Ontario Information and Privacy Commissioner Ann Cavoukian along with Hydro One, GE, IBM and Telvent released a report that shows utilities how to embed privacy into the emerging smart grid.
“Operationalizing Privacy by Design: The Ontario Smart Grid Case Study,” which is based on a smart grid project in Owen Sound, Ontario, Canada, is the first to demonstrate how Privacy by Design principles may be operationalized as a foundational requirement in emerging smart grid systems.
“Smart Grid technologies have the potential to collect extremely detailed information about energy consumption in the home, which can lead to the unwelcome profiling of individuals,” Cavoukian told a crowd in San Diegoat DistribuTECH, the utility industry’s leading smart grid conference and exposition. “The time to build privacy into the systems involved is now, while the smart grid is still in its infancy.”
The approach outlined in the report sets the standard for utilities and vendors around the world as they build consumer confidence into the smart grid by, among other things, protecting personal information that may be collected or used through smart grid technologies.
It clarifies three domains of the smart grid:
1.) The grid domain, which relates to systems and processes to manage the power network;
2.) The customer domain, which incorporates all the devices in the consumer’s home or business; and
3.) The services domain, which includes customer service functions such as billing and demand management programs.
The report shows how personal information can be limited to the domains where it is relevant and outlines examples of specific design requirements for minimizing and protecting personal information while achieving full-system functionality: positive sum, not zero sum.
The report is the third in a suite of papers on protecting privacy in the smart grid developed by Ontario’s Privacy Commissioner in collaboration with key industry and technology leaders.
Privacy by Design is an approach developed by Cavoukian and widely adopted globally by a growing number of organizations and jurisdictions. It prescribes that privacy be embedded directly into the design and operation of various technologies, business processes and networked infrastructure. Instead of treating privacy as an afterthought, bolting it on after the fact, Privacy by Design is proactive and preventative in nature, a highly effective approach in today’s world of increasingly interconnected technologies and extensive data collection.