Summary of existing information flows
Historically, metering data has been collected from accumulation ("spinning disk") meters by or on behalf of DBs, usually no more frequently than once a quarter. Metering data provided by the DB to AEMO and RBs is tagged only by a National Meter Identifier (NMI). It is not accompanied by name or address information.
Metering information is transferred by the DB to AEMO and to the RB.
In a distributor's backend systems, the NMI is associated with a physical address for the meter. The DBs also maintain contact names for each address, for the purposes of making contact in case of a problem accessing the meter; these names may be different from those used by RBs for billing purposes. There is also the necessity to keep track of households with medical equipment that cannot be routinely disconnected from the supply without special checks. For retailers, the NMI is associated with a location (typically a residential street address) and a customer name for billing purposes. In order to provide for RoLR events, RBs are obligated to inform DBs when there is a change to the customer name associated with a NMI (for example, when a customer moves out of residential premises). Therefore DBs collectively hold name and address details for essentially all electricity customers. In general these details are kept separate from the NMI-keyed meter data.
The use of NMIs (rather than actual addresses or names) to identify metering information when in transmission provides a measure of privacy protection, yet both DBs and RBs can and do associate each NMI with both an address and a named individual, in other parts of their businesses. Therefore in some
cases metering data will constitute Personal Information. To put it another way, given the complexity of databases, and the fact that staff within the businesses have diverse roles that necessitate access to multiple systems, there are certainly various means for metering data to be rendered identifiable. Therefore it would be
difficult to prove that no metering data was Personal Information.
To avoid tortuous and technical arguments about identifiability, and to exhibit instead a precautionary approach, later in this report we will make the case for handling all metering data in accordance with the NPPs, as if it was in fact potentially Personal Information. For the rest of this analysis, we will examine metering data 'through the lens' of the NPPs, whether or not the data is technically Personal Information.
New smart meter related flows
The following diagrams illustrate the primary flows of smart metering data today from premises to the DB and through to the RB and AEMO, and the additional secondary flows expected in future with the introduction of third party services and HANs.
Figure 2: Primary flows of metering data
Figure 3: Secondary flows of metering data
— Interval power consumption is sampled every 30 minutes and sent from the meter to the DB, typically in blocks over the course of the day; 24 hours worth of interval data thence sent daily to the RB and to AEMO.
— Power quality (a function of voltage) is sampled less often, on an exception basis.
— Commands may be sent from the DB to the meter, for example to disconnect supply, to re-energise the supply, and to bind a new HAN device.
— Log information is sent from the meter to the DB concerning defined events such as power disruptions and tampering (not shown in the diagrams).
— Instantaneous power consumption (that is, power consumption at any instant in time, without the 30 min sampling constraint) can be sent from the meter to a qualified HAN-connected device.
— The ZigBee protocol supports the exchange of other brief messages amongst devices sharing the meter-controlled HAN. We understand there is some flexibility here to set constraints on HAN device messaging via the Smart Energy Profile (SEP), and that these matters will be covered by BPPWG in near future.
Collection of Personal Information and metering data
Our review of the installation process indicates that customers are not generally required to furnish any details themselves at the time of installation (indeed, they are not even required to be present). Instead, details are taken from existing records at the backend. Therefore, no Personal Information is generally collected directly from individuals in AMI.
Metering data is collected and stored automatically in the meter.
Metering data is transmitted in batches from the meter to the DB in blocks that are usually no more than 24 hours long. National rules dictate that daily meter data be uploaded to AEMO by 6:00AM the following day. To help manage data network capacity, DBs increasingly tend to upload in shorter blocks from the meters several times a day. Data collected in the meter is retained there for 200 days to help ensure business continuity should the normal meter reading process be interrupted. Data older than 200 days is automatically overwritten.
Raw interval is retained at AMEO for seven years.6
Use of metering data
The primary purpose for half hourly interval meter data collection in AMI may be considered to be two-fold:
- Provide frequent high quality interval consumption data to support the national electricity market which settles on a half-hourly basis.
- Monitor consumption with greater resolution so as to improve network infrastructure management.
Note that the collection of power consumption data in general (and in common across old accumulation meters and new smart meters) is primarily related to the billing of electricity consumers. The AMI program does not change the fundamentals of billing, nor the relationships between DBs and RBs that enable sharing of meter data for billing. Because this PIA is focused on the changes to privacy brought about by smart metering (see Scope & Deliverables, page 10), we do not discuss billing, and we ignore billing in analysing primary vs. secondary uses for interval meter data.7 There is a spectrum of current and potential secondary uses of interval data, including:
a. supporting direct load control
b. the creation of energy efficiency advice (for 'free')
c. direct marketing of advice and/or energy management services by the contracted retailer
d. direct marketing of and/or energy management services by third parties
e. direct marketing of specific appliances.
In privacy, a central issue is the degree to which any secondary use of information is related to the primary purpose for collection, and the likelihood that individuals would perceive secondary use to be reasonable. The further along the spectrum we venture, the harder it becomes to argue that the secondary usage is directly related to the primary collection purpose. Given the need for judgement, and the inevitability that such judgments would be made differently by different consumers, we urge caution with regards to presuming that any secondary usage of metering data is directly related to half-hourly settlement of the market.
6 We note that AEMO believes its mass storage system to be the biggest in the Southern Hemisphere.
7 Note also that enhanced Time Of Use (TOU) as enabled by smart metering is regarded as directly related to billing. TOU tariffs have been in use for many years, and have been enhanced by the advent of interval data. The use of interval data in TOU pricing is not a secondary use of that data.
We recommend that the AMI program not take for granted that any customer will regard secondary use as reasonable. In other words, we believe that an express Opt-In model be adopted for managing consumers' acceptance of secondary usage, by which consumers would always be given a free choice to take any of these options, and that by default, no secondary reuse would be made until the consumer freely chooses same.
Disclosure of metering data
We regard the daily transfer of interval data from Distribution Businesses to AEMO to relate to the primary purpose for information collected by smart metering. However, other exchanges of information with Retail Businesses-with the exception of billing-are secondary and need to be examined in terms of compliance with the Disclosure principle. With respect to billing, as noted on the previous page, we assume in this PIA that a typical consumer, if they appreciate the role of Distribution Business and Retail Businesses, would find it reasonable for DBs to disclose meter data to RBs for the purposes of billing. The fact that RBs and DBs are separate legal entities, with no control over how each other operates, means that any transfer of metering data between them for purposes other than billing should be regarded as a Disclosure, and not a Use.
Page last updated: 09/06/17