Our blogs Blogs home
Energy in Transition

Energy in Transition

General

Smart meter data: Can it reach its potential or be stopped in its tracks in the name of privacy?

Smart meters are potential game changer for the utility industry. With their ability to capture fine-grained consumption data and usage pattern plus their communications capability, the smart meters enable many potentially new products and services that can mean lifestyle improvements and savings through efficiencies. On the other hand, smart electric meters pose a substantial threat to the privacy of consumers in their own homes and businesses. Smart meter data can reveal precise appliance and equipment usage information. These patterns can reveal personal behaviors such as sleep habits, number of occupants, and times of vacancy. As much as utilities push for smart meter implementation, consumers are pushing back with concerns over privacy. 

DNV GL is helping regional governments to develop regulations on energy efficiency with built-in consumer privacy requirements. Applying privacy principles early can help utilities gain trust from their customers and gain acceptance for utility programs and technologies like smart meters. Here are some of these privacy principles:

 1. The Transparency Principle
All data collection needs to be done in the open, not in secrecy. The utility must inform the customer upfront specifically what information is collected. This disclosure is typically made available as part of the company’s Privacy Policy.  This policy is made known to the utility customers and may be periodically resent to inform customers of any updates to the policy. Though many would debate whether certain information being collected is indeed legal, the consumers are left waiting for law makers create the necessary definitions and standards for legality. In the meantime, consumers are better protected knowing which data their service providers are collecting about them.

 2. The Principle of Primary Use
The principle of primary use states that data collected should only be used for the purpose conducting an immediate business transaction. An example of primary purpose is that of collecting usage data for the purpose of billing. Any use beyond the primary use would require consent from the customer. If the utility plans to use the data collected for anything other than the immediate business transaction, the transparency principle would require that those additional uses be disclosed as part of the utility’s Privacy Policy.

 3. Restrictive Principle
The restrictive principle, simply stated, is to collect only the information needed to fulfill the primary purpose. Data collected that does not support the primary purposes is excessive and increases the risk for compromising the customer privacy.

 4. Data Destruction Principle
Also recently known as the “right to be forgotten,” the data destruction principle requires that the data in question be destroyed once it is obsolete or has passed its required retention period.  One of the greatest threats to privacy is that data have been retained indefinitely.  With contemporary IT practices of routine periodic back-ups, total data destruction presents a real challenge. As much as data acquisition is planned, data destruction planning should also be taken into consideration.

5. Accurate Data Principle
The accurate data principle requires that reasonable effort is made to ensure that the data is accurate and error free. The customers can also play a role in keeping the data accurate.  By providing customers access to view the data about themselves, a mechanism for customers to dispute the accuracy of that data and a process for correcting the data, the utility  can engage their customers in data accuracy.

6. Security Principle
It goes without saying that the utility is obligated to protect and secure the personal data that is collected about their customers. The utility must implement the technical and organizational best practices to ensure that the data is protected against unauthorized access, alteration, or disclosure. The industry standard for managing security is covered in ISO 27001.

7. Principle of Consent
To fully leverage the available information and find opportunities for energy efficiencies and improved services, the utilities and customers in all likelihood will seek assistance from outside consultants and service providers. In doing so, there will be a need to disclose and share personal information collected by the utilities with these third parties. The principle of consent requires that explicit customer consent is obtained before any information is disclosed to third parties. The third parties receiving the information are also required to follow these same privacy principles. Furthermore, the consent is specific as to what data is disclosed, to whom, for what purpose and for what period of time.

Conclusion
Successful and sustainable utility programs require the creation of an effective privacy program that addresses privacy obligations, risks, and business opportunities.  Adopting these privacy principles early is the right thing to do.

0 Comments Add your comment

Reply with your comment

Your email address will not be published. Required fields are marked *