Lockstep Consulting was engaged by the Department of Primary Industries to undertake a Privacy Impact Assessment (PIA) of Victoria's Advanced Metering Infrastructure (AMI) or "smart metering" program.

The scope of this PIA is the smart metering program in general, with the objective of establishing whether the program as overseen by DPI has properly anticipated the privacy impacts of introducing interval metering, remote communication and control capabilities to domestic consumers, and whether the management and design of the new metering system provides for adequate controls over Personal Information, including the governance of new controls yet to be developed for potential broader usage of power consumption data.

This PIA is not an assessment of the privacy compliance of any particular organisation involved in the AMI program.

The PIA uncovered no collections, disclosures or other flowsDPI should take heed also of the statement that  of Personal Information concerning consumers that would go beyond the AMI's legitimate purposes. We see no need for any operational changes to the way electricity retailers, distributors and AEMO handle information flows. Security is generally very good, as required by Essential Services Commission licensing, the National Electricity Rules and the Minimum AMI Functionality Specification, and there are high expectations of confidentiality imposed by industry codes. Technical security standards and conservative default settings mean that inadvertent privacy risks with Home Area Networks (HANs) such as exposure to drive-by snooping are unlikely. Business processes are not yet in place for the widespread establishment of HANs from smart meters, and it will be some time before they are, but these will have to recognise and address potential privacy concerns.

Yet the broader concerns of privacy-most notably openness about use and disclosure, and the choices that consumers will have to control secondary usage under a future AMI environment-are not well ingrained across the electricity industry. Relatively little public information has been made available about smart meters. A range of community concerns abound and some of them are warranted. While many of the public's anxieties exceed the actual risks of privacy invasion, a much improved program of communications aimed at consumers and the general public is recommended. Communications to date have been limited to the mechanics of the meter rollout, and have done little to allay concerns relating to the broader sharing of metering data that will be made possible in the medium term. We recommend a fresh set of messages be designed by a reenergised AMI Communications Working Group, covering the reality of smart metering information flows, the limited extent to which they reveal behavioural patterns within households, and the choices that consumers have to control them. The sheer volume of meter data being retained now for many years should be reviewed, with consideration given to de-identification, aggregation and/or earlier deletion if there is not a compelling business need to retain all raw data well beyond two years.

We recommend that all metering data should be handled in accordance with the National Privacy Principles (NPPs). Regardless of any fine arguments about whether metering data technically counts as Personal Information, committing to and applying the NPPs will set a uniformly high standard of care, commensurate with the community's broad anxieties about smart metering, and with the future potential value of the data.

All Retail Businesses and Distribution Businesses should review and update their privacy policies in this light, to articulate how they understand their obligations under the National Privacy Principles. Distribution Business especially should note that the legal definition of Personal Information is broader than customer records and the like. It appears that materials given to consumers to date have not included much information about the primary purpose of collecting smart meter data and the potential for secondary usage of the data. Nor has the industry clearly communicated the many safeguards that are already in place to protect consumer privacy, such as the National Electricity Rules, the ESC licence conditions and the ESC's codes. All organisations handling metering data should therefore review and update their "Privacy Notices" or any other explanations provided in customer information about how their data is handled. The complexity and depth of metering information means that layered privacy notices are advisable.

The electricity industry anticipates a great deal of innovation to be enabled by smart metering, with many new services to help consumers better manage their energy efficiency, and the emergence of new third party services. Such rapid changes coming on the heels of the physical meter rollout may create further anxieties. Looking ahead, we believe the industry needs to do more than improve the way it explains these developments. To demonstrate good faith to consumers and the public, we recommend that the industry commit to an Opt-In model, such that secondary usage of smart meter data, to the greatest practical extent, is only made with express consent of the customer.

In summary, the present privacy shortcomings of the AMI program may be addressed by updating Privacy Policies, refreshing and extending customer communications, committing to the National Privacy Principles, and committing to an Opt-In model for managing secondary use of metering data. None of these recommendations should mean immediate operational changes, and no privacy response will change the license conditions of any Registered Participants. In the medium term, an Opt-In model will influence the design of business processes for HAN activation and for other sharing of metering data with third parties.

Glossary

See also http://www.aemo.com.au/Glossary.

Technical terms

Personal Information
According to the Privacy Act 1988 (Cth) personal information means "information or an opinion (including information or an opinion forming part of a database), whether true or not, and whether recorded in a material form or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion"[13].

ZigBee
A special purpose wireless communication protocol developed for the secure networking of devices such as medical equipment and "smart" home appliances. ZigBee is the protocol of choice for Home Area Networking. It is separate from and not interoperable with the better known "wifi" wireless protocol for computer networking, and is generally rather more secure.

Abbreviations

AbbreviationFull Name
AEMC Australian Energy Market Commission
AEMOAustralian Energy Market Operator
AMIAdvanced Metering Infrastructure
That is, the Victorian smart metering program.
BPPWGBusiness Process & Procedures Working Group
of the national smart metering program.
COTACouncil on the Ageing
CUACConsumer Utilities Advocacy Centre
DB(Electricity) Distribution Business
ENAEnergy Networks Association
Peak national body for gas and electricity distribution businesses.
ERAAElectricity Retailers Association of Australia
Independent association lobbying in the interests of national RBs.
ESPEnergy Services Portal
A data structure and interface contained in the smart meter, and specified by the ZigBee standards, which controls what information can be exchanged over the HAN.
ESC Essential Services Commission
Licenses Victorian electricity market participants and develops/administers industry codes.
FAQ Frequently Asked Questions
HAN Home Area Network
A special type of local area network where a smart meter is connected over the wireless "ZigBee" protocol with other devices
such as an In Home Display and "smart" appliances.
IHD In Home Display
A domestic device connected to a smart meter (typically by the special purpose wireless ZigBee protocol) for showing electricity consumption data in various formats.
IPPs Information Privacy Principles
As laid down for example by the Victorian Information Privacy Act or separately by the federal Privacy Act for government bodies. Not applicable to Victoria's privately owned DBs and RBs.
LANLocal Area Network
MDAMeter Data Agent
MDMMeter Data Management system
MDPMeter Data Provider
NBNNational Broadband Network
NECFNational Electricity Consumer Framework
NEMNational Electricity Market.
NMINational Meter Identifier
NSMPNational Smart Metering Program
OPCOffice of the Privacy Commissioner (federal)
OVPCOffice of the Victorian Privacy Commissioner
NERNational Electricity Rules
NPPsNational Privacy Principles
As laid down by the private sector provisions of the federal Privacy Act [XXX REF] and applicable to privately owned large businesses such as Victoria's DBs and RBs.
PAN IDPersonal Area Network Identifier
The ZigBee network identifier for a HAN hub (such as a smart meter) akin to a wifi network SSID.
PIPersonal Information
PIAPrivacy Impact Assessment
PSMProtective Security Manual
The Commonwealth's 'bible' for securing information, personnel and physical assets.
RB(Electricity) Retail Business
RoLRRetailer of Last Resort
SEPSmart Energy Profile
SMESmall or Medium Enterprise
Businesses turning over less than $3M p.a. are generally not required to comply with the NPPs.
SMISmart Metering Infrastructure
Technically equivalent to "AMI" and used more in the National Smart Metering Program.
SSIDService Set Identifier
The public name for a wifi network, visible to devices trying to connect to the network.
TOUTime Of Use [pricing]
TRAThreat & Risk Assessment
A formalised methodology for analysing the potential security threats to a system, and gauging their seriousness as a function of expected likelihood and severity of all foreseeable adverse events.
WANWide Area Network

Page last updated: 09/06/17