A.1 Project documents

[1]. Customer information frameworks enabled by AMI Rev 1.0, Impaq Consulting, 4 November 2010
Filename: Attachment 3 DPI-AMI-Customer Information Research Paper.docx
[2]. Minimum AMI Service Levels Specification (Victoria), DPI, Rel 1.1, 2008
Filename: Attachment 1 Minimum AMI Service Levels Specification Victoria Release 1-1.pdf
[3]. Minimum AMI Functionality Specification (Victoria), DPI, Rel 1.1, 2008
Filename: Attachment 2 Minimum AMI Functionality Specification Victoria Release 1-1.pdf
[4]. Overview of AMI Services, Graham Dawson, DPI, 27 May 2011
Filename: Attachment 4 Overview of AMI Services.pptx

A.2 External documents

[5]. Regulatory Review – Smart Meters Final Decision, Essential Services Commission, September 2010
http://www.esc.vic.gov.au/NR/rdonlyres/C6055E17-A851-4F2A-8050-EE2B4464203D/0
/FDPSmartMetersRegulatoryReview20100831.pdf
[6]. Review of the advanced metering infrastructure program – Issues paper for public consultation, Department of Treasury & Finance, May 2011
http://www.esc.vic.gov.au/NR/rdonlyres/C6055E17-A851-4F2A-8050-EE2B4464203D/0/
FDPSmartMetersRegulatoryReview20100831.pdf
[7]. Business Process and Procedures Working Group Education Forum Objective & Scope 11 April 11 v05 Peter Egger, BPPWG Leader
http://www.dtf.vic.gov.au/CA25713E0002EF43/WebObj/AEMOattachment2/$File/
AEMO%20attachment%202.pdf (accessed 27 June 2011)
[8]. Submission to the Essential Services Commission on Smart meters, Office of the Victorian Privacy Commissioner, 17 May 2010
http://www.privacy.vic.gov.au/privacy/web2.nsf/files/smart-meterssubmission-2010/$file/submission_05_10_no1.pdf
[9]. Electricity Customer Metering Code, Essential Services Commission, April 2011
http://www.esc.vic.gov.au/NR/rdonlyres/ECE60361-2D94-4AAF807AB32B7014B0E7/0/RIElectricityCustomerMeteringCodeApril201120101101.pdf
[10]. ZigBee PRO Smart Energy API User Guide JN-UG-3059, NXP Laboratories, Revision 2.0, 24 November 2010
http://www.jennic.com/files/support_files/JN-UG-3059-ZigBee-PROSmart-Energy.pdf
[11]. National Electricity Rules Version 43, Australian Energy Market Commission, April 11 available from
http://www.aemc.gov.au/Electricity/National-Electricity-Rules/Current-Rules.html, accessed 30 June 2011
[12]. Electricity Industry Act 2000 (Vic)
[13]. Privacy Act 1988 (Cth)
[14]. Privacy Amendment (Private Sector) Act 2000 (Cth)
[15]. Charter of Human Rights and Responsibilities (Vic)
[16]. Privacy notices code of practice, UK Information Commissioner's Office, 2010
http://www.ico.gov.uk/for_organisations/data_protection/topic_guides/~/media/
documents/library/Data_Protection/
Detailed_specialist_guides/PRIVACY_NOTICES_COP_FINAL.ashx
[17]. Consumer Principles for Home Area Networks and Direct Load Control, Version 1.0
Filename: BPPWG workshop 30 - Consumer principles for HAN.pdf
[18]. Origin announces Australia's first large-scale pilot of a 'smart home' solution Media Release 20 May 2011
http://www.originenergy.com.au/news/article/asxmedia-releases/1299 (accessed 22 July 2011)
[19]. Decision Adopting Rules to Protect the Privacy and Security of the Electricity Usage Data of the Customers of Pacific Gas & Electric Co., Southern California Edison Co., and San Diego Gas & Electric Co. Public Utilities Commission of California, 28 July 2011
http://docs.cpuc.ca.gov/WORD_PDF/AGENDA_DECISION/140188.pdf
[20]. Information About Your New Electricity Smart Meter, Citipower Powercor Australia
Filename: AMI Notification Card and Cover DRAFT PowercorCitiPower.pdf
[21]. Smart Meter Fact Sheet, SP AusNet
Filename: FactSheet-SmartMeter_FINAL PDF.pdf
[22]. Important information about the installation of your new Smart Meter,Jemena
Filename: JEN - Smart Meter Introduction II.pdf
[23]. Important Information Regarding Your Electricity Supply, Citipower
Filename: PowerCor CitiPower Letters FINAL.pdf
[24]. Public Notice to Customers (Shire of Nillumbik), SP AusNet
Filename: NCASP528_PublicNoticeCustomers_185x130mm_WEBN2.pdf
[25]. Important information about the installation of your new Smart Meter, United Energy Distribution
Filename: UED - Smart Meter Introduction II.pdf
[26]. Notice of Personal Information Management Policy, United Energy Distribution
http://www.ue.com.au/privacy/download/personal_information_management_statement.pdf

