Smart meter data: Can it reach its potential or be stopped in its tracks in the name of privacy?
Smart meters are potential game changer for the utility industry. With their ability to capture fine-grained consumption data and usage pattern plus their communications capability, the smart meters enable many potentially new products and services that can mean lifestyle improvements and savings through efficiencies. On the other hand, smart electric meters pose a substantial threat to the privacy of consumers in their own homes and businesses. Smart meter data can reveal precise appliance and equipment usage information. These patterns can reveal personal behaviors such as sleep habits, number of occupants, and times of vacancy. As much as utilities push for smart meter implementation, consumers are pushing back with concerns over privacy.
DNV GL is helping regional governments to develop regulations on energy efficiency with built-in consumer privacy requirements. Applying privacy principles early can help utilities gain trust from their customers and gain acceptance for utility programs and technologies like smart meters. Here are some of these privacy principles:
1. The Transparency Principle
2. The Principle of Primary Use
3. Restrictive Principle
The restrictive principle, simply stated, is to collect only the information needed to fulfill the primary purpose. Data collected that does not support the primary purposes is excessive and increases the risk for compromising the customer privacy.
4. Data Destruction Principle
Also recently known as the “right to be forgotten,” the data destruction principle requires that the data in question be destroyed once it is obsolete or has passed its required retention period. One of the greatest threats to privacy is that data have been retained indefinitely. With contemporary IT practices of routine periodic back-ups, total data destruction presents a real challenge. As much as data acquisition is planned, data destruction planning should also be taken into consideration.
5. Accurate Data Principle
The accurate data principle requires that reasonable effort is made to ensure that the data is accurate and error free. The customers can also play a role in keeping the data accurate. By providing customers access to view the data about themselves, a mechanism for customers to dispute the accuracy of that data and a process for correcting the data, the utility can engage their customers in data accuracy.
6. Security Principle
It goes without saying that the utility is obligated to protect and secure the personal data that is collected about their customers. The utility must implement the technical and organizational best practices to ensure that the data is protected against unauthorized access, alteration, or disclosure. The industry standard for managing security is covered in ISO 27001.
7. Principle of Consent
To fully leverage the available information and find opportunities for energy efficiencies and improved services, the utilities and customers in all likelihood will seek assistance from outside consultants and service providers. In doing so, there will be a need to disclose and share personal information collected by the utilities with these third parties. The principle of consent requires that explicit customer consent is obtained before any information is disclosed to third parties. The third parties receiving the information are also required to follow these same privacy principles. Furthermore, the consent is specific as to what data is disclosed, to whom, for what purpose and for what period of time.
Successful and sustainable utility programs require the creation of an effective privacy program that addresses privacy obligations, risks, and business opportunities. Adopting these privacy principles early is the right thing to do.