Both developing nations and established powers have taken a keen interest in smart grid technology in recent years, viewing it as the most promising avenue for more responsible, efficient distribution of energy resources. But while few question the economic and financial benefits of smart grid strategies, security continues to be a lingering concern.
Industry and government experts have consistently warned of smart grid vulnerabilities that could be exploited by cybercriminals to the detriment of national security priorities. However, the latest wave of anxiety surrounds an issue that could have much more immediate implications for consumers. According to the office of the European Data Protection Supervisor (EDPS), the wealth of data collected via smart meters could pose serious risks to customer privacy.
Smart meters typically record end user energy consumption at intervals of at least once every hour. This data is then communicated back to the utility provider to track service quality and usage rates. Remote monitoring significantly reduces labor costs for the company and can provide the customer with various benefits. By gathering data in real time, utility providers can identify and respond to service outages faster and more predictably determine customer demand so that resources can be provisioned in the most sustainable and affordable manner possible.
But as utility providers open the door to greater visibility and high-level data analytics, there is some concern over where they may draw the line. Most notably, regulators believe smart meters could lead companies down a slippery slope toward making inferences on domestic activities.
"While the Europe-wide rollout of smart metering systems may bring significant benefits, it will also enable massive collection of personal data which can track what members of a household do within the privacy of their own homes, whether they are away on holiday or at work, if someone uses a specific medical device or a baby monitor, how they like to spend their free time and so on," EDPS officials suggested.
By assessing patterns and compiling customer profiles, regulators believe utilities could be tempted to commercialize this information through marketing, advertising or even price discrimination. But even if service providers decide to do nothing but sit on this information, any loopholes in data security best practices could put sensitive private records into cybercriminal hands.
In light of these concerns, assistant European Data Protection Supervisor Giovanni Buttarelli is wondering if more stringent regulation may be in order for smart meter projects throughout the region.
"The EDPS calls on the [European] Commission to assess whether further legislative action is necessary at the EU level to ensure adequate protection of personal data for the roll-out of smart metering systems and – in [the supervisor's] opinion – provides pragmatic recommendations for such legislative action," said Buttarelli.
The first recommendation made by the EDPS is for regulators to provide legal guidance to customers so that they will understand the full complement of data protection choices available to them. Among other things, customers may be able to decide the frequency with which their usage data is collected.
Additionally, the EDPS called for more transparent explanations of data retention policies and protocols employed by utility providers and suggested that EU regulators take a more proactive stance in standardizing the length of storage periods and facilitating proper disposal.
Finally, Buttarelli's team spoke to the critical need for privacy-enhancing technologies (PETs) throughout the region. The main aim of these mechanism will be to eliminate the need to export data from the household, thus reducing the likelihood of compromise while in transit. Additionally, more advanced data sampling and aggregation methods could be used to help providers derive the same insights from a lower volume of information gathered less frequently.
Data Security News from SimplySecurity.com by Trend Micro
