Skip to main content

Should Utilities Outside of Europe be Worried about GDPR?

By May 24, 2018June 28th, 2018No Comments

Data Privacy is top of mind across markets, due in part to the mandatory implementation of GDPR to all companies that do business within the European Union, in addition to the accumulation of headlines involving high-profile privacy violations (Red Cross, Facebook, etc.). Not surprisingly, utility professionals across the globe are more and more interested in understanding how the growing focus on data privacy will impact their operations, with analytics being a core concern.

What is GDPR and Why Should Utilities be Worried About Data Privacy?

Passed in 2016 and fully implemented this month, GDPR sets forth a framework of data privacy tenets alongside accountability measures for all organizations that do business within and with parties based in the European Union. European and cross-regional utilities have been in the “throes of it” in terms of developing and implementing frameworks to adhere to this legislation.

But data privacy is just coming onto the radar for many North American utilities. According to Bob Lockhart, VP of Cybersecurity, Technoloy & Research at Utilities Technology Council, “unless there are specific laws around data privacy like those in Europe, Canada, and California, we see much more focus on NERC CIP compliance, that alone being a challenge for many utilities.” Adding on standards and processes for data privacy is, unfortunately, going to be a challenge for utilities in this region.

Data Governance: Muddying the Puddle

Data privacy concerns hit particularly close to home in terms of the use of and access to data for analytics purposes. Many utilities are still in discovery stages of working with their data to develop business insights (analytics), with minimal attention to processes around moving and categorizing data (data governance).

But even utilities with relatively mature analytics capabilities tend to be challenged by data governance. Two components of data governance, the ability to trace data from its source (data lineage) and the use of metadata to characterize customer data (metadata management), rise to the top in terms of importance related to data privacy. According to a 2017 Utility Analytics Institute study on analytics maturity, only 5% of utilities have enterprise-wide standards in place to trace the lineage of data from its creation, and only a third of utilities can do so at the department level. Similarly, only 5% of utilities stated that they had enterprise-wide metadata management capabilities.

The same study reports that over 80% of utilities either currently have robust security standards in place, or plan to in the next 1-2 years, but ensuring security of data alone is insufficient in terms of maintaining privacy standards. As opposed to just treating data as an asset to be protected, utilities must be able to understand and trace their data as it moves across their organization, and control who can access that data.

No Time Like the Present

Americans are starting to care more and more about how their data is being used. According to a study performed this year by Pew Research, over 60% of Americans today stated they would like companies to do more to protect their privacy. A 2016 report from the TRUSTe/National Cyber Security Alliance (NCSA) Consumer Privacy Index indicated that 89% of survey respondents avoid companies that they don’t believe protect their privacy.

Data privacy is clearly a pain point at many utilities, but turning that around will result in numerous advantages. For one, championing data privacy is a major way that utilities can increase trust among customers.

As many Americans are unable to pick their energy providers, the establishment of trust is crucial. This becomes even more important in the changing energy economy where utilities are pressed to expand their portfolio of offerings to customers. Put plainly, if there is a trust gap, adoption of new products and services is less likely to occur.

What’s more? The growing importance of data privacy will inevitably bleed up to regulatory standards and mandates. Why not start thinking about how to get ahead now?