Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 NAESB Data Privacy Task Force February 16, 2011.

Published byPaige Porter Modified over 10 years ago

Similar presentations

Presentation on theme: "1 NAESB Data Privacy Task Force February 16, 2011."— Presentation transcript:

1 1 NAESB Data Privacy Task Force February 16, 2011

2 2 NAESB Data Privacy TF The Smart Grid potentially enables new parties access to additional customer information that could reveal things about their person, personal behavior, and personal communications The diversity of data access standards and regulatory rules throughout the nation presents a significant challenge to achieving interoperability and hinders the mass deployment of customer products. There are two facets to achieving interoperability with respect to 3 rd Party access to customer usage data Technical - the logical interface where customers and third parties are authorized to gain access to customer usage data NAESB Energy Services Provider Interface Task Force Policy – the policy which governs who is allowed access to customer usage data and what are the responsibilities for protection of customer privacy interface where customers and third parties are authorized to gain access to customer usage data NAESB REQ Data Privacy Task Force

3 3 NAESB Data Privacy TF A balance must be struck between maximizing innovation and customer choice, while ensuring privacy and a sufficiently standardized environment so that energy service providers can provide cost effective Smart Grid- enabled products that can be utilized by any customer in the nation.

4 4 Research Documents 1. NISTIR 7628 Guidelines for Smart Grid Cyber Security, Vol. 2 Privacy and the Smart Grid NISTIR 7628 Guidelines for Smart Grid Cyber Security, Vol. 2 Privacy and the Smart Grid 2. DOE Data Access and Privacy Issues Related to Smart Grid Technologies DOE Data Access and Privacy Issues Related to Smart Grid Technologies 3. Illinois Statewide Smart Grid Collaborative Report Illinois Statewide Smart Grid Collaborative Report 4. Ontario Privacy by Design; Achieving the Gold Standard in Data Protection for the Smart Grid Ontario Privacy by Design; Achieving the Gold Standard in Data Protection for the Smart Grid 5. CPUC Privacy Rules related to Third Party Access to usage data and prices CPUC Privacy Rules related to Third Party Access to usage data and prices 6. National Research Institute: Smart Grid Data: Must there be Conflict Between Energy Management and Consumer Privacy? National Research Institute: Smart Grid Data: Must there be Conflict Between Energy Management and Consumer Privacy? 7. Department of Commerce Internet Policy Task Force: Commercial Data Privacy and Innovation in the Internet Economy: A Dynamic Policy Framework Department of Commerce Internet Policy Task Force: Commercial Data Privacy and Innovation in the Internet Economy: A Dynamic Policy Framework 8. Federal Trade Commission: Protecting Consumer Privacy in an Era of Rapid Change Federal Trade Commission: Protecting Consumer Privacy in an Era of Rapid Change

5 5 Document Summaries DOE recommendations Consumption data should be released only with the customers authorization Authorized third parties should be required to protect the privacy and security of customer data and only use it for the purposes specified in the authorization Define the circumstances, conditions, and data that may be release to third parties Define and establish customer complaint procedures

6 6 Document Summaries, continued Illinois Statewide Collaborative report had 13 policy recommendations 1.Customers should be able to retrieve usage data in near-real time from the meter and through in- premises devices. 2.Customers should have access to historical usage and billing data via a utility-provided web portal. 3.Customer authorization should be required for third party access to customer-specific meter data 4.Third parties should disclose in plain language the scope, duration, use, and purpose(s) of the requested access to customer usage data and customer complaints should be subject to the Commission complaint process. 5.The utility should provide electronic access to billing and usage data to customer-authorized third parties within a reasonable period of time from receipt of authorization; any fees to provide this service should be outlined in the tariff and reflected in regulated revenue. 6.Service and supply agreements with customers should explicitly authorize the retail electric supplier to access and use usage and billing data for billing purposes. Any authorization not directly related to billing and collection should be explicitly stated. 7.Utilities and customer-authorized third parties should be responsible for protecting all meter data in their possession from unauthorized release. 8.The utility should be allowed to use customer-specific meter data to support operation of utility systems and the electricity transmission and distribution network, or as required by State and federal authorities.