A.3 Other sources

  • http://www.esc.vic.gov.au/public/Energy/Regulation+and+Compliance/Decisions+and+Determinations/
  • Smart+meters+regulatory+review/Smart+meters+regulatory+review.htm
  • http://www.dtf.vic.gov.au/CA25713E0002EF43/pages/dtfprojects-review-of-the-advanced-metering-infrastructure-program
  • http://www.esc.vic.gov.au/public/Energy/Regulation+and+Compliance
  • http://www.aemc.gov.au/Electricity/National-Electricity-Rules/Current-Rules.html
  • http://epic.org/privacy/smartgrid/smartgrid.html
  • http://share.aemo.com.au/smartmetering/Document%20library/Forms/AllItems.aspx
  • http://www.zigbee.org
  • http://www.humanrightscommission.vic.gov.au/index.php?option=com_k2&view=item&layout=item&id=764&Itemid=515
  • http://stopsmartmeters.org

Appendix: National Privacy Principles

NPP1 Collection

1.1 An organisation must not collect personal information unless the information is necessary for one or more of its functions or activities.
1.2 An organisation must collect personal information only by lawful and fair means and not in an unreasonably intrusive way.
1.3 At or before the time (or, if that is not practicable, as soon as practicable after) an organisation collects personal information about an individual from the individual, the organisation must take reasonable steps to ensure that the individual is aware of:
(a) the identity of the organisation and how to contact it; and
(b) the fact that he or she is able to gain access to the information; and
(c) the purposes for which the information is collected; and
(d) the organisations (or the types of organisations) to which the organisation usually discloses information of that kind; and
(e) any law that requires the particular information to be collected; and
(f) the main consequences (if any) for the individual if all or part of the information is not provided.
1.4 If it is reasonable and practicable to do so, an organisation must collect personal information about an individual only from that individual.
1.5 If an organisation collects personal information about an individual from someone else, it must take reasonable steps to ensure that the individual is or has been made aware of the matters listed in subclause 1.3 except to the extent that making the individual aware of the matters would pose a serious threat to the life or health of any individual.

NPP 2 Use and disclosure 

2.1 An organisation must not use or disclose personal information about an individual for a purpose (the secondary purpose) other than the primary purpose of collection unless:
(a) both of the following apply:
(i) the secondary purpose is related to the primary purpose of collection and, if the personal information is sensitive information, directly related to the primary purpose of collection;
(ii) the individual would reasonably expect the organisation to use or disclose the information for the secondary purpose; or
(b) the individual has consented to the use or disclosure; or
(c) [sub-clause relates to direct marketing and is not applicable; or
(d) [sub-clause relates to medical research and is not applicable] or (e) the organisation reasonably believes that the use or disclosure is necessary to lessen or prevent:
(i) a serious and imminent threat to an individual's life, health or safety; or
(ii) a serious threat to public health or public safety; or
(ea) [sub-clause relates to genetic information and is not applicable] or
(f) the organisation has reason to suspect that unlawful activity has been, is being or may be engaged in, and uses or discloses the personal information as a necessary part of its investigation of the matter or in reporting its concerns to relevant persons or authorities; or
(g) the use or disclosure is required or authorised by or under law; or
(h) the organisation reasonably believes that the use or disclosure is reasonably necessary for one or more of the following by or on behalf of an enforcement body:
(i) the prevention, detection, investigation, prosecution or punishment of criminal offences, breaches of a law imposing a penalty or sanction or breaches of a prescribed law;
(ii) the enforcement of laws relating to the confiscation of proceeds of crime;
(iii) the protection of the public revenue;
(iv) the prevention, detection, investigation or remedying of seriously improper conduct or prescribed conduct;
(v) the preparation for, or conduct of, proceedings before any court or tribunal, or implementation of the orders of a court or tribunal.
2.2 If an organisation uses or discloses personal information under paragraph
2.1(h), it must make a written note of the use or disclosure.
2.3 [sub-clause relates to bodies corporate and is not applicable].
2.4 [sub-clause relates to health service providers and is not applicable].
2.5 [sub-clause relates to health service providers and is not applicable].

