Scope & Deliverables

This PIA was conducted on behalf of DPI in order to ascertain the overall state of consumer privacy protection within the AMI program, in parallel with the broader program reviews being undertaken by the new state government. The contracted PIA was required to deliver the following:

  1. Project description: Broadly describe the project, including the aims and whether any personal information will be handled.
  2. Mapping the information flows and privacy framework: Describe and map the project's personal information flows and document all relevant legislative and organisational rules.
  3. Privacy impact analysis: Identify and analyse the project's privacy impact.
  4. Privacy management: Consider how to manage any privacy impact, particularly options that will improve privacy outcomes and still achieve the project's goals.
  5. Recommendations: Produce a final PIA report covering the above stages and including recommendations

This report is structured accordingly.

This PIA is not a detailed assessment of the privacy compliance of any particular organisation involved in smart metering. It may be the case that electricity distributors and retailers will undertake separate PIAs of their respective businesses, in the same way as they undertake their own security evaluations. Moreover, our investigation of privacy and security practices at various participants was limited to relatively short interviews, to attain a general understanding of how RBs and DBs work with customer data across the board. We have had to generalise to a significant extent about security and customer service practices. We have tried to make clear in this report where we make assumptions and where such assumptions should be substantiated by further investigation.

The PIA was focused on the difference to privacy made by introducing smart metering. We do not seek to pass judgement on the privacy arrangements for customer data collected from older "accumulation" ("spinning disk") meters, nor to any other data handled by businesses.

The PIA does attempt to anticipate (as best we can at this stage) privacy issues arising in the medium term, when Home Area Networks (HANs) come to be activated, and when power consumption data may start to be shared with third parties which are not currently Licensed Participants.


This PIA was conducted primarily by means of desk top review of business analysis and technical documents and in-person interviews with selected stakeholders.

In summary, the desk top review covered:

  • AMI project documentation
  • NSMP project documentation
  • Customer communications of the DBs and RBs
  • ZigBee technical specifications
  • ESC regulations and codes
  • the National Electricity Rules (particularly chapter 7)
  • selected stakeholder submissions to AMI program reviews.

The full list of documents in the desk-top review appears in the References section.

Stakeholder meetings

We conducted two waves of focused stakeholder meetings as detailed in the table below, in order to understand the AMI program from all angles, and to collaboratively explore and uncover privacy issues. The first wave of meetings (June 21-22) was with individuals for the most part selected by DPI to give us a fast start to the investigation stage, including consumer groups and advocates. We met informally1 with members of the Energy Networks Association (ENA) and the Electricity Retailers Association of Australia (ERAA) to discuss broad industry issues. During the first visit we were also able to make a few additional ad hoc appointments. The second wave (July 11-12) was an attempt to engage with a fuller and more representative set of industry stakeholders.

1 These meetings were "informal" in the sense that they were not conducted on the basis of anyone claiming to represent the official views of the respective associations. Rather, individuals were senior players in the industry and could be relied upon as authoritative insofar as they are deeply informed by the perspectives of retail and distribution business.

Date Interviews
9 June PIA engagement kickoff (tele conference)
  • Eleanor McCracken-Hewson
  • Graham Dawson
  • Peter Clements
  • Stephen Wilson, Anna Johnston
21 June Orientation meeting (DPI, 1 Spring St.)
  • Eleanor McCracken-Hewson
  • Graham Dawson
  • Peter Clements
  • Stephen Wilson, Anna Johnston
21 June Technical briefing (DPI, 1 Spring St.)
  • Stephen Thompson
  • Eleanor McCracken-Hewson
  • Stephen Wilson, Anna Johnston
21 June Consumer group briefing (DPI, 1 Spring St.)
  • Janine Raynor – Consumer Action Law Centre
  • Eleanor McCracken-Hewson
  • Stephen Wilson, Anna Johnston
22 June Informal ENA briefing (DPI, 1 Spring St.)
  • Patrick Murphy – SP AusNet
  • Kevin Webster – United Energy Distribution
  • Verity Watson – United Energy Distribution
  • Eleanor McCracken-Hewson
  • Stephen Wilson, Anna Johnston
22 June Informal ERAA briefing (DPI, 1 Spring St.)
  • Martin Excelby – Red Energy
  • Eleanor McCracken-Hewson
  • Stephen Wilson, Anna Johnston
22 June Marketplace briefing (AEMO, 530 Collins St.)
  • John Wiskin – AEMO
  • Eleanor McCracken-Hewson
  • Stephen Wilson, Anna Johnston
22 June Consumer group briefing (DPI, 1 Spring St.)
  • Craig Memery – Alternative Technology Association
  • Eleanor McCracken-Hewson
  • Stephen Wilson
23 June Retailer meeting (Lumo, 575 BourkeSt.)
  • Ross Evans – Lumo Energy
  • Stephen Wilson
11 July Consumer group briefing (98 Elizabeth St.)
  • Debra Parnell – Council of the Ageing
  • Stephen Wilson, Anna Johnston
11 July AMI management briefing (DPI, 1 Spring St.)
  • Peter Clements
  • Stephen Wilson, Anna Johnston
11 July Retailer meeting (DPI, 1 Spring St.)
  • Alex Cruikshank – AGL
  • Stephen Wilson, Anna Johnston
11 July Retailer meeting (DPI, 1 Spring St.)
  • Fiona Simon – Origin
  • David Calder – Origin
  • Stephen Wilson, Anna Johnston
11 July BPPWG briefing (AEMO, 530 Collins St.)
  • Shaun Dennison – BPPWG
  • Stephen Wilson, Anna Johnston
12 July Retailer meeting (tele conference)
  • Stuart Pearce - TRUenergy
  • Stephen Wilson, Anna Johnston
12 July Consumer group briefing (172-190 Flinders St.)
  • Jo Benvenuti – CUAC
  • Deanna Foong – CUAC
  • Stephen Wilson, Anna Johnston
12 July Follow-up technical questions(DPI, 1 Spring St.)
  • Stephen Thompson
  • Stephen Wilson, Anna Johnston
12 July Regulatory meeting (ESC, 35 Spring St.)
  • Jeff Cefai – Essential Services Commission
  • Phil Warren – Essential Services Commission
  • Peter Clements
  • Stephen Wilson, Anna Johnston
20 July Regulatory meeting (OPC, Sydney)
  • Timothy Pilgrim – Privacy Commissioner
  • Alison Nesbit – Office of the Privacy Commissioner
  • Stephen Wilson

