July 24, 2019
Over the next few months, we’ll be posting stories about what we’ve accomplished in our first 10 years. Check out the full list of stories we’re working on.
By Suzanne Russo, CEO, Pecan Street
If you’re going to collect, anonymize, house and analyze people’s energy data, you need to pay serious attention to privacy. Pecan Street’s volunteer participants are our most ardent crusaders. We think our respect for and protection of their privacy has something to do with that.
Long before data privacy was front-page news, Pecan Street was steeped in the details of data security, privacy, and informed consent. When we signed up our first volunteer participants a decade ago, we pulled from several models to develop a system of policies and procedures that clearly lay out to our participants what they are giving us and what we’ll do with it.
We maintain privacy and cybersecurity policies that govern the organization’s processes and procedures with regard to participant data. The tenets of these policies are:
- Transparency– Prior to signing up, each person is given detailed and easy-to-understand information about the purpose of our research, the technology devices involved, the type of data we will collect, and how Pecan Street will use the data. This information remains accessible to ongoing participants and is updated for changes.
- Informed consent– a “no-surprises policy”. We require a signed participation agreement for every participant. This agreement informs the prospective participant about what to expect from participating in the project, including foreseeable risks and inconveniences, treatment of personal and nonpersonal data collected, ownership of different pieces of project data, duration, and the right to withdraw at any time. Our informed consent process has secured Institutional Review Board (IRB) approval, a gold standard in the human subject research field.
- Safety and Compliance– “Safety first” drives our operations decisions. Compliance with all applicable laws is our minimum standard. We also adhere to best-practices. For example, we perform thorough personnel background screenings of any staff that install equipment in homes, require UL certification for any devices that will be deployed, and house our data servers in a safe location in our facility.
- Security and Access Controls – All participant information is securely transmitted and stored on physically and electronically secure servers that are protected by industry-standard encryption technologies. Data elements and job functions are segregated so that Pecan Street staff can only access data necessary to perform their roles. Our data storage system is also substantially de-risked because of personal data anonymization and hashing algorithms. Importantly, our cybersecurity policy has received the Department of Energy’s nod of approval.
- Confidentiality– Pecan Street holds our participants’ personal data as a sacred trust. We hold only personal data for which we have valid informed consent and we do not share, sell, or distribute it without the respective participant’s written specific authorization. This sets Pecan Street apart and gives our participants confidence in continued support of our work.
We may be in the research field, but with our participants, we’re in the trust business. The reason we have been able to develop our new technologies and share the research insights we’ve discovered over the last ten years is that regular people have been willing to share their information with us. It is this trust – based on an assurance of confidentiality, privacy, and respect – that motivates our over 1,000 volunteer households across the country to welcome us into their homes.