NPP 3 Data quality

An organisation must take reasonable steps to make sure that the personal information that it collects, uses or discloses is accurate, complete and up to date.

NPP 4 Data security

4.1 An organisation must take reasonable steps to protect the personal information it holds from misuse and loss and from unauthorised access, modification or disclosure.
4.2 An organisation must take reasonable steps to destroy or permanently de identify personal information if it is no longer needed for any purpose for which the information may be used or disclosed under NPP 2.

NPP 5 Openness

5.1 An organisation must set out in a document clearly expressed policies on its management of personal information. The organisation must make the document available to anyone who asks for it.
5.2 On request by a person, an organisation must take reasonable steps to let the person know, generally, what sort of personal information it holds, for what purposes, and how it collects, holds, uses and discloses that information.

NPP 6 Access and correction

6.1 If an organisation holds personal information about an individual, it must provide the individual with access to the information on request by the individual, except to the extent that:
(a) in the case of personal information other than health information - providing access would pose a serious and imminent threat to the life or health of any individual; or
(b) in the case of health information-providing access would pose a serious threat to the life or health of any individual; or
(c) providing access would have an unreasonable impact upon the privacy of other individuals; or
(d) the request for access is frivolous or vexatious; or
(e) the information relates to existing or anticipated legal proceedings between the organisation and the individual, and the information would not be accessible by the process of discovery in those proceedings; or
(f)  providing access would reveal the intentions of the organisation in relation to negotiations with the individual in such a way as to prejudice those negotiations; or
(g) providing access would be unlawful; or
(h) denying access is required or authorised by or under law; or
(i) providing access would be likely to prejudice an investigation of possible unlawful activity; or
(j) providing access would be likely to prejudice:
(i) the prevention, detection, investigation, prosecution or punishment of criminal offences, breaches of a law imposing a penalty or sanction or breaches of a prescribed law; or
(ii) the enforcement of laws relating to the confiscation of proceeds of crime; or
(iii) the protection of the public revenue; or
(iv) the prevention, detection, investigation or remedying of seriously improper conduct or prescribed conduct; or
(v) the preparation for, or conduct of, proceedings before any court or tribunal, or implementation of its order by or on behalf of an enforcement body; or
(k) an enforcement body performing a lawful security function asks the organisation not to provide access to the information on the basis that providing access would be likely to cause damage to the security of Australia.
6.2 However, where providing access would reveal evaluative information generated within the organisation in connection with a commercially sensitive decision making process, the organisation may give the individual an explanation for the commercially sensitive decision rather than direct access to the information.
6.3 If the organisation is not required to provide the individual with access to the information because of one or more of paragraphs 6.1(a) to (k) (inclusive), the organisation must, if reasonable, consider whether the use of mutually agreed intermediaries would allow sufficient access to meet the needs of both parties.
6.4 If an organisation charges for access to personal information, those charges:
(a) must not be excessive; and
(b) must not apply to lodging a request for access.
6.5 If an organisation holds personal information about an individual and the individual is able to establish that the information is not accurate, complete and up to date, the organisation must take reasonable steps to correct the information so that it is accurate, complete and up to date.
6.6 If the individual and the organisation disagree about whether the information is accurate, complete and up to date, and the individual asks the organisation to associate with the information a statement claiming that the information is not accurate, complete or up to date, the organisation must take reasonable steps to do so.
6.7 An organisation must provide reasons for denial of access or a refusal to correct personal information.

