Why and how to be proactive about data privacy (don't ignore this!)



Quick Take:  In the early days of smart metering, we saw several utilities take a top-down approach. "If we impose it, they will put up with it," seemed to be the slogan of the day. Those utilities learned the hard way that they should have proactively invested in customer outreach and education.


There's another problem looming that also demands proactive steps. The energy consumption data collected from smart meters is creating privacy concerns. Utilities that get ahead of the problem - that secure the data and that educate customers - will get the buy-in they need from ratepayers and regulators alike.


Writing in Alcatel Lucent's GridTalk blog, Rebecca Herold puts it this way: "Complacency is not an option. Utilities... need to address privacy issues early, and in an open, objective manner." She goes on to give detailed suggestions based on her role as the Privacy Group Leader for the NIST Smart Grid Interoperability Panel. I've noted a few high points below, but you will want to review the entire article. - By Jesse Berst


New types of data are raising thorny privacy issues. The smart grid's social acceptance depends on utilities securing four sensitive categories:

1.     The privacy of personal information - names, addresses, credit cards, etc.

2.     The privacy of the person - energy usage details, medical or physical issues, etc.

3.     The privacy of personal behavior - when customers are at home, when they are gone, what they are doing while inside, etc.

4.     The privacy of personal communications - some smart appliances already post messages to Facebook and Twitter when certain activities occur.


Consumers are rightfully worried that their data may be shared with marketers or with insurance companies or with government agencies.


Utilities should first identify all the privacy risks. Next, they should establish policies and procedures to safeguard the data. Finally, they should implement security technologies and establish best practices.


Herold believes utilities must clarify their policies, stating whether and when they will share data. For instance, if the utility a subcontracted with third-party, it may want to ensure that the third parties not using the data in ways that violate the utility's policies. It's important to publicize data policies not just with customers, but also within the utility itself so all employees understand the rules.


The U. S. Department of Energy is creating guidelines for future legislation and regulations, following the recommendations set forth in NISTIR 7628: Guidelines for Smart Grid Cyber Security Vol. 2, Privacy and the Smart Grid.


Jesse Berst is the founder and Chief Analyst of SGN and Chairman of the Smart Cities Council, an industry coalition.