium Project Simulation student brief
Spatium Project Simulation student brief
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdf
 
FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024
 
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
 

Enlightened Privacy – by Design for a Smarter Grid

  • 1. Enlightened Privacy – by Design for a Smarter Grid Caroline Winn, Chief Customer Privacy Officer, San Diego Gas & Electric Dr. Ann Cavoukian Information and Privacy Commissioner Ontario, Canada
  • 2. What is Privacy? I want to make informed choices Freedom without unwanted influence I want you to I want to know my just let me be personal information is not being used to harm me or those I care about Privacy The Right Peace To be Left Of Mind Alone Privacy is NOT about whether one has “something to hide” 2
  • 3. Why Privacy? – Perceptions of privacy continue to change • Paradigm-changing technologies like the Internet impacted – It’s the right thing to do privacy in ways we could have scarcely imagined 30 years ago – Regulators require it • Today, Smart Grid technologies like smart meters are – CPUC Decision 11-07-056 – Electricity changing the way we look at energy privacy Usage Data Privacy Decision applies strict rules around how customer privacy is respected and protected ● Prudence demands it – Penalties for failure may be large ● We know customers expect it • “SDG&E understands that the full benefits of Smart Grid cannot be achieved if it does not have the confidence of the users of the system.” (SGDP, pg. 139)
  • 4. Customer Privacy & Information Security Security Privacy Security “Are we doing what we said we “Are we protecting sensitive “Are we adequately protecting would with customer data?” customer data?” company information?” “Are we giving our customers “Are we properly disposing of “Are we in compliance with choices regarding their data?” customer data?” security law & regs?” “Can customers see their data “Does the data have high & request corrections?” integrity?” “Is the data accurate?” “Are we in compliance with privacy law & regs?” 4
  • 5. SDG&E’s position on privacy • Privacy is a fundamental right of every customer • Energy privacy—privacy around the collection & use of a customer’s usage data—is a relatively new concept that requires extensive awareness & education of risks • SDG&E believes it is a steward of customer information and has an obligation to protect it & our customers’ energy privacy • SDG&E is committed to doing its part to advocate for energy privacy on behalf of its customers & our community • SDG&E desires to work collaboratively with external partners to find ways to advance its customer privacy program
  • 6. SDG&E View of the Smart Grid • End-to-end transformation of its electric delivery system • Empowers customers • Increases renewable generation • Integrates plug-in electric vehicles (PEVs) • Reduces greenhouse gas (GHG) emissions • Maintain and improving system reliability, operational efficiency, security and customer privacy.
  • 7. Example Smart Grid Privacy Concerns Energy usage information can reveal preferences & behavior What can be seen now …& perhaps in the future • Makes, models, condition of • Types & quantity of appliances appliances (i.e., refrigerator, A/C) • Whether appliances are • Whether solar panels or operating efficiently electric vehicles are present • Whether refrigerator is full or • Load trends (when customer is empty home & when they’re not) • What is watched on TV •?
  • 8. How Utilities Can Use FTC “Do Not Track” • Federal Trade Commission supports a “Do Not Track” feature in web browsers that prohibits websites from tracking activities of users with feature enabled. • In theory, utilities could offer a similar feature to customers who wish to minimize the amount of information collected & shared about them Sample Utility Customer Privacy Settings Share it!: “Global opt in.” Customer authorizes utility to share usage data with third parties for any use, including marketing products, research studies, etc. Normal: Default setting. Customer’s privacy is protected. Sharing for secondary purposes requires customer authorization. Minimize: “Do not track.” Collects only enough information to enable bare minimum & mandated services, such as calculating an accurate bill.
  • 9. Responding to Smart Grid Privacy Concerns
  • 10. Privacy and the Smart Grid • Increase in the granular collection, use and disclosure of personal energy information; • Data linkage of personally identifiable information with detailed energy use; • The creation of a new “library” of personal information, (Quinn, 2009), and a new terminology: “Consumer Energy Usage Data.” Image – Toronto Star – May 12, 2010
  • 11. Privacy by Design: The 7 Foundational Principles 1. Proactive not Reactive: Preventative, not Remedial; 2. Privacy as the Default setting; 3. Privacy Embedded into Design; 4. Full Functionality: Positive-Sum, not Zero-Sum; 5. End-to-End Security: Full Lifecycle Protection; 6. Visibility and Transparency: Keep it Open; 7. Respect for User Privacy: Keep it User-Centric. www.ipc.on.ca/images/Resources/7foundationalprinciples.pdf
  • 12. “Big Data” • Each day we create 2.5 quintillion bytes of data; • 90% of the data today has been created in the past 2 years; • Big data analysis and data analytics promises new opportunities to gain valuable insights and benefits, (e.g., improving pandemic response, advances in cancer research, etc.); • However, it can also enable expanded surveillance, on a scale previously unimaginable; • This situation cries out for a positive-sum solution – a win-win strategy.
  • 13. Data Analytics and the Role of Utilities •Utilities can find opportunities to adopt Privacy by Design when introducing new technologies, integrating communications and information systems, as well as updating operational business processes; •Privacy by Design is essential to smart meter data analytics, enabling both privacy and the analysis of meter data – not one, to the exclusion of the other.
  • 14. 7 Foundational Principles of Privacy by Design 1. Proactive not Reactive: Preventative, not Remedial; 2. Privacy as the Default setting; 3. Privacy Embedded into Design; 4. Full Functionality: Positive-Sum, not Zero-Sum; 5. End-to-End Security: Full Lifecycle Protection; 6. Visibility and Transparency: Keep it Open; 7. Respect for User Privacy: Keep it User-Centric.
  • 15. Privacy by Design Principle No.2 No. 2 – Privacy as the Default Setting • We can be certain of one thing — the default rules! Privacy by Design seeks to deliver the maximum degree of privacy by ensuring that personal data are automatically protected in any given IT system or business practice. • If an individual does nothing (takes no action), their privacy still remains intact. No action is required on the part of the individual to protect their privacy — it is built into the system automatically, by default. http://privacybydesign.ca/about/principles
  • 16. Do Not Track (DNT) Microsoft Internet Explorer 10 • June 2012 – Microsoft announced a Do Not Track option would be activated by default in Internet Explorer 10 on Windows 8 as part of its commitment to user privacy; • The Default Rules – research shows that the default condition, requiring no action is the one that prevails; • Microsoft was criticized by some companies, who said that Do Not Track must be a choice made by the user and should not be automatically enabled; • They’re wrong – they already made the choice for their users – the existing default is one of tracking/targeting; • Microsoft responded that users would prefer a browser that automatically respects their privacy and lets them make the choice– they’re right!
  • 17. Conclusions • Big Data promises new opportunities to gain valuable insights and benefits for the energy sector; • However, Big Data may also enable expanded surveillance, increasing the risk of unauthorized use; • Big Data needs Big Privacy – you can achieve both goals in a doubly-enabling, positive-sum paradigm through Privacy by Design; • Lead with Privacy by Design, featuring control over customer energy usage data – thereby preserving consumer confidence and trust; • Avoid privacy by chance, or worse – Privacy by Disaster!
  • 18. Privacy by Design and Third Party Access to Customer Energy Use Data • A growing class of third parties wish to gain access to granular and customer-specific energy use data (e.g. app developers, consumer service providers, software vendors, device manufacturers, home security companies, etc.); • Innovation advocates argue that allowing third parties access to customer energy use data (CEUD) will lead to new products and services that will support conservation and unleash new market opportunities (e.g. Green Button, White House “Apps for Energy” contest, MaRS Data Catalyst project); • Privacy by Design can ensure that the choice to securely access and use CEUD remains in the consumer’s control, and that the timely disclosure of CEUD in standardized, machine readable format is protected end-to-end. www.privacybydesign.ca

