alliander experience dpia template test phase · 2015-03-19 · alliander experience dpia template...
TRANSCRIPT
9 maart 2015 Johan Rambi, Corporate Privacy & Security Advisor
Reliable, committed and connected
Alliander experience DPIA template test phase
Alliander is a Distribution System Operator
Electricity distribution
• Customers: 3,4 million
• Grid: 94.700 km
• Stations (sub, distribution): 48.000
Gas distribution
• Customers: 2,6 million
• Grid: 36.900 km
• Stations (sub, distribution): 1.500
Company
€ 12 Billion asset value
€ 1.7 Billion revenues
€ 288 Million profit after tax
€ 570 Million Investment / Annum
6.850 FTE
KPI, Performance
19 SVBM (outage time in minutes per end user)
Real case example
• Use case selected from M/441 Smart Meter
Coordination Group (SMCG)
• BI.01 Obtain meter reading on demand
• Workshop with Smart Meter department
• Steps from DPIA template
• Step 1 - Pre-assessment and criteria determining
the need to conduct a DPIA
• Step 2 - Initiation
• Step 3 - Identification, characterisation and description of Smart
Grid systems/applications processing personal data, including
data flows
• Step 4 - Identification of relevant risks
• Step 5 - Data protection risk assessment
• Step 6 - Identification and Recommendation of controls and
residual risks
• Step 7 - Documentation and drafting of the DPIA Report
• Step 8 - Reviewing and maintenance
Step 4 - Identification of relevant risks Who will judge the answers and determine if these threats are relevant?
Direction of Automation and Telecontrol 15
DPIA test phase – Initial Input
Alliander and EDP Distribuição proposal for initial input
o To have a joint effort for the first assessment:
• Gather specialized team of DPIA Beta Testers (DPIAβT) to facilitate the DPIA template application at Alliander and EDP Distribuição;
• The DPIAβT shall consist of DPIA knowledgeable people, preferably from different stakeholders DSOs, Data Protection Authority, Consumer organisations, European Commission, other.
o Organization of a 2 day working session per company (Lisbon and Arnhem) in April/May where:
• Each company should gather experienced personnel, that should provide all their knowledge and understanding about the selected use case into the DPIA template application.
• The DPIAβT will have a neutral role in the process and shall only participate as a facilitator in the DPIA template application. Additionally, it should collect as much feedback as possible about the DPIA template and its applicability.
• DPIA application on 1 or 2 of the 10 minimum functional requirements (per company);
- UC1: Provide readings directly to the customer and any third party designated by the consumer - UC9: Fraud prevention and detection - …
o Output: Publication of experiences and possible recommendation for improvements
• The DPIAβT report will provide a consensual and coherent assessment about the application of the DPIA template both at Alliander and EDP Distribuição.
Why do we need a good & applicable DPIA?
“The only way to prevent these kinds of disasters is to
implement privacy and cybersecurity measures alongside
our efforts to improve and interconnect the smart energy
grid.
Steep learning curves and adoption rates will be necessary,
but this can only be achieved by international collaboration
among trusted parties. We must work together.”
Peter Molengraaf, CEO Alliander
Johan Rambi : Corporate Privacy & Security advisor
Department : Governance Risk and Compliance
Telephone : +316 11879945
E-mail : [email protected]
International collaboration is crucial!!