NPP 7 Identifiers

7.1 An organisation must not adopt as its own identifier of an individual an identifier of the individual that has been assigned by:
(a) an agency; or
(b) an agent of an agency acting in its capacity as agent; or
(c) a contracted service provider for a Commonwealth contract acting in its capacity as contracted service provider for that contract.
7.1A However, subclause 7.1 does not apply to the adoption by a prescribed organisation of a prescribed identifier in prescribed circumstances.
7.2 An organisation must not use or disclose an identifier assigned to an individual by an agency, or by an agent or contracted service provider mentioned in subclause 7.1, unless:
(a) the use or disclosure is necessary for the organisation to fulfil its obligations to the agency; or
(b) one or more of paragraphs 2.1(e) to 2.1(h) (inclusive) apply to the use or disclosure; or
(c) the use or disclosure is by a prescribed organisation of a prescribed identifier in prescribed circumstances.
7.3 In this clause:
identifier includes a number assigned by an organisation to an individual to identify uniquely the individual for the purposes of the organisation's operations. However, an individual's name or ABN is not an identifier.

NPP 8 Anonymity

Wherever it is lawful and practicable, individuals must have the option of not identifying themselves when entering transactions with an organisation.

NPP 9 Transborder data flows

An organisation in Australia or an external Territory may transfer personal information about an individual to someone (other than the organisation or the individual) who is in a foreign country only if:
(a) the organisation reasonably believes that the recipient of the information is subject to a law, binding scheme or contract which effectively upholds principles for fair handling of the information that are substantially similar to the National Privacy Principles; or
(b) the individual consents to the transfer; or
(c) the transfer is necessary for the performance of a contract between the individual and the organisation, or for the implementation of pre contractual measures taken in response to the individual's request; or
(d) the transfer is necessary for the conclusion or performance of a contract concluded in the interest of the individual between the organisation and a third party; or
(e) all of the following apply:
(i) the transfer is for the benefit of the individual;
(ii) it is impracticable to obtain the consent of the individual to that transfer;
(iii) if it were practicable to obtain such consent, the individual would be likely to give it; or
(f) the organisation has taken reasonable steps to ensure that the information which it has transferred will not be held, used or disclosed by the recipient of the information inconsistently with the National Privacy Principles.

NPP 10 Sensitive information

10.1 An organisation must not collect sensitive information about an individual unless:
(a) the individual has consented; or
(b) the collection is required by law; or
(c) the collection is necessary to prevent or lessen a serious and imminent threat to the life or health of any individual, where the individual whom the information concerns:
(i) is physically or legally incapable of giving consent to the collection; or
(ii) physically cannot communicate consent to the collection; or
(d) if the information is collected in the course of the activities of a non profit organisation—the following conditions are satisfied:
(i) the information relates solely to the members of the organisation or to individuals who have regular contact with it in connection with its activities;
(ii) at or before the time of collecting the information, the organisation undertakes to the individual whom the information concerns that the organisation will not disclose the information without the individual's consent; or
(e) the collection is necessary for the establishment, exercise or defence of a legal or equitable claim.
10.2 Despite subclause 10.1, an organisation may collect health information about an individual if:
(a) the information is necessary to provide a health service; and
(b) the information is collected:
(i) as required or authorised by or under law (other than this Act); or
(ii) in accordance with rules established by competent health or medical bodies that deal with obligations of professional confidentiality which bind the organisation.
10.3 Despite subclause 10.1, an organisation may collect health information about an individual if:
(a) the collection is necessary for any of the following purposes:
(i) research relevant to public health or public safety;
(ii) the compilation or analysis of statistics relevant to public health or safety;
(iii) the management, funding or monitoring of a health service; and
(b) that purpose cannot be served by the collection of information that does not identify the individual or from which the individual's identity cannot reasonably be ascertained; and
(c) it is impracticable for the organisation to seek the individual's consent to the collection; and
(d) the information is collected:
(i) as required by law (other than this Act); or
(ii) in accordance with rules established by competent health or medical bodies that deal with obligations of professional confidentiality which bind the organisation; or
(iii) in accordance with guidelines approved by the Commissioner under section 95A for the purposes of this subparagraph.
10.4 If an organisation collects health information about an individual in accordance with subclause 10.3, the organisation must take reasonable steps to permanently de identify the information before the organisation discloses it.

Page last updated: 09/06/17