The Smart Grid brings many benefits – but privacy protection must be built into the design of this new technology before an explosion of personal data erupts, Ontario’s Information and Privacy Commissioner, Dr. Ann Cavoukian, cautioned today in a new white paper.
“The overarching privacy concern associated with Smart Grid technology is its ability to greatly increase the amount of information that is currently available relating to the activities of individuals within their homes – their habits and behaviors,” said the Commissioner.
Intimate details of hydro customers’ habits, from when they cook or take showers, to when they go to bed, plus such security issues as whether they have an alarm system engaged, could all be discerned by the data automatically fed by appliances and other devices to the companies providing electric power.
The Commissioner and co-authors, Jules Polonetsky and Christopher Wolf, co-chairs of the Washington-based Future of Privacy Forum, issued a white paper, Smart Privacy for the Smart Grid: Embedding Privacy in the Design of Electricity Conservation, which emphasizes the importance of building privacy directly into Smart Grid technology, as the default option.
“The smart grid will provide benefits for the economy and the environment and could mean savings for individual consumers,” said Jules Polonetsky. “But the success of the grid will be completely dependent on consumers trusting that their data is being handled responsibly. If companies do not get privacy right from the start, billions will have been spent in vain.”
“The information collected on a Smart Grid will form a library of personal information, the mishandling of which could be highly invasive of consumer privacy,” said Christopher Wolf. “There will be major concerns if consumer-focused principles of transparency and control are not treated as essential design principles, from beginning to end.”
Brian Krebs of Security Fix writes:
In an interview with Security Fix, Polonestsky said some utilities have adopted the stance that existing regulations already prevent them from sharing customer data without prior authorization. But he noted that as power companies transition to the smart grid, those utilities are going to be collecting — and potentially retaining — orders of magnitude more data on their customers than ever before.
“Relatively speaking, [utilities] aren’t big marketing companies with big back end databases ready to handle the tidal wave of data that’s coming,” he said. “But we’re a little worried that without some serious planning now, there’s going to be quite a challenge in a couple of years when people start realizing that maybe should think about developing some solid data retention policies that address what’s going to be done with all of this data.”