Too Smart for Our Own Good? Privacy in the Information Age

• Rebecca Herold, CIPP/US, CIPP/IT, CIPM, CISSP, CISM, CISA

• CEO: The Privacy Professor

• Partner: Compliance Helper

• Megan J. Hertzler, CIPP/US

• Director of Information Governance: Xcel Energy

• Jules Polonetsky, CIPP/US

• Co-Chair and Director: Future of Privacy Forum

Megan Hertzler

megan.hertzler@xcelenergy.com

612-215-4589

About Xcel Energy

Xcel Energy’s SmartGridCityTM

Potential Privacy Implications of Interval Data

Energy Usage Data

Energy Usage Data Example

Customer Privacy Concerns for Energy Usage Data

“They see how many watts your

electric toothbrush pulls. They

send a record of that little event

… to the power company where

they keep a record of all your

electric consumption volumes

and patterns, every minute of

every day and store that data

forever”

“If you let your power

company put a

Smart Meter in your

house, you may as

well walk around all

day with a

Facebook helmet

webcam pointed at

yourself”

8

REACTIONS CAN BE DRAMATIC

Available at: http://takebackyourpower.net/

Xcel Energy Meters, Privacy and Radio

Frequency (RF) Webpage

What Does a Solution Look Like?

• Define Primary Purpose for Data Use

• Be Transparent, Provide Notice

• Give Customer Control for Secondary Use

• Advocate These Principles With Decision

Makers

Xcel Energy Consent Form

Jules Polonetsky

JulesPol@futureofprivacy.org

www.futureofprivacy.org

@JulesPolonetsky

THE CONNECTED CAR

BENEFITS OF CONNECTED CARS

• Economic Benefits: Consolidated toll/parking systems, less time stuck in traffic, and accident reductions.

• Personal Safety Benefits: Emergency assistances, vehicle malfunction warnings, weather/road condition updates, and accident prevention.

• Public Safety Benefits: Stolen vehicle alerts, remote disabling, and location-tracking for emergency responders.

• Consumer Convenience: Remote monitoring, location-based services, communications and infotainment options.

• Environmental Benefits: Cut global CO2 emissions by 3%.

• Enterprise Benefits and Innovative New Business Models

WHO IS RESPONSIBLE FOR PRIVACY IN CONNECTED CARS?

PRIVACY CHALLENGES IN CONNECTED CARS

• Many of the potential services being offered by connected-car technologies are similar to the challenges facing the mobile app ecosystem as a whole.

• Connected cars and service providers should provide notice that is tailored to the nature of the devices, the environments in which the devices will be used, the types of data to be collected and the data’s intended use.

• Provide notice of data collection through visual, auditory or tactile cues.

• The development of flexible consent mechanisms also should be encouraged.

RETAIL MOBILE LOCATION ANALYTICS (RMLA)

• Aggregated Insights about consumer behavior for retailers

• Based on technology using Wi-Fi or Bluetooth signals

Sensors typically log the following data:

– MAC or Bluetooth address– Date / time stamp – Signal strength– If the device is connected to a Wi-Fi network– Name of Wi-Fi network

Sample RMLA Report:

Sample RMLA Report:

EUCLID Provides Notice:

Rebecca Herold

rebeccaherold@rebeccaherold.com

www.privacyguidance.com

www.compliancehelper.com

@privacyprof

Internet of Things

Internet of Things: Medical Devices

Internet of Things: Tracking Terrorists

Internet of Things: Wearable Technologies

Internet of Things: Mobile Linkages

Internet of Things: Mobile Payments

Internet of Things: Energy Usage

Internet of Things: Addressing Privacy

• Standards

• Policies

• Notice

• Transparency

• Choice

• Laws

• Technologies

ROUND TABLE DISCUSSION