SMART GRID: Privacy Awareness and Training – A Starting Point for Utilities October 2011 SGIP-CSWG Privacy Group 1.

Slides:

Advertisements

Similar presentations

Impact of Smart Grid, ICT on Environment and Climate Change David Su Advanced Network Technologies National Institute of Standards and Technology ITU Symposium.

Advertisements

Smart Grid: Electric Power Industry and the FERC Kevin Kelly Director, Policy Development Division Office of Energy Market Regulation Federal Energy Regulatory.

UCAIug HAN SRS v2.0 Summary August 12, Scope of HAN SRS in the NIST conceptual model.

Who is NEMA? NEMA is the association of electrical equipment and medical imaging manufacturers, founded in 1926 and headquartered in Arlington, Virginia.

Cyber Security and the Smart Grid George W. Arnold, Eng.Sc.D. National Institute of Standards and Technology (NIST) U.S. Department of Commerce

1 NAESB Data Privacy Task Force January Data Access and Privacy Access to customer usage information has national attention and implications ENERGY.

Developing a Records & Information Retention & Disposition Program:

1 The Engineer as a Professional Privacy. 2 After reading the articles please answer the following questions. 1) Is privacy a concern that engineers have.

1 ISO/RTO Council Wholesale Demand Response Projects & OpenADR David Forfia.

SMART GRID: Privacy Awareness and Training – for PUCs/PSCs A Starting Point December 2011 SGIP-CSWG Privacy Group 1 DRAFT.

Managing Privacy in the Smart Grid Jennifer M. Urban Assistant Clinical Professor of Law Director, Samuelson Law, Technology & Public Policy Clinic UC.

Property of Common Sense Privacy - all rights reserved THE DATA PROTECTION ACT 1998 A QUESTION OF PRINCIPLES Sheelagh F M.

Complying With The Federal Information Security Act (FISMA)

LAW SEMINARS INTERNATIONAL New Developments in Internet Marketing & Selling November 13 & 14, 2006 San Francisco, California Moderator : Maureen A. Young.

Social Media Jeevan Kaur, Michael Mai, Jing Jiang.

Introduction & Overview April 11, 2011 Barry Haaser Managing Director.

Eric J. Pritchard One Liberty Place, 46 th Floor 1650 Market Street Philadelphia, Pennsylvania (215)

Credit unions use social media in a variety of ways, including marketing, providing incentives, facilitating applications for new accounts, inviting feedback.

Privacy Codes of Conduct as a self- regulatory approach to cope with restrictions on transborder data flow Dr. Anja Miedbrodt Exemplified with the help.

SMART GRID: Privacy Awareness and Training – Information for Consumers A Starting Point April 2012 SGIP-CSWG Privacy Group 1 DRAFT v8.

Facility Smart Grid Information Model

Developing a Social Media Process for your Business Alyn Stafford 1 Monitor and Listen Explore and listen to what others.

Privacy of Home Energy Usage Data Jim Williams June 26, 2012 Jim Williams June 26, 2012.

Policy Review (Top-Down Methodology) Lesson 7. Policies From the Peltier Text, p. 81 “The cornerstones of effective information security programs are.

FERC’s Role in Demand Response David Kathan ABA Teleconference December 14, 2005.

PRIVACY, SECURITY & ID THEFT PREVENTION - TIPS FOR THE VIGILANT BUSINESS - SMALL BUSINESS & ECONOMIC DEVELOPMENT FORUM October 21, WITH THANKS TO.

An Overview of the Smart Grid David K. Owens Chair, AABE Legislative Issues and Public Policy Committee AABE Smart Grid Working Group Webinar September.

INTRODUCTION TO THE UNIDO/REEEP TRAINING MANUAL ‘SUSTAINABLE ENERGY REGULATION AND POLICY-MAKING FOR AFRICA’ User Manual.

Sec. 5 RE-REGULATION- EPAct 1992 FERC Orders 888 and 889 (1996) EPAct 2005 In short these three laws move the power industry towards an increase in competition.

1 Smart Grid Cyber Security Annabelle Lee Senior Cyber Security Strategist Computer Security Division National Institute of Standards and Technology June.

Halifax, 31 Oct – 3 Nov 2011ICT Accessibility For All SMART GRID ICT: SECURITY, INTEROPERABILITY & NEXT STEPS John O’Neill, Senior Project Manager CSA.

LeToia Crozier, Esq., CHC Vice President, Compliance & Regulatory Affairs Corey Wilson Director of Technical Services & Security Officer Interactive Think.

Security Policies and Procedures. cs490ns-cotter2 Objectives Define the security policy cycle Explain risk identification Design a security policy –Define.

1 SMT Format Short Story April 24, 2012 ‘Access, Control & Convenience’

Copyright © 2007 Pearson Education Canada 1 Chapter 1: The Demand for Auditing and Assurance Services.

Smart Grid Interoperability Panel & ISO / RTO Council Smart Grid Projects David Forfia SGIP Governing Board Member – Stakeholder Category 21 ISO/RTO Sponsor.

FIRMA April 2010 SOCIAL NETWORKING Christine M. Farquhar Managing Director, Compliance J.P. Morgan U.S. Private Banking.

April 8, 2011Page 1 April 8, 2011 The University of Texas Interdisciplinary Energy Conference Overcoming Barriers to Smart Grid & New Energy Services Panel.

The Impact of Evolving IT Security Concerns On Cornell Information Technology Policy.

Interoperability Standards and Next Generation Interconnectivity Pankaj Batra Chief (Engineering) CERC.

Chapter 11: Policies and Procedures Security+ Guide to Network Security Fundamentals Second Edition.

2 1.Client protection principles 2.Principle #6 in practice 3.The client perspective 4.Participant feedback 5.Tools for improving practice 6.Conclusion.