7 7 Document Summaries, continued Illinois Statewide Collaborative has 13 policy recommendations, continued 9.The utility should be allowed to use customer-specific meter data to solicit participation in Commission-approved demand response and energy efficiency programs. 10.Stakeholders agree that the utility should only be allowed to make use of the Meter Data and Customer Data for offering a competitive service to the extent allowed by applicable laws, rules and orders. 11.Governmental units should not have unauthorized access to customer-specific data except insofar as some customer-specific data is already shared with government entities by the utility under existing law, policies and agreements. 12.Customers should be educated and informed about what it means to allow access to AMI-derived data. 13.If a utility provides a third party with aggregated AMI meter data, it must take reasonable measures to protect the identity of individual customers.

8 8 Document Summaries, continued Ontario Privacy by Design foundational principles 1.Proactive not Reactive; Preventative not Remedial »Smart Grid systems should feature privacy principles in their overall project governance framework and proactively embed privacy requirements into their designs, in order to prevent privacy-invasive events from occurring 2.Privacy as the Default »If an individual does nothing, their privacy still remains intact. »No action is required on the part of the individual to protect their privacy it is built into the system, by default. 3.Privacy embedded into design »Privacy must be a core functionality in the design and architecture of new Smart Grid systems and practices. 4.Full Functionality – positive-sum, not zero-sum »Embed privacy without any loss of functionality of Smart Grid related goals 5.End-to-End lifecycle protection »Ensure that the people, processes and technology involved in Smart Grid projects consider privacy at every stage, including at the final point of the secure destruction of personal information. 6.Visibility and Transparency »Ensure all component parts and operations remain visible and transparent, to users and providers alike, and that each business practice or technology is operating according to the stated promises and objectives, subject to independent verification. 7.Respect for User Privacy »Architects and operators must keep the interests of the individual uppermost by offering such measures as strong privacy defaults, appropriate notice, and empowering user-friendly options

9 9 Document Summaries, continued National Regulatory Research Institute 1.Define the information utilities will collect »Determine with whom and for what purposes »Assess the need to protect the data 2.Ensure that customers understand what data will be shared and under what terms and conditions 3.Require yearly privacy training programs »Require certification that training has taken place 4.Enforce and revise »report policy breaches, correct errors, review and evaluate Department of Commerce Internet Policy Task Force recommendations 1.Adopt a baseline commercial data privacy framework built on an expanded set of Fair Information Practice Principles (FIPPS) 2.Encourage greater detail in purpose specifications and use limitations, and foster the development of verifiable evaluation and accountability programs 3.Encourage the development of voluntary, enforceable privacy codes of conduct in specific industries through the collaborative efforts of multi-stakeholder groups 4.Establish a Privacy Policy Office (PPO) to serve as a center of commercial data privacy policy expertise. 5.The FTC should remain the lead consumer privacy enforcement agency for the U.S. government 6.Encourage global interoperability 7.Ensure nationally consistent security breach notification rules

10 10 Document Summaries, continued Federal Trade Commission proposed framework 1.Companies should promote consumer privacy throughout their organizations and at every stage of the development of their products and services Companies should incorporate substantive privacy protections into their practices, such as data security, reasonable collection limits, sound retention practices, and data accuracy Companies should maintain comprehensive data management procedures throughout the life cycle of their products and services. 2.Companies should simplify consumer choice Companies do not need to provide choice before collecting and using consumers data for commonly accepted practices, such as product fulfillment For practices requiring choice, companies should offer the choice at a time and in a context in which the consumer is making a decision about his or her data 3.Companies should increase the transparency of their data practices Privacy notices should be clearer, shorter, and more standardized, to enable better comprehension and comparison of privacy practices Companies should provide reasonable access to the consumer data they maintain; the extent of access should be proportionate to the sensitivity of the data and the nature of its use Companies must provide prominent disclosures and obtain affirmative express consent before using consumer data in a materially different manner than claimed when the data was collected All stakeholders should work to educate consumers about commercial data privacy practices

Download ppt "1 NAESB Data Privacy Task Force February 16, 2011."

Similar presentations

Office of the Information and Privacy Commissioner, Ontario, Canada

Office of the Information and Privacy Commissioner, Ontario, Canada
1 Data Access and Privacy Related to Third Parties November 2010.

