Technology is creating new opportunities for the utility sector. The Internet of Things, Big Data, and connected devices are transforming utility infrastructure operations for the better. However, every coin has two sides. The same technology leaves behind vast amounts of sensitive customer data, pressing utilities to shift their privacy perspectives.
The deployment of smart meters and an increasing use of sensor technology and communication devices will require utilities to improve their data management efforts – particularly in the EU, where utilities are facing strict regulatory restrictions.
Smart Meters and Privacy Concerns
The massive deployment of smart meters used to measure electricity, gas, and water consumption remotely in real-time provides a range of benefits for both consumers and utilities. As smart meters enable two-way communication between suppliers and end users, utilities can utilize smart meter data to gain better insight into infrastructure operations, to improve grid reliability and customer satisfaction, and to develop new revenue sources. According to Accenture estimates, utility customer data may be a multi-billion market in the US alone.
For consumers, on the other hand, smart meters can help them optimize their energy consumption patterns to cut costs, enable automatic energy management, and open up for additional smart home services.
Despite the significant benefits of smart meters, many consumers are legitimately concerned about how their data will be used. After all, energy consumption data may reveal intimate details about consumers, including whether householders are away from home, when they go to sleep or when they wake up. Unauthorized access to customer-related data could have severe consequences.
GDPR: Transforming European Data-Protection Laws
Data protection has always been important. As the General Data Protection Regulation (GDPR) comes into force on May 25, 2018 for all European Union members, it becomes vital. As McKinsey explains, the GDPR seeks to ensure that personal data are protected against any misuse or theft and to give EU citizens control over how their data is used. To handle an increasing amount of customer-related data in compliance with GDPR, it’s imperative that utilities familiarize themselves with the new legislation.
The Norwegian Data Protection Authority provides a valuable summary of the guiding principles of the GDPR:
- Lawfulness, fairness, and transparency: The processing of data must be lawful, and done transparently and predictably to respect the interests of the data owner.
- Purpose limitation: Personal information should only be processed for specific and legitimate reasons that are explicitly expressed to the data owner.
- Data minimization: The amount of data collected should be limited to the what is necessary for the purposes for which those data are used.
- Accuracy: Any personal data processed should be accurate and updated if necessary.
- Storage limitation: Data should not be stored in a format that allows any personal identification any longer than necessary and should be erased or anonymized when the data is no longer required for the purpose it initially was processed for.
- Integrity and confidentiality: Data should be processed and managed in a way that safeguards the end user’s integrity and privacy.
- Accountability: The one who controls and manages the data, is the one who is responsible for demonstrating compliance.
Utilities that fail to comply risk fines of up to four percent of turnover or €20 million.
How to Maintain Security, Privacy, and Confidentiality in Infrastructure Operations
How, then, do you maintain the security of the data you manage on behalf of your customers? Above all, you should ensure you have an IT infrastructure that allows you to safely process, store, and make use of customer-related data. Microsoft highlights several features required for such an infrastructure:
- Identity and access management
- Data access control and encryption
- Virtual networks and firewalls
- Secure remote access
- Logging and monitoring
- Threat mitigation
Although the technological transformation of the utility sector opens up a range of new opportunities, increasing digitalization is not entirely unproblematic. The more detailed the customer-related data you collect is, the higher the risk of unauthorized access to critical information. The more data collected, the more stringent the requirements for security and privacy are. As a utility, you have a great responsibility to manage security and privacy.