The National Institute of Standards and Technology (NIST) recently published the latest draft of the Guidelines for Smart Grid Cyber Security, a collaborative public/private effort to assist individuals and organizations who will be addressing cyber security for Smart Grid systems.  The second volume focuses on Privacy and the Smart Grid with an emphasis on residential consumer impacts, and you can read or download a copy of it by clicking here.  Future drafts will explore the ramifications of increased energy consumption data collection for commercial and industrial electricity users.

The most pressing privacy challenge regarding energy consumption data is the need for education. Consumers need to understand what constitutes energy consumption data and potential privacy concerns.  Utilities and energy service providers need to learn the best practices for collection, transmission, use, and storage of energy consumption data.  Regulators and lawmakers need to consider the policies and laws that can help or hinder protection of personal and business energy consumption data.  Let’s examine a few examples that can help us ensure privacy of sensitive information and how it might be used. 

The Payment Card Industry Data Security Standard (PCI DSS) covers security management, policies, procedures, network architecture, and software design practices for merchants who store, process, or transmit credit card data.  The sponsoring industry association, the PCI Security Standards Council, offers certification courses for companies and individuals to ensure compliance competencies and auditability.  Most electric utilities are already aware of the PCI DSS policies because the vast majority of them accept credit cards for payments.  Could similar policies be applied to the transmission and storage of energy consumption data?  Certainly.  What is less certain is whether all energy data should be considered as sensitive as personal credit card data.

The ability to identify energy consumption data as belonging to you or to me is important to our discussion about privacy.  Consider a financial budgeting service like Mint.com.  Consumers voluntarily enroll with this site and share their personal financial data on bank and investment accounts in order to obtain information on how to manage their financial assets.  The site makes it very clear in their privacy policy that they may anonymize and aggregate personal information to sell to advertisers for marketing purposes or researchers studying consumer spending habits.  Your information, minus personal identifiers, has value to other businesses.  However, this company is hoping that you’ll find that the value of their free services outweighs any qualms about being the target of unwanted marketing campaigns. 

The energy consumption data that utilities can collect has high value for consumers and other parties.  Just look at grocery and drug stores, which offer voluntary enrollment programs that entice consumers to allow their purchases to be tracked through use of a card scanned for each transaction.  For the retailer, this behavioral information can be mined to develop detailed views of spending habits, analyzed to determine what store promotions would be most appealing, and sold to other firms.  Participating consumers enjoy reduced prices and special promotions – so they have received some value in exchange for reduced privacy in their spending habits.  Will we see utilities and energy service providers offering rebates on bills in exchange for our consent to allow them to analyze that information for internal use and or use by other companies?

This question may be answered at the complimentary Energy Collective webinar on Wednesday, September 8th at 10AM Pacific time.   Join us to build your knowledge about developing the right energy use data practices and policies.