On October 1, 2012, Washington-based think tank the Future of Privacy Forum (FPF) announced the first privacy seal program for companies processing consumer energy usage data (CEUD) made available through smart meters. The seal will be powered by TRUSTe, a data privacy management company. To create the program, FPF and TRUSTe worked with a number of utilities, utility regulators, and private firms, including AT&T, Comcast, IBM, Motorola, and Verizon. The program will include an advisory committee comprising Edison Electric Institute, the Gridwise Alliance, and consumer advocates.
Given the nascence of grid modernization efforts, the CEUD made available through smart meters does not fall within the scope of existing federal privacy statutes. While a number of states – namely, California and Colorado - are taking an aggressive role in developing privacy policies for smart meter data, many states have not even started to take up the issue. In the absence of comprehensive and consistent state and federal regulation, numerous industry guidelines and best practices have emerged. The FPF’s privacy seal program is a self-regulatory approach that has been hailed by industry members as a “landmark consumer privacy initiative”. It covers two types of CEUD: data collected directly from consumers by smart devices (i.e., smart appliances), and data collected by third parties (i) directly from a smart meter, (ii) provided by the utility, or (c) provided by the consumer. The FPF believes that this program is critical to vet the privacy policies of third parties and to provide assurances to utilities, regulators, and consumers that companies are in compliance with responsible standards. In addition, it will provide consumers with an avenue for complaint resolution and will supplement regulators’ efforts to ensure consumers are protected. Click here for a model short consent form for a hypothetical Smart Water Heater.
Dr. Ann Cavoukian, Ontario’s Information and Privacy Commissioner, applauds the FPF’s new initiative. “The seal is a reflection of Privacy by Design which requires that a proactive approach be taken. FPF recognizes that privacy is best assured when it is strategically interwoven into operational processes and business practices.” This program is the first of likely many self-regulatory programs in the energy context to ensure that participating companies commit to responsible privacy and data security practices.