Ontario Information and Privacy Commissioner Ann Cavoukian has partnered with two of Canada’s largest utility companies, Toronto Hydro Corp. and Hydro One Inc., to set the “gold standard” for protecting privacy in smart grids.
Published Wednesday, Privacy by Design: Achieving the Gold Standard in Data Protection for the Smart Grid, outlines best practices, includes case scenarios and creates a roadmap to show utility companies how to embed privacy into the design and architecture of the smart grid, said Cavoukian.
“We’ve taken the guesswork out of it and created best practices that will show you how to do it. This is the gold standard,” she said.
The document includes input from Toronto Hydro and Hydro One, which are following the best practices in projects related to the smart grid in Ontario. Hydro One is the largest electricity company in Ontario, and Toronto Hydro is the largest municipal electricity company in Canada.
Combined, the companies provides electricity to more than two million households, said Cavoukian. “Privacy can’t just be an academic concept. It has to work on the ground, and how better to do it in terms of showing how this can play out with the major electrical utilities in Canada,” she said.
While smart grids are still in early stages of development and utilities may not know what direction they are going to take, “it’s easier to embed privacy into the design of a newly developing system than one that’s already out there,” said Cavoukian.
“The time to embed privacy into the design of systems is during its infancy,” she said.
Embedding privacy into smart grid systems at an early stage will be easier and less costly for utility companies, she said. It will also help avoid additional expenses related to data breeches later down the road, she said.
Following the best practices will also engender trust and public confidence, said Cavoukian. Electrical utilities adopting Privacy by Design would not be permitted excessive use of personal information beyond what is taking place now, she said.
Privacy by Design is pro-active in nature and sets privacy as the default option, she said. “You don’t have to ask for it as a customer. You will have the comfort of knowing it is already embedded into the system by design,” she said.
The standards are an example of what Cavoukian refers to as the “positive-sum, not zero-sum” approach. “It’s protect privacy and conserve energy together. We call this positive-sum, a doubly enabling system that is truly win-win,” she said.
Smart gridsencourage energy conservation by supporting renewable energy sources andtechnologies like smart meters that bill electricity consumption based ontime-of-use. But the systems also raise significant privacy concerns.
Academicsare concerned that smart grids will create “an entire library of personalinformation relating to the activities you engage in within your house,” saidCavoukian. This data, traditionally privileged information, needs to beprotected “like FortKnox,” she said.
“In thefuture, all the appliances will be smart,” she said. “Each appliance will beable to tell the electricity company that you use the stove this much, showeredthis much, you watch TV this much.”
“Everything will be granular and it will be in real time,” she said.“Electricity companies will know exactly what you are doing, at what times,within your household,” she said.
Utilitiesmust have “the utmost level of privacy associated with the collection of thatinformation and have to ensure customers that no one else will have access tothis information unless the customer specifically consents to a third party,”she said.
Cavoukian believes the best practice document will benefit utility companies around the world. “Other utilities can just use the benchmarks we’ve created and apply it to their own circumstances,” she said.