Skip to main content

Is there a risk of smart meters being used to gather digital data that could fall in to the wrong hands? Simon Colvin assesses the threat.

Is there a risk of smart meters being used to gather digital data that could fall in to the wrong hands? Simon Colvin assesses the threat.

Smart meters are being installed in 30 million UK homes and businesses as part of an £11 billion programme to enable energy providers to remotely monitor our consumption of gas and electricity.

Campaigners in France, where a similar roll-out is taking place, fear smart meters could be used to snoop on people's daily routines at home and at work. Lawyers representing a protest group are mounting a class action against energy giant EDF, which is implementing the programme on the other side of the Channel, amid claims that smart meters could harvest vast amounts of data.

In the UK however, we have specific and stringent regulations governing what meters can and can't do. Data protection should be high on the corporate agenda. With the GDPR coming in from Europe in May, UK businesses need to be aware of the strong regulatory framework around data use and compliance with data security requirements.

It is also worth keeping in mind that UK smart meters use an opt-in arrangement so they only collect certain types of information that can only be used in given ways, with the proactive consent of the consumer.

Even so, there are understandable concerns about what might happen if the system failed, or if there was a significant hacking incident.

Smart meters in the UK transmit data wirelessly to a national system that can be accessed remotely by energy providers to collect billing information, which means they don't need to visit your house to read your meter.

So how sensitive is the data collected by smart meters? Well, it's essentially about power usage at various times of the day – for instance, when you do your cooking, or boil a kettle. It isn't as if there are a lot of important personal details involved, like bank account information.

From a personal data risk perspective, then, smart meters are relatively low-level. The risk they represent is more about getting hold of this information and using it to target marketing activity. Sales organisations could potentially use smart meter data to try and sell things in certain ways. For example, a telemarketing company would know when would be a good time to call you at home.

Another concern is whether someone could hack into the system and bring it down. They might see an opportunity to generate money by using ransomware, or crashing whole system down to cause power cuts and create chaos. For example, we saw North Korean hackers being blamed for the ransomware virus that impacted NHS organisations across the UK – and any large network could be vulnerable to something similar.

Moreover, the opening up of markets in the utilities sector is all about customer satisfaction because people now have the ability to choose between providers. It's quite possible that significant reputational damage could be caused if something went wrong with someone's smart meter and the provider ended up with incorrect information.

So, while smart meters are not sophisticated spies in our homes and workplaces, they do gather data that may have some commercial value. Just as importantly, the network they connect to – like any other – is potentially vulnerable to hackers, so organisations need to ensure appropriate risk management systems are in place.

Organisations need to ensure that the risks arising from data protection connected with smart meters are addressed in their wider data protection programmes and policies. The risks do not justify this being dealt with separately, but it is important they are picked up as part of the wider systems that organisations will have in place.

Share on Twitter