On July 27 we convened a three hour workshop in Melbourne with a wide range of stakeholders, to present interim findings and to discuss the ramifications of our initial recommendations. Attendees were as follows:

Eleanor McCracken HewsonDepartment of Primary Industries
Graham DawsonDepartment of Primary Industries
Peter ClementsDepartment of Primary Industries
Michael StoyanoffDepartment of Primary Industries
Paula CosgroveDepartment of Primary Industries
Stephen WilsonLockstep Consulting
Peter WallaceCitipower /Powercor
Bob BoslerAEMO
Jason FortePrivacy Victoria
Tim McCoyGE Energy
Miguel BrandoGE Energy
Sallie ProctorAGL Energy Limited
Judy AndersonSmart Grid Australia
Simon VardySmart Grid Australia
Pia HerbertDepartment of Business and Innovation
Alan LoveSimply Energy
Neil Bryden,DiUS
Clency CoutetDiUS
Louizanne DiazNeighbourhood Energy Pty Ltd
Stephen MajorUnited Energy and Multinet Gas
David CalderOrigin Energy
Jo BenvenutiConsumer Utilities Advocacy Centre
Stephen GrantRed Energy
Chris LogieEnergy and Water Ombudsman of Vic
Susan StreeterEnergy Networks Association
Shane FairlieJemena
Caroline McGeechanAustralian Power & Gas
Yann BurdenBillcap
Nabil Chemali[emena
Janine RaynerConsumer Action Law Centre
Phil WarenEssential Services Commission
Craig MemeryAlternative Technology Association
Dean LombardVictorian Council of Social Service
James HarrisSMS Management & Technology
Gary CampanellaAMI Program Office

Terms of reference

The primary terms of reference for this PIA are the National Privacy Principles (NPPs), based on the fact that in Victoria all DBs and nearly all RBs are large privately owned enterprises. There are two types of exception to this rule.

Firstly, it is possible that the very smallest electricity retailers fall below the annual revenue limit that defines small-to-medium enterprises (namely $3M p.a.) which are exempt from the Privacy Act. While it is expected that any viable RB would generate revenues in excess of $3M eventually, it may be prudent during the early stages of such a business to clarify that it is expected to comply with the NPPs. One way to ensure this is for small retailers to expressly opt in to be bound by the NPPs, as can be done at

Secondly, the ownership of one RBDnamely Red EnergyDmay be traced back to state governments via Snowy Hydro Limited. This means that Red Energy is neither a private business nor a federal government agency, and thus it falls outside the jurisdiction of federal privacy legislation. Nevertheless, we note that both Red Energy and Snowy Hydro have committed themselves to the NPPs:Red Energy is committed to compliance with the laws that protect your personal information, including the Privacy Act 1988 and the National Privacy Principles accessed 6 July 2011)

Snowy Hydro Limited is committed to complying with the National Privacy Principles set out in the Privacy Act 1988 (Cth) accessed 6 July 2011.

We occasionally make additional reference to the Victorian Charter of Human Rights & Responsibilities, for it includes obligations with respect to individual privacy. Technically, the Charter only applies to the government of Victoria and not to private industry, yet because smart meters are mandated by government, there is an argument that the Charter may be relevant. We also note that the Victorian Privacy Commissioner made mention of the Charter in her submission to the ESC review [8] when she highlighted that people are concerned about smart metering representing a sort of intrusion into their homes. If the Charter does not hold sway formally, it still acts as a useful benchmark.

The Victorian Human Rights Commission notes that:The Charter ... requires that the Victorian Government, public servants, local councils, Victoria Police and other public authorities consider human rights when they make laws, develop policies and provide their day-to-day services.

That is, as an arm of government, DPI may need to refer to the Charter when developing policies in the AMI program, even though electricity market participants themselves are not themselves bound by it.

DPI should take heed also of the statement that "the Victorian Ombudsman can receive and investigate complaints about whether administrative actions taken by the Government, local councils and public authorities are in breach of, or have not properly considered human rights".

Page last updated: 10/06/17