Compliance Management, Critical Infrastructure Security, Network Security, Privacy

Consider privacy when deploying smart grid technology

Though much attention is paid to security threats associated with the smart grid, the emerging technology also poses serious privacy concerns, which utilities largely fail to consider, a privacy official said on Tuesday at the SC Congress Canada in Toronto.

Efforts are underway in pilot programs throughout Canada and the United States to modernize the electrical grid and make it “smarter,” said Ann Cavoukian, Ontario's information and privacy commissioner.

The smart grid has the ability to curb greenhouse gas emissions and provide cost-savings to customers. However, the technology also introduces the possibility of collecting information about an individual's energy use, such as when a person uses electrical appliances, watches television, or takes a shower, she said.

Also, by monitoring electricity consumption, it may be possible to determine how many occupants a home has, whether a house has an alarm system and how often it is activated, Cavoukian said. This information can be pieced together to form a picture of an individual's behavioral patterns.  

“Home is the most private of places,” Cavoukian said. “Think about it. Our home is our castle. Nobody should know [what is going on there].”

To thwart these threats, privacy protections must be taken into account during the time the smart grid is rolled out, not as an afterthought, she added. Most utility companies, though, especially those in the United States, have not considered the privacy implications.

However, in Ontario, where the smart meters are increasingly being installed at residences, utility companies are working to address the privacy concerns of such technology, Cavoukian said.

The two largest utility companies in Ontario – Hydro One and Toronto Hydro – have adopted an approach that Cavoukian developed called “Privacy by Design,” which is focused on ensuring that privacy is embedded into new technologies, such as the smart grid, from the start.

As part of the "Privacy by Design" approach, Cavoukian recommended utilities first understand what personally identifiable consumer information is being collected and how it is being used, then analyze the risks to privacy and develop an action plan to address those risks.

Privacy considerations must be incorporated into the smart grid development and design process.

“Our utilities have had to deal with this issue, and know they need confidence and trust of customers and work to build privacy into smart grids,” Cavoukian said. “The time to embed privacy is now.” 

In addition, companies should limit the number of systems containing accessible personal information and inform consumers of how the data collected about them will be used, she said.

Regarding third parties, utilities should minimize the amount of sensitive information they share and consider replacing personal identifiers with a pseudonym.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.