I blogged recently about the rules for protecting consumer electric power usage data collected by utilities in California. I found this on the Center for Spatial Law and Policy site. The California Public Utilities Commision, which regulates electric power in California, has defined the rules for providing access to and protecting the privacy of consumer electric power usage data collected by smart meters in California.
At the Data Analytics for Utilities conference in Toronto last week, Ann Cavoukian, the Information and Privacy Commissioner of Ontario and one of the people who have raised the profile of data privacy, gave an enlightening overview of the important privacy issues as they relate to smart grid, and especially what they mean in Ontario.
As I have blogged before, smart grid, expecialy distributed generation and smart meters, is more advanced in Ontario than most other jurisdictions in North America and comparable to Sweden and Denmark in the EU. Ann Cavoukian provided important information about smart grid in Ontario. Ontario has invested $1 billion in smart meter infrastructure and is the first jurisdiction in North America to equip every small business and home (except for condos and multi-unit buildings) with a smart meter. That's 4,770,289 installed smart meters and 4,258,094 customers on time-of-use (TOU) billing.
Nearly 5 million smart meters means a lot of data and much of it is personally identfiable information (PII), defined as any data that can be tied to an individual, directly or indirectly. Electric usage data tells people when you are using electric power at a granularity of 15 minute intervals and can be used for nefarious purposes.
Ann Cavoukian's fundamental point is that privacy means that electric usage data belongs to the consumer, and that for the consumer it means being able to control who has access to their data.
When a utility collects electricity usage PPI data for billing purposes, the customer is right to expect that this primary purpose is the only use that the utility will make of the data. If the utility wants to use the data for another purpose, it needs to ask the consumer for permission.
The challenge in this era of huge volumes of data that smart meters and other smart devices can generate is reconciling protecting the privacy of consumer energy usage data with the importance to utilities of analytics which requires access to meter data.
Privacy by design
Ann Cavoukian's recommendation for doing this is what she calls Privacy by Design. The first principle of which is minimizing the collection of PPI data and using it only for the primary purpose for which it was collected.
De-identification
But there is a technique which enables the utility to use meter data, simply by aggregating the data so that it is de-identified and cannot be linked to an individual, for example, by aggregating all meter data by postal code and rejectjng any postal codes with less than three meters. National statistical agencies have been doing this kind of things for years. For example, Stats Canada does not report demographic data for census divisions that have less than three respondents. There are a variety of mathematical techniques for de-identifying data.
Ann Cavoukian said that the principles of Privacy by Design underlie not only Ontario's privacy laws, but also privacy laws in the U.S., E.U., New Zealand and Australia.