Thanks to M2M and Smart Grid technologies, new energy usage data can be invaluable to help intelligently manage energy and reduce utility operations costs and consumer costs. However, new data means new privacy risks for consumers (residential, commercial, industrial, and agricultural), utilities, their vendor communities, and other entities that collect, transmit, use, and/or store that data.
As noted in the new book Data Privacy for the Smart Grid*, the variety of entities with access to this data can blur privacy roles and responsibilities. Confusion about data privacy is not a good state of mind for consumers, utilities, vendors, or regulators. Privacy is an outcome of intelligent cyber and physical security technologies, policies and practices, and its protection has to become part of organizational cultures. Look at it this way. Utilities have worked diligently to instill “top of mind” safety procedures in their organizations, because of the many dangers associated with electricity, gas, and water services.
We use this analogy in our guidance to utilities and vendors regarding data privacy. A cybersafety culture has to be embedded within utilities and vendors with access to energy usage data. Like safety procedures, regular exercises that identify all potential privacy risk and their mitigations must become an important habit of a cybersafety culture. Think beyond energy usage data too. EV charging, vehicle telematics, and digital health applications produce new data that has considerable privacy implications. Smart Grid technologies that are applied to water can produce new data about water consumption and waste water production that will have similar privacy concerns and risks, as well as other data that delivers personally identifiable information.
How do you achieve a cybersafety culture? Here are three suggestions derived from our methodology:
- Try the “chain of data custody” exercise. Can you accurately map out the sensitive data gathered, used, transmitted, or stored in your business processes and who has access to this data? The exercise results may astonish you.
- Ask your employees who is the ultimate owner of energy usage data. If they don’t know, you have a training issue to address. The owner has ultimate control and decision-making authority over their data. Utility customers are explicitly identified as owners of energy usage data in some Sometimes energy usage data is narrowly defined as consumption data. As consumers transform into prosumers capable of generating kilowatts and negawatts (and new data), energy production data ownership must also be addressed.
* Published by Taylor and Francis Group. Co authors: Christine Hertzog and Rebecca Herold. ISBN: 978-1-46-657337-6. Available for pre-sale now.
Photo Credit: Energy Data Privacy and Security/shutterstock