Building privacy into the smart grid from the beginning is key to its success.
As consumers and citizens, we are leading increasingly digitized lives. Whether we’re purchasing a product, visiting a doctor or keeping up with friends and family on Twitter or Facebook, we’re sending potentially sensitive data over networks, to be stored in far-away databases. Meanwhile, a week doesn’t pass that we don’t hear about the newest phishing scheme, network infiltration or laptop theft.
Consider that 8.1 million people — 3.5% of the U.S. population — were victims of identity theft in 2010, and 7% received a notification that their information was exposed in a data breach, according to an annual survey by Javelin Strategy & Research.
When people are home, the last thing they want to think of is their privacy being invaded.
It’s no wonder that privacy is the topic of the day. With increasing volumes of personal data in electronic form, consumers have never been more vulnerable to their personally identification information and other data getting into the wrong hands.
It’s also no wonder that fears and concerns about privacy have now spread to the smart grid. For years, customers have happily relied on their utility companies, expecting nothing more than energy delivery and a monthly bill that contained two main data points: power usage for the billing period and total amount due. The relationship was hands-off and uncomplicated. The utility was all but invisible to the customer.
Today, with the smart grid and smart meters, electricity distribution is combined with information technology. Data travels back and forth between the customer’s home and the utility, and many more data points concerning energy usage are gathered in hourly intervals. As we all know, this has lots of benefits for customers, utilities and the environment.
However, customers fear that their usage data could reveal behavior patterns that expose them to criminal exploits, third-party marketing spam and other unwanted activity. They also fear losing control over their personally identifiable information, or PII, which is any information that can be used to uniquely identify, contact or locate an individual, including customer name, address and account number.
Customers are not so much concerned about what utilities will do with their data but what would happen if third parties got access and were able to pitch products and other marketing solicitations, not to mention for other nefarious purposes, such as identify theft, fraud, stalking or robbery.
A Natural Concern
It’s easy to understand why the smart grid is a particularly sensitive topic when it comes to privacy. In most industries, there is a lot of data collected and stored, from financial information, to health records, to cell phone usage, and increasingly, this information is online. However, power usage takes place in the home – the last bastion of privacy, in many minds.
The home is customers’ private domain. They are accustomed to plugging in their coffee pot and running their dishwasher without a thought to the outside world. They feel it’s no one else’s business whether they keep exotic fish in a heated aquarium, own 10 computers or enjoy a midnight sauna. When people are home, the last thing they want to think of is their privacy being invaded.
In actuality, the data that’s available through the smart grid today is really not very interesting to anyone other than the person using the energy. After all, it’s much easier for a would-be thief or a private investigator to physically watch you enter and exit your home vs. examining and analyzing your energy usage patterns.
That will change, however, as more smart appliances and electric automobiles enter the scene. The information will become increasingly granular and precise, down to what time and how long you ran a particular appliance. Usage data will become specific enough that someone could conceivably paint a picture of a customer’s activities in their home.
What Utilities Can Do
The fact is, privacy is a concern, and utilities are now joining the ranks of all the companies and industries before them that have had to deal with the issue of privacy.
Industries such as healthcare, finance, telecommunications and retail have all had to undergo transformations to meet the requirements of the Information Age, including developing privacy policies to address their collection and use of PII, as well as who can access it and for what purposes.
So while privacy is a legitimate concern that utilities must deal with, it does not need to be seen as a problem because there are plenty of time-tested solutions out there. There is no reason to reinvent the wheel. First of all, like other trusted institutions, utilities themselves already have strong policies and regulatory oversight, so they are well-prepared to protect customer privacy.
Second, thanks to lots of previous activity, much of the heavy-lifting has been done to establish what businesses need to do in the area of data privacy. So far, 48 states, plus the District of Columbia, have adopted data security statutes and regulations.
Several have adopted laws requiring businesses to assess their data security policies and procedures and to review what type of personal information is in their possession, where the information is located, and how to safeguard this sensitive information. Additionally, a number of states have laws that detail how consumer information is to be destroyed when no longer needed.
In 1973, the US Department of Health, Education and Welfare formulated the Fair Information Practice Principles, which serve as the basis for many privacy laws in the U.S., Canada and Europe. And the US Department of Energy (DOE) also released recommendations that, again, are in line with already established principles. The DOE concurs that energy consumption information should be accorded privacy protections and that the accord of these protections will do much to increase consumer acceptance of Smart Grid. Its recommendations include stipulations that consumers should be able to access their own energy consumption data and decide whether to grant access to third parties.
Privacy: A Core Functionality
Utilities can also learn from the extensive work done by Dr. Ann Cavoukian, who has developed the Privacy by Design methodology. This methodology is based on the concept of engineering privacy directly into the design of new technologies, business processes and networked infrastructure, as a core functionality.
Dr. Cavoukian has applied these principles to the smart grid in seven “best practices” that lay out specific design requirements for minimizing and protecting personal information, while achieving full system functionality.
According to Dr. Cavoukian, operationalizing privacy on the smart grid is not as daunting or costly a task as utilities might think, as long as they approach the issue while the Smart Grid is still in its nascent stage and embed privacy features as a core functionality.
Waiting too long could double or triple the costs versus building privacy into the technology architecture, business processes and network infrastructure from the very beginning. It’s really the difference between treating privacy as a problem that needs to be solved vs. a value-added feature that you can offer to customers.
Customers have every reason to trust the utility that has been providing them with power for a century. What they don’t trust is allowing data that could potentially reveal information about their personal lives escaping into the great unknown. Utilities need to convey to customers what the issues of Smart Grid privacy are and how they are dealing with them. Much of the fear, uncertainty and doubt is based on simply not knowing what the real issues are. And if you’re not educating your customers, someone else is, and you may not like what they’re teaching.
If utilities do not set policies and assure customers of their privacy, the lack of trust will dampen buy-in for the smart grid. Customers need to trust that their granular customer energy usage data will be strongly protected. While privacy has become the number-one concern of utilities around the country when it comes to the Smart Grid, this does not need to be the case. There are basic measures that can dispel the fear, uncertainty and doubt surrounding privacy and the smart grid.
Privacy is an issue of our times, and it’s not going away. By addressing customers’ privacy concerns now, utilities can build a trusted relationship, establishing the strong foundation on which the Smart Grid can grow in the future.
Gary Bloom is the Chief Executive Officer of eMeter, a leader in Smart Grid Management software. Previously, Bloom was the chairman, president, and chief executive officer of VERITAS Software Corporation. Under Mr. Bloom’s leadership, VERITAS revenues grew from approximately $1.2 billion in 2000 to more than $2 billion in 2004. Bloom earned his bachelor’s degree in computer science from California Polytechnic State University where he currently serves on the President’s Cabinet and is the Chairman of the Board of the Cal Poly Foundation.
eMeter provides essential software that enables electric, gas and water utilities to realize the full benefits of smart grid. Leading utilities worldwide depend on eMeter Smart Grid Management software to reduce operational costs, improve customer service and drive energy efficiency. With the most large-scale deployments in the industry and strategic partnerships with Accenture, IBM, Logica and Siemens, eMeter has built a reputation for unparalleled expertise that ensures customer success.