Privacy by Design – the Gold Standard in data protection for the smart grid


Dr Ann Cavoukian,
Ontario’s Information
& Privacy Commissioner
Toronto, ON, Canada — (METERING.COM) — July 7, 2010 – “Privacy by Design” is the Gold Standard that should be adopted for smart grid implementation for data protection, Ontario’s Information and Privacy Commissioner Ann Cavoukian says in a new report.

Embracing a positive-sum model whereby privacy and energy conservation may be achieved in unison is key to ensuring consumer confidence in electricity providers as smart grid projects are initiated, says the report. And customer adoption and trust of smart grid energy savings programs is an integral factor in the success of energy conservation.

The report, which has been developed in conjunction with Ontario utilities Hydro One Networks and Toronto Hydro Electric System – both of which are involved with several smart grid activities – is intended to outline best practices for embedding privacy within smart grid systems from the outset, based on Ontario’s own emerging smart grid.

Underlying these best practices is the concept of Privacy by Design, which was developed by Cavoukian during the 1990s to address the growing and systemic effects of information and communication technologies and of large scale networked data systems, and in essence asserts that privacy cannot be assured solely by compliance with regulatory frameworks buat rather should become the default mode of operation.

The report says that what constitutes “personal information” on the smart grid is the subject of much discussion. But once it becomes apparent that a smart grid technology, system or project will involve the collection of personal information, then privacy considerations begin to apply, such as limiting the amount of personal information collected, used or disclosed, and the safeguarding of that information.

The changing nature and vast increase of information gathered on the smart grid is also resulting in changes in the nature of utilities as power providers. Lack of integration between various systems in the area of communications, operations and information systems is a significant gap within which challenges may arise for utilities. Utilities should be aware of the gaps where privacy issues might arise, such as in the introduction of smart transformers and power line monitors, and the centralization and integration of data and processes.

Privacy by Design extends to three encompassing applications, IT systems, accountable business practices, and physical design and networked infrastructure, and may be accomplished through seven best practice principles:

  1. Smart grid systems should feature privacy principles in their overall project governance framework and proactively embed privacy requirements into their designs, in order to prevent privacy-invasive events from occurring.
  2. Smart grid systems must ensure that privacy is the default – the “no action required” mode of protecting one’s privacy – its presence is ensured.
  3. Smart grid systems must make privacy a core functionality in the design and architecture of smart grid systems and practices – an essential design feature.
  4. Smart grid systems must avoid any unnecessary trade-offs between privacy and legitimate objectives of smart grid projects.
  5. Smart grid systems must build in privacy end-to-end, throughout the entire life cycle of any personal information collected.
  6. Smart grid systems must be visible and transparent to consumers – engaging in accountable business practices – to ensure that new smart grid systems operate according to stated objectives.
  7. Smart grid systems must be designed with respect for consumer privacy, as a core foundational requirement.

“The smart grid presents new opportunities for growth and innovation, as well as new challenges that must be addressed with regard to collecting more granular data than ever before on customers’ energy consumption,” says Commissioner Cavoukian. “I am delighted that Ontario’s largest electricity companies are demonstrating clear leadership in this space. We believe that this best practice document will assist all utilities, including those in the United States and around the world, to understand how fair information practices and Privacy by Design may be incorporated into the architecture of smart grid systems.”

To view “Privacy by Design: Achieving the Gold Standard in Data Protection for the Smart Grid” click HERE.