1 Insert Cover Page Karen Made. 2 Why is Privacy an Issue with Smart Grid?  Smart Grid presents new privacy threats through its enhanced collection and.

Slides:

Advertisements

Similar presentations

1 NAESB Data Privacy Task Force February 16, 2011.

Advertisements

Security Vulnerabilities and Conflicts of Interest in the Provider-Clearinghouse*-Payer Model Andy Podgurski and Bret Kiraly EECS Department & Sharona.

HIPAA Privacy Rule Training

Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.

The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.

Health Insurance Portability and Accountability Act (HIPAA)HIPAA.

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

PIPA PRESENTATION PERSONAL INFORMATION PROTECTION ACT.

ICS 417: The ethics of ICT 4.2 The Ethics of Information and Communication Technologies (ICT) in Business by Simon Rogerson IMIS Journal May 1998.

Developing Privacy and Security Standards Allen Briskin Allen Briskin

© 2006 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice Privacy Management for a Global Enterprise.

6/1/2015MINISTRY OF ENERGY, COMMUNICATIONS AND MULTIMEDIA 1 PRESENTATION OF PERSONAL DATA PROTECTION BILL PRESENTATION OF PERSONAL DATA PROTECTION BILL.

SmartMeter Program Overview Jana Corey Director, Energy Information Network Pacific Gas & Electric Company.

The role of the Office of the Privacy Commissioner in telecommunications Andrew Solomon Director, Policy.

3rd session: Corporate Governance

DRA Advocacy Joe Como, Acting Director. 2 DRA Facts The Voice of Consumers, Making a Difference! 3  History: CPUC created DRA (formerly known as the.

SMART GRID: Privacy Awareness and Training – A Starting Point for Utilities October 2011 SGIP-CSWG Privacy Group 1.

SMART GRID: Privacy Awareness and Training – for PUCs/PSCs A Starting Point December 2011 SGIP-CSWG Privacy Group 1 DRAFT.

Managing Privacy in the Smart Grid Jennifer M. Urban Assistant Clinical Professor of Law Director, Samuelson Law, Technology & Public Policy Clinic UC.

Advanced Metering Infrastructure

Taking Steps to Protect Privacy A presentation to Hamilton-area Physiotherapy Managers by Bob Spence Communications Co-ordinator Office of the Ontario.

Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.

Obtaining, Storing and Using Confidential Data October 2, 2014 Georgia Department of Audits and Accounts.

IOT5_ GISFI # 05, June 20 – 22, 2011, Hyderabad, India 1 Privacy Requirements of User Data in Smart Grids Jaydip Sen Tata Consultancy Services Ltd.

Sharing Low-Income Customer Information Water & Energy Utilities LIOB Meeting - January 2009 Seaneen M Wilson Division of Water & Audits.

Chapter 3 Internal Controls.

6th CACR Information Security Workshop 1st Annual Privacy and Security Workshop (November 10, 2000) Incorporating Privacy into the Security Domain: Issues.

Privacy Law for Network Administrators Steven Penney Faculty of Law University of New Brunswick.

SMART GRID: Privacy Awareness and Training – Information for Consumers A Starting Point April 2012 SGIP-CSWG Privacy Group 1 DRAFT v8.

Technical Regulations – U.S. Procedures and Practices U.S.-Brazil Commercial Dialogue Digital Video Conference Series August 22, 2006 Mary Saunders Chief,

WHEN TITLE IS NOT A QUESTION N O ‘WE CAN’ WHEN TITLE IS NOT A QUESTION N O ‘WE CAN’ WHEN TITLE IS NOT A QUESTION N O ‘WE CAN’ Identity and Privacy: the.

1 Availability of Aggregated Customer Usage Information: An Overview of D California Public Utilities Commission Presentation before the California.

Nationwide Health Information Network: Conditions for Trusted Exchange Request For Information (RFI) Steven Posnack, MHS, MS, CISSP Director, Federal Policy.

Privacy of Home Energy Usage Data Jim Williams June 26, 2012 Jim Williams June 26, 2012.

1 Smart Grid Cyber Security Annabelle Lee Senior Cyber Security Strategist Computer Security Division National Institute of Standards and Technology June.

IBT - Electronic Commerce Privacy Concerns Victor H. Bouganim WCL, American University.

HIT Policy Committee Privacy & Security Workgroup Update Deven McGraw Center for Democracy & Technology Rachel Block Office of Health Information Technology.

Eliza de Guzman HTM 520 Health Information Exchange.

© 2013 The McGraw-Hill Companies, Inc. All rights reserved. Ch 8 Privacy Law and HIPAA.

