Modernization of the grid will increase the level of personal information detail available as well as the instances of collection, use and disclosure of personal information. Instead of measuring energy use at the end of each billing period, smart meters will provide this information at much shorter intervals.
Even if electricity use is not recorded minute by minute, or at the appliance level, information may be gleaned from ongoing monitoring of electricity consumption such as the approximate number of occupants, when they are present, as well as when they are awake or asleep.
For many, this will resonate as a ‘sanctity of the home’ issue, where such intimate details of daily life should not be accessible.
There are many significant privacy concerns and issues relating to the Smart Grid according to a high-level privacy impact assessment (PIA).
What do we know about it?
The privacy impact assessment (PIA) states that:- The privacy implications of the Smart Grid are not yet fully understood (very important)
- There is a lack of formal privacy policies, standards, or procedures by entities who are involved in the Smart Grid and collect information
- Comprehensive and consistent definitions of personally identifiable information do not generally exist in the utility industry
- Distributed energy resources and smart meters will reveal information about residential consumers and activities within the house
- Roaming Smart Grid devices, such as electric vehicles recharging at a friend’s house, could create additional personal information
- Smart meters and the Smart Grid network will be able to use personal information in unlimited numbers of ways
- Future research is necessary and conducting further PIAs is crucial.
Electric utilities and other providers may have access to information about what customers are using, when they are using it, and what devices are involved. An electricity usage profile could become a source of behavioural information on a granular level.
For example, it is suggested that the following information could be gleaned with the introduction of end-user components (these issues will become more practical concerns as appliances and devices become part of the grid):
- Whether individuals tend to cook microwavable meals or meals on the stove;
- whether they have breakfast;
- the time at which individuals are at home;
- whether a house has an alarm system and how often it is activated;
- when occupants usually shower;
- when the TV and/or computer is on;
- whether appliances are in good condition;
- the number of gadgets in the home;
- if the home has a washer and dryer and how often they are used;
- whether lights and appliances are used at odd hours, such as in the middle of the night;
- whether and how often exercise equipment such as a treadmill is used.
For example:
The homeowner tends to arrive home shortly after the bars close; the individual is a restless sleeper and is sleep deprived; the occupant leaves late for work; the homeowner often leaves appliances on while at work; the occupant rarely washes his/her clothes; the person leaves their children home alone; the occupant exercises infrequently.
The use of identifiable information beyond the primary purposes for which it was originally collected requires special considerations from a privacy perspective. There may be the temptation to bundle such information into several different data products such as energy usage or appliance data, either in identifiable customer-level, anonymized or aggregate form.
Other “temptations” may include utilities and third parties using the data to seek consent for other services, and third parties seeking to engage the user directly for commercial gain (e.g., targeted advertising).
Though our primary concern is with personally identifiable information, even data that is anonymized may still raise privacy issues. As has been the case in the behavioural advertising arena,
users can be treated differently or marketed to specifically based on
individual, but not personally linked data, raising the need for
enhanced privacy protections.
In addition, researchers have documented the ease of identification of users, even when a minimum of non-personal information about them is available.It is not yet clear who along the grid will have access to a user’s personal information and where on the grid such access will be possible.
Some utilities have indicated that they have no need or desire for device level electricity usage for their grid management needs. In some current Smart Grid environments, consumers have already begun to receive information about their own electricity use, as compared to other consumers in their geographic area. When these data points become more specific (i.e., perhaps broken down by income, age, household size, etc.), what are the benefits and risks to the dissemination of more granular data?
In the United States, many states already have regulations for utilities with respect to account data. It is yet unclear how this new information will be treated under the current regulatory regimes. It is important to research further the potential for such access and the treatment of personal information, given the vast information sharing components of the Smart Grid, as shown in the following diagram.
Concerns exist that personal information on the Smart Grid could be used to make important decisions regarding individuals without their consent, such as in the case of determining insurance risk.
As a result, earning the trust of consumers in the modernization of the electrical grid into the Smart Grid will be key.
Since
the future Smart Grid relies on consumers to use and invest in
smart technologies, the Smart Grid itself is dependent on ensuring that
consumers see the value of such time and investment.If the Smart Grid and smart appliances become synonymous with privacy invasion, visions of the Smart Grid may slow or stall altogether. However, there is another way, it starts by building Smart Privacy into the Smart Grid.