Consumer privacy concerns are an important focus of many Smart Grid conversations. Everyone agrees that consumers need to be educated about the entirely new types of energy use data that can be created with Smart Grid technologies. While we must ensure that consumers are aware of their rights and responsibilities regarding energy use data, there is less conversation ongoing about educating utilities and vendors to deploy programs to ensure data privacy, and there are no conversations ongoing about who owns the value of that energy use data.
Like many introductions of past technologies or services, our knowledge of best practices and management lags behind the discovery of unintended consequences. Do you recall when credit card receipts used to display the full card number? It didn’t take long for unsavory characters to collect discarded receipts and go on spending sprees. Credit card issuers and consumers didn’t think through the consequences of this display of information. Many are learning the hard way today about posting information on social media sites. There are recent news reports of insurance companies patrolling sites like Facebook to determine if claimants with back injuries just competed in marathons or completed other strenuous physical endeavors. Doing much of the work previously done by insurance investigators, photographic evidence is voluntarily supplied with these updates. Just like mom said, honesty is the best policy – and now we know why – you avoid the unintended consequences.
Many companies employ Chief Privacy Officers (CPOs) to develop and enact guidelines for the use and management of consumer data. These companies also have documented policies for internal handling of data as part of employee training. The four cornerstones of good privacy program development cover people, policy, process, and technology. Privacy by Design identifies seven principles for good programs, including a proactive stance, end to end lifecycle protection, and respect for user’s privacy. Utilities and vendors of Home Energy Management Systems (HEMS) should implement good privacy programs now. These programs should emphasize protected handling of the minimum amounts of personally identifiable information because as far as data breaches are concerned, security professionals agree that it’s a matter of when, not if, these breaches will occur. Privacy, like security, needs to be built into all products that monitor and/or manage energy consumption.
Beyond the privacy concerns, there’s one other issue about energy use data that needs discussion – the topic of data use or exploitation. Google, Facebook, and Amazon devised many profitable ways to sell or use information based on search history, purchase patterns, or like attributes. There’s no doubt that HEMS solutions can collect vast amounts of use data about appliances and that utilities and other vendors may have authorized access to it.
The bottom line question is: who owns the value of that energy use data? In the case of investor owned utilities, should regulators insist that proceeds of sales of anonymized energy use data be disbursed to ratepayers instead of shareholders? And in the case of energy service providers, whether a utility or another vendor, there are a range of questions about how that data could be used that must be answered to avoid the mis-steps and abuses of privacy that we have seen from some social media sites. Transparency will be critical to developing consumer confidence in Smart Grid technologies and programs, and all players planning to work with energy use data need to be aware of the responsibilities they have in building trust about that data. Abuse or careless handling of this data could have the unintended consequences of damaging consumer support of Smart Grid projects.