Title: Privacy and the Smart Grid
1Privacy and the Smart Grid Elias L.
Quinn August 25, 2009
2Existing Privacy Law
3Privacy Concern
The Heart of the Matter
Balancing Risks
Existing Privacy Law
Policy Responses
Shuttered Window ? Piercing the Blinds
4Privacy Concern
Categories of Concern
Balancing Risks
Existing Privacy Law
Policy Responses
Individuated Patterns
Real Time Surveillance
Electronic Detritus
Physical Invasion
5Privacy Concern
Competing Policies
Balancing Risks
Existing Privacy Law
Policy Responses
A Balancing Act
Environmental Initiatives / DSM
Edge Service Bus. Models
Info. Access for Innovation
Consumer Privacy
Reasonable Returns
Utility Incentives
Technological Decisions Are Not Policy-Neutral
6Privacy Concern
Colorados Privacy Regulations
Balancing Risks
Existing Privacy Law
Policy Responses
Examination
Diagnosis
4 C.C.R. 723-1-1004(t) Defines protectable
personal information broadly, excludes info
necessary for billing. 4 C.C.R. 723-1-1104
Requires consumer informed consent prior to
information disclosure prohibits umbrella opt-in
mechanisms. C.R.S. 6-1-716 Requires customer
notice of security breach references even
narrower definition of personal information.
Exception likely to swallow the rule.
Unnecessarily inflexible in light of rapid
changes and growth in edge services.
Definitions generally do not contemplate
information such smart-metered data.
7Privacy Concern
The Regulatory Tool Kit
Balancing Risks
Existing Privacy Law
Policy Responses
1 2 3
Dimensions
Opt-In OR Opt-Out
Claudius Gertrude Polonius Ophelia Laertes
Disclosure Consent Regulation
Smart Grid Info.
Case-by-Case Review OR Umbrella Consent
8Privacy Concern
The Regulatory Tool Kit
Balancing Risks
Existing Privacy Law
Policy Responses
1 2 3
Possible Regulatory Structure
Joint Venture Partners in Electricity
Distribution
Disclosure Consent Regulation
Smart Grid Info.
Non-critical Data Services Efficiency
Consultants Automation Vendors
Data Brokers Insurance Providers Other
Unrelated Entities
9Privacy Concern
The Regulatory Tool Kit
Balancing Risks
Existing Privacy Law
Policy Responses
1 2 3
Protection Requirements
A Confidentiality Agreement B
Procedural Best Practices (e.g. EU Directive
95/46/EC Art. 6(1)) C Technological
Protections (e.g. Texas Code 25.130(j)(3)
CAA) D Audits or Compliance Reports
Disclosure Consent Regulation
Protection Requirements
Smart Grid Info.
10Privacy Concern
The Regulatory Tool Kit
Balancing Risks
Existing Privacy Law
Policy Responses
1 2 3
Notice of Breach
Notice to both the electricity customer and to
the PUC. Safe haven if security audits are
clean.
Disclosure Consent Regulation
Protection Requirements
Smart Grid Privacy
Notice of Information Breach