1 Data Access and Privacy Related to Third Parties November 2010.
HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.

HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.
29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS.

29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS.
EMIG Electricity Market Investment Group Presentation to the Ontario Energy Board February 17, 2004.

EMIG Electricity Market Investment Group Presentation to the Ontario Energy Board February 17, 2004.
Information Privacy and Data Protection Lexpert Seminar David YoungDecember 9, 2013 Breach Prevention – Due Diligence and Risk Reduction.

Information Privacy and Data Protection Lexpert Seminar David YoungDecember 9, 2013 Breach Prevention – Due Diligence and Risk Reduction.
Introduction Build and impact metric data provided by the SGIG recipients convey the type and extent of technology deployment, as well as its effect on.

Introduction Build and impact metric data provided by the SGIG recipients convey the type and extent of technology deployment, as well as its effect on.
What is GARP®? GARP® is an Acronym for Generally Accepted Recordkeeping Principles ARMA understands that records must be.

What is GARP®? GARP® is an Acronym for Generally Accepted Recordkeeping Principles ARMA understands that records must be.
Who is NEMA? NEMA is the association of electrical equipment and medical imaging manufacturers, founded in 1926 and headquartered in Arlington, Virginia.

Who is NEMA? NEMA is the association of electrical equipment and medical imaging manufacturers, founded in 1926 and headquartered in Arlington, Virginia.
Identity Management In A Federated Environment Identity Protection and Management Conference Presented by Samuel P. Jenkins, Director Defense Privacy and.

Identity Management In A Federated Environment Identity Protection and Management Conference Presented by Samuel P. Jenkins, Director Defense Privacy and.
The AMA Code of Ethics Could Egyptian Marketing Professionals Agree on a List of Rules, Perhaps Similar to This? The IMI Journal. Members of the AMA are.

The AMA Code of Ethics Could Egyptian Marketing Professionals Agree on a List of Rules, Perhaps Similar to This? The IMI Journal. Members of the AMA are.
1 NAESB Data Privacy Task Force January 2011. 2 Data Access and Privacy Access to customer usage information has national attention and implications ENERGY.

1 NAESB Data Privacy Task Force January Data Access and Privacy Access to customer usage information has national attention and implications ENERGY.
6/1/2015MINISTRY OF ENERGY, COMMUNICATIONS AND MULTIMEDIA 1 PRESENTATION OF PERSONAL DATA PROTECTION BILL PRESENTATION OF PERSONAL DATA PROTECTION BILL.

6/1/2015MINISTRY OF ENERGY, COMMUNICATIONS AND MULTIMEDIA 1 PRESENTATION OF PERSONAL DATA PROTECTION BILL PRESENTATION OF PERSONAL DATA PROTECTION BILL.
Developing a Records & Information Retention & Disposition Program:

Developing a Records & Information Retention & Disposition Program:
Www.oaic.gov.au Introduction to the APPs and the OAIC’s regulatory approach Presented by: Este Darin-Cooper Director, Regulation and Strategy May 2015.

Introduction to the APPs and the OAIC’s regulatory approach Presented by: Este Darin-Cooper Director, Regulation and Strategy May 2015.
Presentation By: Chris Wade, P Eng. Finally … a best practice for selecting an engineering firm.

Presentation By: Chris Wade, P Eng. Finally … a best practice for selecting an engineering firm.
P3P: Platform for Privacy Preferences Charlin Lu Sensitive Information in a Wired World November 11, 2003.

P3P: Platform for Privacy Preferences Charlin Lu Sensitive Information in a Wired World November 11, 2003.
NTIA Privacy Multistakeholder Meeting March 25, 2014 Amanda Koulousias, Attorney Division of Privacy and Identity Protection Federal Trade Commission FTC.

NTIA Privacy Multistakeholder Meeting March 25, 2014 Amanda Koulousias, Attorney Division of Privacy and Identity Protection Federal Trade Commission FTC.
Purpose of the Standards

Purpose of the Standards
SMART GRID: Privacy Awareness and Training – A Starting Point for Utilities October 2011 SGIP-CSWG Privacy Group 1.

SMART GRID: Privacy Awareness and Training – A Starting Point for Utilities October 2011 SGIP-CSWG Privacy Group 1.

Similar presentations

Ads by Google