too smart for our own good? - international association of ... · time stuck in traffic, and...
TRANSCRIPT
Too Smart for Our Own Good? Privacy in the Information Age
• Rebecca Herold, CIPP/US, CIPP/IT, CIPM, CISSP, CISM, CISA
• CEO: The Privacy Professor
• Partner: Compliance Helper
• Megan J. Hertzler, CIPP/US
• Director of Information Governance: Xcel Energy
• Jules Polonetsky, CIPP/US
• Co-Chair and Director: Future of Privacy Forum
About Xcel Energy
Xcel Energy’s SmartGridCityTM
Potential Privacy Implications of Interval Data
Energy Usage Data
Energy Usage Data Example
Customer Privacy Concerns for Energy Usage Data
“They see how many watts your
electric toothbrush pulls. They
send a record of that little event
… to the power company where
they keep a record of all your
electric consumption volumes
and patterns, every minute of
every day and store that data
forever”
“If you let your power
company put a
Smart Meter in your
house, you may as
well walk around all
day with a
Facebook helmet
webcam pointed at
yourself”
8
REACTIONS CAN BE DRAMATIC
Available at: http://takebackyourpower.net/
Xcel Energy Meters, Privacy and Radio
Frequency (RF) Webpage
What Does a Solution Look Like?
• Define Primary Purpose for Data Use
• Be Transparent, Provide Notice
• Give Customer Control for Secondary Use
• Advocate These Principles With Decision
Makers
Xcel Energy Consent Form
THE CONNECTED CAR
BENEFITS OF CONNECTED CARS
• Economic Benefits: Consolidated toll/parking systems, less time stuck in traffic, and accident reductions.
• Personal Safety Benefits: Emergency assistances, vehicle malfunction warnings, weather/road condition updates, and accident prevention.
• Public Safety Benefits: Stolen vehicle alerts, remote disabling, and location-tracking for emergency responders.
• Consumer Convenience: Remote monitoring, location-based services, communications and infotainment options.
• Environmental Benefits: Cut global CO2 emissions by 3%.
• Enterprise Benefits and Innovative New Business Models
WHO IS RESPONSIBLE FOR PRIVACY IN CONNECTED CARS?
PRIVACY CHALLENGES IN CONNECTED CARS
• Many of the potential services being offered by connected-car technologies are similar to the challenges facing the mobile app ecosystem as a whole.
• Connected cars and service providers should provide notice that is tailored to the nature of the devices, the environments in which the devices will be used, the types of data to be collected and the data’s intended use.
• Provide notice of data collection through visual, auditory or tactile cues.
• The development of flexible consent mechanisms also should be encouraged.
RETAIL MOBILE LOCATION ANALYTICS (RMLA)
• Aggregated Insights about consumer behavior for retailers
• Based on technology using Wi-Fi or Bluetooth signals
Sensors typically log the following data:
– MAC or Bluetooth address– Date / time stamp – Signal strength– If the device is connected to a Wi-Fi network– Name of Wi-Fi network
Sample RMLA Report:
Sample RMLA Report:
EUCLID Provides Notice:
Internet of Things
Internet of Things: Medical Devices
Internet of Things: Tracking Terrorists
Internet of Things: Wearable Technologies
Internet of Things: Mobile Linkages
Internet of Things: Mobile Payments
Internet of Things: Energy Usage
Internet of Things: Addressing Privacy
• Standards
• Policies
• Notice
• Transparency
• Choice
• Laws
• Technologies
ROUND TABLE DISCUSSION