PricewaterhouseCoopers 1 Administrative Simplification: Privacy Audioconference April 14, 2003 William R. Braithwaite, MD, PhD “Doctor HIPAA” HIPAA Today.

The right item, right place, right time. DLA Privacy Act Code of Fair Information Principles.

Policies for Information Sharing April 10, 2006 Mark Frisse, MD, MBA, MSc Marcy Wilder, JD Janlori Goldman, JD Joseph Heyman, MD.

Privacy and the Law in Demand Response Energy Systems Deirdre K. Mulligan, Jack I. Lerner Erin Jones, Jen King, Caitlin Sislin, Bethelwel Wilson, Joseph.

Role of the Commission and Recent Policy Actions Interconnection Workshop Carol Revelt Utah Public Service Commission December 4, 2007.

Twelve Guiding Principles for the Regulation of Surveillance Camera Systems Presented by: Alastair Thomas Date: 23 rd October 2013.

PROTECTION OF PERSONAL DATA. OECD GUIDELINES: BASIC PRINCIPLES OF NATIONAL APPLICATION Collection Limitation Principle There should be limits to the collection.

HIT Policy Committee NHIN Workgroup HIE Trust Framework: HIE Trust Framework: Essential Components for Trust April 21, 2010 David Lansky, Chair Farzad.

HIT Policy Committee Meeting Nationwide Health Information Network Governance June 25, 2010 Mary Jo Deering, PhD ONC, Office of Policy and Planning NHIN.

1 Senate Bill 790 San Diego Energy District Foundation Carlos Velasquez CCA Regulatory Analyst California Public Utilities Commission June 21, 2012.

APEC Privacy Framework “The lack of consumer trust and confidence in the privacy and security of online transactions and information networks is one element.

California Energy Action Plan December 7, 2004 Energy Report: 2004 and 2005 Overview December 7, 2004.

DON Code of Privacy Act Fair Information Principles DON has devised a list of principles to be applied when handling Protected Personal Information (PPI).

Data protection—training materials [Name and details of speaker]

The Health Insurance Portability and Accountability Act of 1996 “HIPAA” Public Law

A Smart Metering Scenario Jorge Cuellar, Jan Stijohann, Santiago Suppan Siemens AG.

Protection of Personal Information Act An Analysis on the impact.

1 Distribution Resources Plan [R ] Data Workshop California Public Utilities Commission May 23, 2016 Rulemaking R Pursuant to Public.

Privacy principles Individual written policies

Privacy principles Individual written policies

Ethical questions on the use of big data in official statistics

OECD Guidelines Collection Limitation: should be limited to personal data, obtained by lawful and fair means, and (where appropriate) with knowledge and.

Investor protection and MIFID

Data Access and Stewardship

Health Care: Privacy in a Digital Age

Healthcare Privacy: The Perspective of a Privacy Advocate

Paul T. Smith, Esq. Partner, Davis Wright Tremaine LLP

Enforcement and Policy Challenges in Health Information Privacy

THE 13TH NATIONAL HIPAA SUMMIT HEALTH INFORMATION PRIVACY & SECURITY IN SHARED HEALTH RECORD SYSTEMS SEPTEMBER 26, 2006 Paul T. Smith, Esq. Partner,

PRIVACY PRESENTATION TO THE SPRING 2013 CONFERENCE BY HANK MOORLAG

Student Data Privacy: National Trends and Wyoming’s Role

Presentation transcript:

1 Insert Cover Page Karen Made

2 Why is Privacy an Issue with Smart Grid?  Smart Grid presents new privacy threats through its enhanced collection and transmission of more detailed energy usage data than traditionally collected.  Privacy concerns exist wherever personal identifiable information is collected and stored.  Data wants to be free – once information is released, it is practically impossible to retract. The Voice of Consumers, Making a Difference!

3 How Data Changes with Smart Grid  Quantity and type of data: ►Data from smart meters is highly granular.  In California, data collection increments range between 15 minutes to 1 hour. ►Entirely new types of revealing data is collected:  Identifiable appliances.  Location information of plug-in electric vehicles.  Temperature inside the home.  Data flow shifting away from traditional consumer-to-utility relationship.  Patchwork of existing laws doesn’t cover a Smart Grid environment.  Must find a balanced solution that allows data to flow and be used, but also protects customer privacy. The Voice of Consumers, Making a Difference!

4 Highlights – Data Usage  Data may have important uses for energy conservation, for those customers with the ability to load shift.  Data has possible value to utility business enterprises.  Data can also be compiled for various discriminatory, anti-competitive, and/or illegal uses.  Privacy protections have been circumvented by user error, disgruntled employees, and hackers. The Voice of Consumers, Making a Difference!

