Excellent fellow panelists included:
- Lee Tien, Electronic Frontier Foundation
- Vesa Koivisto, Fortum Corporation (Finland-based utility)
- Elias Quinn, Colorado PUC (former consultant)
- Daniel Cleverdon, DC PUC
Here are a few take-aways for you:
When California's Privacy and Data Security decision came up (as we all knew it would) Dan Cleverdon said (and I'm paraphrasing here) that "every state PUC is all over it, and they'll deviate from it at their own peril."
It's great to have a precedent, isn't it? California, as it has so many times before, has done its homework and is blazing a trail on data and privacy for the US. So far the consensus seems to be they did a good job, so as Dan said, a state will have to justify itself when it heads in a different direction, as some likely will. This is good process I think.
Lee Tien cited a long established example of trust between an organization and the public: the USPS has been carrying and delivering and not reading your mail for over one-hundred years. It's been done before and it can happen again with the utilities.
Vesa Koivisto described the way electric bills have been presented to customers in Finland, with 11 monthly estimates followed by an end-of-year adjustment (up or down). Pretty familiar, right? He contended that this wasn't a great way to establish trust and that if utilities could simply provide their customers with timely and accurate billing information, that would go a long way towards establishing a better relationship and trust. Great point.
Well, that's good news then, because thanks to AMI and Smart Meter deployments, this is the experience many customers are enjoying today, and many are getting even better visibility than that. Before you can have a trusted relationship you have to have a relationship, and accurate bills are a big step in the right direction.
Prompted by a lead-in by David and a question from the audience, we had a mini debate about how much of an individual's personal information is already exposed via social media, online transactions, smart phones, cable television, etc. and how much more could be revealed by Smart Meters and home area networks (HANS). We kept it civil and decided to research this question in more depth as a team, and maybe produce an infographic that could be useful to the industry ... and to the public.
Lastly, in my opening monologue I pledged to share a couple of information governance best practices from other sectors, and while I recalled one: frequent auditing (internal and external) of privacy policy and controls, I blanked on the second. Well, now it's come to me: the other one was about practicing for privacy-related data breaches. Make the whole organization get a visceral feel for what it would be like, and pressure test policies, procedures and technical security controls to see how they hold up in the heat of a (simulated) real world event. Practice makes perfect, as the saying goes.
All-in-all it felt like an educational and entertaining 90 minutes. The panelists, myself included, seemed to think we covered some worthwhile ground (credit goes to the moderator), and from the GGF audience feedback I got, it seemed they liked it too.