Balancing Privacy, Security, and Access Presented by Chris Villarreal Minnesota Public Utilities Commission October 16, 2015.

Policies and Procedures Security+ Guide to Network Security Fundamentals Chapter 11.

Privacy of Customer Energy Usage Data: Protecting Consumers and Giving Them the Tools with which to Protect Themselves Aryeh B. Fishman Director, Regulatory.

Threat Prevention and Detection (within Critical Infrastructures) under EU Data Protection Legislation– Purpose Specification and Limitation. Laurens Naudts.

Chapter 8 Auditing in an E-commerce Environment

California Department of Public Health / 1 CALIFORNIA DEPARTMENT OF PUBLIC HEALTH Standards and Guidelines for Healthcare Surge during Emergencies How.

Privacy and Personal Information. WHAT YOU WILL LEARN: What personal information is. General guidelines for the collection of personal information. Your.

UNDERSTANDING INFORMATION MANAGEMENT (IM) WITHIN THE FEDERAL GOVERNMENT.

CSC4003: Computer and Information Security Professor Mark Early, M.B.A., CISSP, CISM, PMP, ITILFv3, ISO/IEC 27002, CNSS/NSA 4011.

Thandi Tesfagiorgis Supervisor: Prof John Ledger (University of Johannesburg) Co Supervisor: Andrew Paverd (Oxford University)

Jeju, 13 – 16 May 2013Standards for Shared ICT Dr. Farrokh Khatibi Director of Engineering Qualcomm ATIS and the Smart Grid Document No: GSC17-PLEN-63.

March 23, 2015 Missouri Public Service Commission | Jefferson City, MO.

1 HIPAA’s Impact on Depository Financial Institutions 2 nd National Medical Banking Institute Rick Morrison, CEO Remettra, Inc.

UTC STUDY OF DISTRIBUTED GENERATION AND RECOMMENDATIONS Presentation for the Washington Future Energy Conference October 19, 2011.

Overview of Tampa Electric’s Compliance Program APPA Reliability Standards and Compliance Program January 10, 2007.

Iowa Communications Alliance

Data Minimization Framework

JU September Stakeholder Engagement Conference Webinar #1

SETTING UP OF E-COMMERCE WEBSITE

SMT Format Short Story ‘Access, Control & Convenience’ SMT Format Short Story April 24, 2012.

Privacy and Security in the Employment Relationship

Vanquishing the Measurement Dragon

Group Meeting Ming Hong Tsai Date :

Managing Privacy Risk in Your Commercial Practices

DISRUPTING THE STATUS QUO

Privacy Principles Melinda Clarke.

Presentation transcript:

SMART GRID: Privacy Awareness and Training – A Starting Point for Utilities October 2011 SGIP-CSWG Privacy Group 1

SGIP-CSWG Overview 2  SGIP  CSWG  Disclaimer: These slides were created by the CSWG Smart Grid Privacy group to provide a tool for organizations involved with the Smart Grid to use to help facilitate training and awareness about Smart Grid privacy issues and risks. These slides are not endorsed by NIST, nor are they required to be used under any existing law or regulation. They are also not intended to be considered as legal advice.

The Purpose To address privacy issues related to consumer adoption of Smart Grid technologies  Understanding what information may be collected  Limiting the data collected to only that necessary for delivering and billing for services  Describing why information is collected  Explaining how information is used  Knowing how to securely store the information  Knowing who has access to this information  Establishing information retention and disposal standards  Determining how to inform customers about these practices 3

Our Objective To help promote effective privacy training and awareness communications and activities for all participants within the Smart Grid and provide tools to support this objective, that will also document the:  Topics that should be covered  Training/Awareness possibilities  Possible communication methods 4

The Audiences  Users of Smart Grid technologies vary from utility companies to consumers to government and vendors. Each requires a unique approach and message regarding privacy for information related to Smart Grid technologies.  There are many types of audiences involved. 5

Utilities Information gathered that should be covered by training and awareness messages  Personal information  Energy usage  Energy creation/generation  Location enabled technologies (e.g., GPS coordinates)  Smart Meter identifiers (e.g., AMI IP address)  Consumer HAN data  PEV data accessed by the utility  Add other and future topics as needed 6

Topics for Utilities Utilities should cover a wide range of topics to ensure employees and consumers understand the impact, as well as how it can impact the company and its consumers. 1.Basic privacy principles * 2.Identifying privacy impacting data * 3.How to safeguard data * 4.Applicable laws and regulations * 5.Policies and procedures that include coverage of Smart Grid technologies * 6.Educating customers about utility privacy practices* 7.Providing consumers access to their data 8.Responding to consumer inquiries about privacy 9.How to perform privacy impact assessments 10.Add more topics for specific utility * These are necessary training topics for all utilities 7

Training Possibilities for Utilities Each utility company can choose the best training method for its work environment.  Online training modules  Webinars  Classroom training  Videos  Seminars/Conferences  Other training activities  See more ideas within SP "Building an Information Technology Security Awareness and Training Program" at 8

Awareness Possibilities for Utilities 9 Each utility company can choose the best communication method for its work environment and culture. This is limited only by your own imagination.

Groups to Deliver Education Depending on the targeted utilities’ audiences, the individuals or groups that deliver the training and awareness messages can impact the overall acceptance of the message. Here are potential groups to provide the training and awareness communications:  Internal from within the utility  Third party vendors  Government agencies (e.g., DoE, FERC, NERC, NIST)  National Initiative for Cybersecurity Education (NICE)  PUCs  North American Energy Standards Board (NAESB)  Federal Information Systems Security Educators' Association (FISSEA)  Institute of Electrical and Electronics Engineers (IEEE)  Association for Computing Machinery (ACM)  Marketing groups  Consumer groups 10