True data privacy is no accident

Utilities must take proactive approach to data protection

Privacy and data security were two of the biggest buzzwords at this year's DistribuTECH conference.

Privacy and data security were two of the biggest buzzwords at this year's DistribuTECH conference.

With many utilities moving past the beginning stages of AMI deployment, they are realizing the process goes far beyond simply installing new meters and communication systems. True AMI goes much deeper than simply getting an energy use reading and billing.  Realizing the true potential of smart grid takes data management, and both utilities and vendors are working to scale these new challenges. But with more than 2.5 quintillion bytes of data created every day, it's a daunting challenge, to say the least.

The primary goal of better privacy is adequately protecting information, along with building customer trust and confidence through transparency and true data privacy standards. Trust fosters engagement -- something utilities desperately need from their customer base. Another large part of privacy is giving customers peace of mind.

"Some customers just want to know that the information you're collecting about them is not going to fall into the wrong people's hands," said Caroline Winn, vice president of customer service and chief customer privacy officer at SDG&E in a presentation at DistribuTECH about the importance of shaping policies to protect data security and privacy.

Privacy isn't an accident

One of the biggest champions of privacy is Dr. Ann Cavoukian, Ph.D., the founder of "Privacy by Design", an initiative of the Ontario Information & Privacy Commission. It's the notion that utility systems should be built deliberately around privacy, incorporating it from square one.

Realizing the true potential of smart grid takes data management, and both utilities and vendors are working to scale these new challenges.

Speaking at DistribuTECH, Cavoukian said traditional regulation is reactive, and not adequate protection in today's high-paced, technical world. Successfully addressing privacy breaches before they happen means being aware of all possible privacy problems in advance -- a nearly impossible task.

"In this world of ubiquitous computing, online connectivity, everything going wireless, mobile devices everywhere, data just flowing, there isn't a hope in hell that I'm going to know even a fraction of the infractions, let alone be able to regulate it," she said. "What's the point of being smart about everything and not embedding it into our systems?"

She outlined the seven underlying principles of Privacy By Design, which include:

  • Prevent harm by acting proactively
  • Develop privacy into systems by default
  • Embed privacy into the design
  • Make it "win-win," and eliminate trade-offs
  • Deploy end-to-end security and full lifestyle protection
  • Maintain visibility and transparency of privacy systems
  • Respect user privacy at all times

Utilities take lead on privacy

With no national standard on energy use data privacy, it will be up to individual utilities to take charge. As is the case with many green energy programs, California utilities are at the front lines of this initiative. In July 2011, the California Public Utilities Commission adopted consumer privacy protection rules.

At the time, CPUC President Michael Peevey said that, "The rules and policies we've adopted are the first such in the nation and should serve as a national model."

San Diego Gas & Electric (SDG&E) and the Sacramento Municipal Utility District (SMUD) are two (but certainly not the only) utilities that have made customer and grid security a priority. The bottom line is that they don't have a choice.

"If we do [cyber security] really poorly, we may never recover," said Paul Lau, assistant general manager of power supply and grid operations at SMUD, a utility that falls outside of CPUC jurisdiction.

It's certainly true that, when done right, customers are willing to entrust utilities with their information. It's all about trust, which is why it's often secondary and tertiary users of data that put customers on edge.

"Within the company, if you have that basis of trust, customers are very forthcoming and happy to work with you in ways that will be beneficial to both organization and consumer," Cavoukian said.

With privacy policies established, utilities can offer customers a host of valuable products. SDG&E is beginning to scratch the surface of these, and has begun offering customers new ways to view energy use and save money. Current trends include budget notifications throughout the month, and new online displays and data visualization tools, time-of-use rates and demand response opportunities.