Alone Peace Of Mind 2 Privacy is NOT about whether one has “something to hide” I want to make informed choices without unwanted influence I want to know my personal information is not being used to harm me or those I care about I want you to just let me be
Paradigm-changing technologies like the Internet impacted privacy in ways we could have scarcely imagined 30 years ago – Today, Smart Grid technologies like smart meters are changing the way we look at energy privacy • It’s the right thing to do • Regulators require it – CPUC Decision 11-07-056 – Electricity Usage Data Privacy Decision applies strict rules around how customer privacy is respected and protected 3 • We know customers expect it – “SDG&E understands that the full benefits of Smart Grid cannot be achieved if it does not have the confidence of the users of the system.” (SGDP, pg. 139) • Prudence demands it – Penalties for failure may be large
adequately protecting company information? Are we doing what we said we would with customer data? Are we giving our customers choices regarding their data? Are we protecting sensitive customer data? Are we properly disposing of customer data? Are we in compliance with privacy law & regs? Is the data accurate? Does the data have high integrity? Are we in compliance with security law & regs? Can customers see their data & request corrections?
of every customer • Energy privacy—privacy around the collection & use of a customer’s usage data—is a relatively new concept outside utilities that requires extensive awareness & education of risks • SDG&E sees itself as a steward of customer information & is dedicated in its obligation to protect it & our customers’ energy privacy • SDG&E is committed to doing its part to advocate for energy privacy on behalf of its customers & our community • SDG&E desires to work collaboratively with external partners to find ways to advance its customer privacy program 5
its electric delivery system • Empowers customers • Increases renewable generation • Integrates plug-in electric vehicles (PEVs) • Reduces greenhouse gas (GHG) emissions • Maintain and improving system reliability, operational efficiency, security and customer privacy. 6
•Types & quantity of appliances (i.e., refrigerator, A/C) •Whether solar panels or electric vehicles are present •Load trends (when customer is home & when they’re not) …& perhaps in the future •Make, model, condition of any plugged-in device •Whether appliances are operating efficiently •Whether refrigerator is full or empty •What is watched on TV •? 7 Energy usage information that SDG&E protects can reveal preferences & behavior
statutes, regulations & protocols regarding privacy • California Constitution, Article One, Section One – Every citizen has the right to privacy. • California Public Utilities Code Section 8380 (enacted by SB 1476 (Padilla), 2010 Stats., Ch. 497.) – Privacy protections for customer energy consumption data collected by California energy utilities using advanced metering infrastructure. • California Privacy Breach Notification Act (SB1386) – Requires companies doing business in California to report breaches of defined customer information • CPUC Decision 11-07-056 Electricity Usage Data Privacy Decision – Mandates privacy controls for utilities regarding “Covered Information”, or consumer electric (and now gas) usage data when combined with customer- identifying information 8
the “box”, scopes how we look at privacy • Developed a Privacy Impact Assessment – Allows employees to determine privacy risks related to changes • Developed Privacy Controls – Provides mechanisms to ensure privacy is protected while information is collected, stored, handled, shared & disposed of • Conduct Privacy Training – Role-based training to all company employees • Raise Awareness – Engaging customers and third parties is CRITICAL to success! • Engage Partners – Find subject matter experts to help improve the program over time 9 While SDG&E has taken privacy seriously for over 100 years, in 2011 we began taking steps to formalize an Office of Customer Privacy
collection, use and disclosure of personal energy information; • Data linkage of personally identifiable information with detailed energy use; • The creation of a new “library” of personal information, (Quinn, 2009), and a new terminology: “Consumer Energy Usage Data.” Image – Toronto Star – May 12, 2010
not Reactive: Preventative, not Remedial; 2. Privacy as the Default setting; 3. Privacy Embedded into Design; 4. Full Functionality: Positive-Sum, not Zero-Sum; 5. End-to-End Security: Full Lifecycle Protection; 6. Visibility and Transparency: Keep it Open; 7. Respect for User Privacy: Keep it User-Centric.
of data; • 90% of the data today has been created in the past 2 years; • Big data analysis and data analytics promises new opportunities to gain valuable insights and benefits, (e.g., improving pandemic response, advances in cancer research, etc.); • However, it can also enable expanded surveillance, on a scale previously unimaginable; • This situation cries out for a positive-sum solution – a win-win strategy.
opportunities to adopt Privacy by Design when introducing new technologies, integrating communications and information systems, as well as updating operational business processes; •Privacy by Design is essential to smart meter data analytics, enabling both privacy and the analysis of meter data – not one, to the exclusion of the other.
Reactive: Preventative, not Remedial; 2.Privacy as the Default setting; 3. Privacy Embedded into Design; 4. Full Functionality: Positive-Sum, not Zero-Sum; 5. End-to-End Security: Full Lifecycle Protection; 6. Visibility and Transparency: Keep it Open; 7. Respect for User Privacy: Keep it User-Centric. SDG&E INTERNAL 16
the Default Setting • We can be certain of one thing — the default rules! Privacy by Design seeks to deliver the maximum degree of privacy by ensuring that personal data are automatically protected in any given IT system or business practice. • If an individual does nothing (takes no action), their privacy still remains intact. No action is required on the part of the individual to protect their privacy — it is built into the system automatically, by default. SDG&E INTERNAL 17 http://privacybydesign.ca/about/principles
10 • June 2012 – Microsoft announced a Do Not Track option would be activated by default in Internet Explorer 10 on Windows 8 as part of its commitment to user privacy; • The Default Rules – research shows that the default condition, requiring no action is the one that prevails; • Microsoft was criticized by some companies, who said that Do Not Track must be a choice made by the user and should not be automatically enabled; • They’re wrong – they already made the choice for their users – the existing default is one of tracking/targeting; • Microsoft responded that users would prefer a browser that automatically respects their privacy and lets them make the choice– they’re right!
businesses of protecting privacy within an enterprise environment; • The role of software engineers is at play in this context; • Fostering a culture of respect for privacy within the enterprise; • Good privacy = Good business; • Gain a sustainable competitive advantage by embedding Privacy by Design. SDG&E INTERNAL 19 www.privacybydesign.ca
and benefits for the energy sector; • However, Big Data may also enable expanded surveillance, increasing the risk of unauthorized use; •Big Data needs Big Privacy – you can achieve both goals in a doubly-enabling, positive-sum paradigm through Privacy by Design; •Lead with Privacy by Design, featuring control over customer energy usage data – thereby preserving consumer confidence and trust; •Avoid privacy by chance, or worse – Privacy by Disaster!
Use Data www.privacybydesign.ca • A growing class of third parties wish to gain access to granular and customer-specific energy use data (e.g. app developers, consumer service providers, software vendors, device manufacturers, home security companies, etc.); • Innovation advocates argue that allowing third parties access to customer energy use data (CEUD) will lead to new products and services that will support conservation and unleash new market opportunities (e.g. Green Button, White House “Apps for Energy” contest, MaRS Data Catalyst project); • Privacy by Design can ensure that the choice to securely access and use CEUD remains in the consumer’s control, and that the timely disclosure of CEUD in standardized, machine readable format is protected end-to-end.
nonxxxizm
signer
asial_corp
psj59129
yuko_yokouchi
kaityo256
asial_edu
matleenalaakso
programmer_sch2np
expajp
caitiem20
edds
thoeni
speakerdeck
dotmariusz
tenderlove
holman
maggiecrowley
zenorocha
chrislema
thekraken
bkeepers