Notas del editor

  1. Privacy means many things to many people. Information that one person considers private may be information another person regularly shares on a social networking site. So how do we define it? At its most basic level, privacy is the ability of an individual to seclude themselves—or information about themselves—and thereby reveal what they share selectively. More broadly, privacy is about the freedom to make personal choices without undesirable influence. This is the reason secret ballots are secret. Privacy is the peace of mind that information about us is not being used to harm us or those we care about. In some cases, privacy is simply about the right to be left alone. Privacy is not about whether one has something to hide. Each of us possesses some information that is sensitive and personal to us that we do not want to see fall into the hands of the wrong people at the wrong time.
  2. From SGDP: “Customers will benefit from [Smart Grid technologies] while also having confidence that their privacy is protected.” (pg. 13) Pg. 120. Privacy Considerations Sony breach: http://www.csmonitor.com/Business/2011/0503/Sony-data-breach-could-be-most-expensive-ever
  3. Privacy and the Smart Grid
  4. 7 Foundational Principles SMART GRID PRIVACY – Why privacy matters in Smart Grid, how SG could put privacy at risk if not executed well. E. L. Quinn, “Privacy and the New Energy Infrastructure” (Working Paper Series, 2009) htto://ssrn.com/abstract=1370731 This lead to a series of meetings with utilities in our jurisdiction of Ontario – which (fortunately) fall under our FOI and Privacy laws. We worked closely with 2 of the largest utilities – Hydro One and Toronto Hydro – who felt it was in their best interest to do so – and the best interests of their customers
  5. Big Data Proactive not Reactive; Preventative not Remedial Privacy as the Default Privacy Embedded into Design Full Functionality: Positive-Sum, not Zero-Sum End-to-End Lifecycle Protection Visibility and Transparency Respect for User Privacy
  6. Data Analytics and Role of Utilities HOW PRIVACY IS CHANGING – New uses for personal information, personal information is used in recent political campaigns, changes to laws on collection of information (Federal , California), calls for central “energy data center” in CA. The Virtuous Cycle of Big Data The virtuous cycle that may emerge: Systems that are respectful of personal information, with privacy assured from the outset, will increase user confidence and trust; This will increase users' engagement, driving more “voluntary” and “accurate” data into the system; More data will yield greater benefits for all stakeholders including users, without trading away their privacy – a positive-sum outcome!
  7. 7 Foundational Principles UTILITY ROLE – Why utilities are the best advocates for customer energy privacy.
  8. Privacy by Design Principle #2
  9. Do Not Track – Internet Explorer 10 Caroline Winn’s reference to FTC – Do Not Track
  10. Conclusions
  11. Announcing New IPC Paper – PbD and Third Party Access to CEUD
  12. In partnership with the Information and Privacy Commissioner, Ontario, Canada, and the Future of Privacy Forum, with foreword by Caroline Winn, VP & CPO, SDG&E.