Once privacy risks have been identified, organizations must determine the best way to mitigate them. Before discussing mitigation, it is important to first understand the four basic categories of risk mitigation: risk avoidance; risk limitation; risk transference; and risk acceptance. In general, privacy risks within the Smart Grid fall into one of two broad categories: type I in which personal information and energy data are not previously readily obtainable; and type II in which methods and technologies for obtaining personal information and energy data did not previously exist. This chapter provides a table documenting the different categories of data found within the Smart Grid, and that can be obtained from smart devices, along with the likelihood that the specific types of data found within each category will have privacy implications. There are privacy risks that are also related to prosumer energy production data. The most effective way to identify specific privacy risks is by doing a privacy impact assessment.