5 Privacy Concerns Regarding Data Usage  Customer energy usage data may disclose intimate personal details related to: ►Customer’s presence in, or absence from, the home. ►Purchasing preferences. ►Health. ►Co-habitation arrangements. The Voice of Consumers, Making a Difference!

6 Examples of Private Information Revealed by Energy Usage Data  Scant energy usage may allow third parties, and potentially criminals, to determine which homes are empty.  Hackers have used poorly secured networks to: ►Pass their utility charges to other customers. ►Disconnect customers from the grid. ►Steal customer identification information. The Voice of Consumers, Making a Difference!

7 Examples of Private Information Revealed by Energy Usage Data  Law enforcement agencies in Texas have mined thousands of customers’ energy usage information – without their consent – to identify and target potential marijuana operations, raising Fourth Amendment concerns.  Landlords may be able to determine how many people live in a home, perhaps in violation of a leasing agreement.  Disclosure of occupant’s prescription data to third parties: ►In-home devices may allow two-way communication and facilitate the reading of Radio Frequency Identification (RFID) tags.  If data is stored at the meter, and it is not de-energized when one tenant leaves, the next tenant could have access to that data. The Voice of Consumers, Making a Difference!

8 Examples of Privacy Concerns About Energy Usage Data Collection  There is a greater risk of compromising customer privacy if data leaves the home to be processed.  Data sent over wireless devices is easily intercepted by drive-by data collectors and must be securely encrypted to prevent interception. ►All smart meters have home area network (HAN) functionality. ►Once activated, they enable wireless transmission of data with consequent risks.  Entities with access to usage data may gain a competitive edge over other market players.  If unregulated third parties obtain customer data, they may: ►Sell the data. ►Use it for advertising purposes. ►Barrage customers with unwanted or even nefarious advertisements and promotions. The Voice of Consumers, Making a Difference!

9 Fair Information Practice Principles (FIPPs)  Transparency – Provide clear, meaningful notice about collection, uses, and disclosure.  Individual Participation – Consent to collect, use, and/or disclose data, required any time changes are made, and revocable at any time.  Purpose Specification – Articulate specific purpose(s) for which data will be used.  Data Minimization – Collect only data necessary to fulfill specific purpose(s) and keep only as long as needed.  Use Limitation – Use data only for specified purpose(s).  Data Quality and Integrity – Ensure data is accurate, relevant, timely, and complete and provide tools to correct mistakes or challenge errors.  Data Security – Must protect customer data with appropriate security safeguards.  Accountability and Auditing – Must comply, audit for compliance, and provide employee and contractor training. The Voice of Consumers, Making a Difference!

10 Privacy and Smart Grid in California  The California Public Utilities Commission (CPUC) opened a Rulemaking to consider and evaluate policies related to Smart Grid in December 2008 (R ).  In December 2009, the CPUC adopted a decision that set as policy objectives: ►Ensure all information is secure and a customer’s privacy is protected. ►Require that utilities have operations in place by the end of 2010 allowing customers to access their information through an agreement with a third party (delayed).  In June 2010, the CPUC adopted a decision that established FIPPs as the appropriate framework for privacy rules, with those rules to be determined later.  California was the first state to pass a bill directly related to energy usage data: ►Senate Bill 1476 (Padilla) was passed and codified as Public Utilities Code Section 8380 (December 2010). ►While being touted as a “landmark privacy bill,” it does little to protect consumers and does not adequately address data sharing with third parties. The Voice of Consumers, Making a Difference!

11 Current Status of Privacy Rules for Smart Grid in California  Center for Democracy and Technology and the Electronic Frontier Foundation developed a very specific set of polices and procedures that translated FIPPs into practical and useable rules: ►Submitted to the CPUC in October  DRA provided input to the proposed rules and supported them with a couple amendments: ►Limit appropriate uses of data to those purposes specifically related to fulfilling energy policy goals and operational needs. ►The rules should follow the data, regardless of what entity accesses the data.  The CPUC issued a proposed decision adopting privacy rules for California's three large investor owned utilities on May 6, ►Parties will submit comments on that proposed decision on May 26, The Voice of Consumers, Making a Difference!

12 Thank You Contact Information: Karin Hieta Smart Grid Project Lead (415) California Public Utilities Commission Division of Ratepayer Advocates Fourth Floor 505 Van Ness Avenue San Francisco, CA The Voice of Consumers, Making a Difference!