It’s nice to see Ontario’s information and privacy commissioner, Ann Cavoukian, being so proactive on the issue of privacy as it relates to deployment of the smart grid. (Disclosure: Cavoukian is a good friend of mine and co-author of a book we wrote on privacy issues back in 2002).
Cavoukian’s latest annual report highlights the privacy risks involved with the rising use of smart meters and the increased collection of granular data about when and where people are using electricity. “In a future smart grid scenario that does not build in privacy, intimate details of hydro customers’ lives could be easily discerned by data automatically fed by appliances and other devices to the companies providing electric power (eg. what time you cook, shower, or go to bed — and the security issues such as whether the house has an alarm system),” Cavoukian writes in her report. “Once inferences can be drawn on granular energy consumption information flowing outside of the home, such as real-time energy use data, future consumers may have questions including: Who will have access to this sensitive data? For what purposes? What are the obligations of companies making smart appliances and smart grid systems to protect my privacy?”
Cavoukian has a new program called Privacy By Design, which places focus on the need to build privacy into new technologies and systems from the outset, rather than scrambling to make privacy/security fixes after there has been a major — and often embarrassing — information breach. The whole point of this is to learn from past mistakes during the early days of Internet, Web and e-commerce development, when companies rushed ahead to come out with services without considering the privacy implications. This got many companies, including big names like Intel and DoubleClick but also high-profile retailers, into a lot of hot water. The rise in identify theft only brought increased attention to the problem. Whether it was disgruntled employees looking to take advantage of this information from the inside, or clever hackers looking to steal information for a profit or for bragging rights, having so much detailed information about individuals in one place is — in Cavoukian’s words — a “treasure trove” that needs to be protected like Fort Knox. You can bet there are already hackers out there looking to make a name for themselves by being the first to access consumer information through smart grid infrastructure, even during these early days.
That’s why it’s crucial that utilities and their partners think of information privacy and security now, rather than as a Band-aid measure later. Not only is this a good strategy to avoid future legal challenges, it will also save them a lot of hassle and embarassment in the long run if they treat privacy/security seriously from Day 1. For that reason, I think Cavoukian’s Privacy By Design message needs to spread across the industry as we embark on what’s expected to be a massive, multibillion dollar smart grid buildout.