For many consumers, the collection of user data raises privacy concerns because such data is particularly associated with information that a user may deem sensitive and wants to keep private. The problem for consumers is that consumer service providers have access to their private information including personal behavior and lifestyle (such as, appliance use, eating and sleeping patterns, occupancy patterns, household activity patterns), health status, household make-up, mobility patterns and the like. The collection of data by the consumer service provider can happen without the user consent or potentially without a possibility for the user to opt-out. The consumer service provider collecting the user's data is likely to make this data available to third parties, either without the user's knowledge and/or without the user knowing the extent of the collected data in terms of their personal privacy. Typically, consumers trust their consumer service provider collecting the data, but do not trust the third-party with whom the consumer service provider may share the consumer's collected data.
Specifically, this problem of protecting consumer/user privacy data goes to the control over service providers and third-party's access to their use personal data. In particular, releasing personal information which is considered private to the consumer.
Some conventional solutions for protecting consumer's personal data, include modifying the consumer's privacy data prior to releasing the consumer's data to third party. Such methods are usually referred as data anonymization methods aiming for protecting the consumer's privacy data while preserving an analytical usefulness of the data.
For example, some methods use non-intrusive appliance load monitoring to modify the aggregate energy data such that privacy of the energy data is protected, while analytical usefulness of the energy data is preserved. However, such methods require the actual states of the power consuming devices consuming the energy. Specifically, such methods require the actual state of a device, i.e., whether the device is turned ON or turned OFF, at a specific point of time when the energy data is collected. These conventional methods requiring the actual state of the device presents many problems because sensors are needed to be connected to each consuming device that consumes energy for each client, which is economically infeasible or even prohibitive in view of the privacy constraints.
Accordingly, there is a need for a data anonymization method that can minimize or avoid the usage of the actual state of the device producing the data.