BILL ANALYSIS SENATE JUDICIARY COMMITTEE Senator Ellen M. Corbett, Chair 2009-2010 Regular Session SB 1476 (Padilla) As Amended April 5, 2010 Hearing Date: April 13, 2010 Fiscal: Yes Urgency: No SK:jd SUBJECT Public Utilities: Smart Meters: Privacy DESCRIPTION This bill would require a local publicly owned electric utility or an electrical or gas corporation that uses smart meter technology that allows a customer to monitor his or her electric or gas consumption data to ensure that the customer has an option to access that data without relinquishing personally identifiable information, including consumption data, to a third party. This bill would provide that a customer's electric or gas consumption data shall be securely kept by the local publicly owned electric utility or electrical or gas corporation and shall not be accessible by a third party, unless a customer chooses to access his or her consumption data from a third party using a smart meter, after being given the option not to relinquish his or her data. BACKGROUND In 2009, the Legislature passed and the Governor signed SB 17 (Padilla, Ch. 327, Stats. 2009) which established California's smart grid policy; smart meters are a component of a smart grid policy. Smart meters are two-way communication devices that measure electrical, natural gas, or water consumption. They communicate consumption information via a network back to the utility, eliminating the need for manual meter readings. Smart meters can record and report energy consumption on an hourly basis and can be linked to appliances. They also allow a (more) SB 1476 (Padilla) Page 2 of ? utility to remotely disable and enable supply and to utilize pricing systems for consumption based on the time of day and season. New technologies, such as Google's "PowerMeter," allow customers to access and monitor their consumption in real time, allowing them to manage their energy use more effectively. In California, the California Public Utilities Commission (CPUC) has authorized the use of smart meters. Southern California Edison has been authorized to install approximately 5.3 million smart meters and San Diego Gas and Electric Company has received authorization for 1.4 million electric smart meters and 900,000 natural gas meters. Pacific Gas and Electric Company has been authorized to install approximately 9 million electric and natural gas meters. Although smart meters have the potential to help address some of our most pressing energy and environmental needs, the use of this new technology also raises privacy concerns. In fact, the CPUC has initiated a rulemaking (R.08-12-009) to consider policies for utilities to develop a smarter electric grid. Part of that rulemaking will investigate the contact between the smart grid and consumers and cyber-security issues including policies to ensure customer privacy. In comments to the CPUC regarding this rulemaking, several privacy groups raised concerns that smart meter systems could reveal intimate and sensitive personal behavior patterns such as when consumers eat, shower, go to bed, wake up, or leave the house. The systems could also detect whether an alarm system is engaged. Related concerns have been raised that smart meter systems could be subject to hacking, leaving consumers vulnerable to identity theft. Many are also concerned that the information collected using a smart meter could be shared with third-party marketers. This bill is intended to address concerns that have been raised with technologies such as Google's PowerMeter and whether that service sufficiently protects a customer's information. This bill would attempt to ensure that consumers have a choice when monitoring their electric consumption data. This bill was approved by the Senate Energy, Utilities, and Communications Committee on April 6, 2010 by a vote of 10-0. CHANGES TO EXISTING LAW Existing law provides that, among other rights, all people have an inalienable right to pursue and obtain privacy. (Cal. Const., art. I, Sec. I.) SB 1476 (Padilla) Page 3 of ? Existing law requires the CPUC to determine the requirements for a smart grid deployment plan. (Pub. Util. Code Sec. 8360 et seq.) Current CPUC rules require California's largest investor-owned electrical and gas corporations to replace traditional utility meters with "smart meters." This bill would require a local publicly owned electric utility or an electrical or gas corporation that uses smart meter technology that allows a customer to monitor his or her electric or gas consumption data to ensure that the customer has an option to access that data without relinquishing personally identifiable information, including consumption data, to a third party. This bill would provide that a customer's electric or gas consumption data shall be securely kept by the local publicly owned electric utility or electrical or gas corporation and shall not be accessible by a third party, unless a customer chooses to access his or her consumption data from a third party using a smart meter, after being given the option not to relinquish his or her data. COMMENT 1. Stated need for the bill The author writes: Sempra (San Diego Gas & Electric) is the only California utility of which we are aware that has a meter interface allowing the customer to access their electrical use data. Sempra confirms that the customer cannot use this tool unless the customer relinquishing control of the data through the standard website "I agree" which the consumer clicks and in doing so allows Google to use consumption data for a commercial purpose. Sempra confirms they have no other tool available to the customer for data interaction. The author has indicated that it is not his intent to disrupt the arrangement between Sempra and Google. Instead, this bill is intended to provide a customer with an "additional means of accessing consumption data without allowing a third party to collect, retain, share or reuse their electric or gas consumption information." SB 1476 (Padilla) Page 4 of ? 2. Requirement that customers be given a choice This bill would require a local publicly owned electric utility or an electrical or gas corporation that uses smart meter technology that allows a customer to monitor his or her electric or gas consumption data to ensure that the customer has an option to access that data without relinquishing personally identifiable information, including consumption data, to a third party. The author has indicated that it is his intent to ensure that consumers are given an option to monitor their electric or gas consumption data without having to agree to the sharing of that data with third parties. In order to better carry out this intent, the Committee may wish to consider amending the bill as follows: Suggested amendments: 1. On page 2, delete lines 7-8 and insert "being required to agree to the sharing of his or her personally identifiable information, including electric consumption data, with a third party." 2. On page 3, delete lines 23-24 and insert "being required to agree to the sharing of his or her personally identifiable information, including electric consumption data, with a third party." 3. Potential for discriminatory pricing based on privacy choice This bill would require a local publicly owned electric utility or an electrical or gas corporation that uses smart meter technology that allows a customer to monitor his or her electric or gas consumption data to ensure that the customer has an option to access that data without relinquishing personally identifiable information, including consumption data, to a third party. There is nothing in the bill, however, which would protect consumers against being charged more for exercising their right to choose not to share their personally identifiable information. In order to address these concerns that consumers might face discriminatory pricing because they had exercised their right to protect their privacy under this bill, the Committee may wish to consider amending the bill to provide that an electrical or gas corporation, or demand response provider, may not offer incentives or discounts to solicit a particular response by the customer regarding his or her right to control his or her information. SB 1476 (Padilla) Page 5 of ? Suggested amendment: On page 2, line 8, after the period insert "The local publicly owned electric utility shall not partner with any third party that facilitates access to consumption data that provides an incentive or discount to the customer for accessing their consumption data." On page 3, line 24, after the period insert "The electric or gas corporation shall not partner with any third party that facilitates access to consumption data that provides an incentive or discount to the customer for accessing their consumption data." 4. Restrictions on third-party sharing and security of consumption data This bill would provide that a customer's electric or gas consumption data shall be securely kept by the local publicly owned electric utility or electrical or gas corporation and shall not be accessible by a third party, unless a customer chooses to access his or her consumption data from a third party using a smart meter, after being given the option not to relinquish his or her data. This language is intended to be a restriction on third-party sharing and also to ensure that a customer's consumption data is secure. In order to more closely track existing privacy protections and ensure that a customer's consumption data is secure, the Committee may wish to consider amending the bill to provide that a local publicly owned electric utility or gas or electric corporation should use reasonable security procedures and practices to protect a customer's consumption data from unauthorized access, destruction, use, modification, or disclosure. In addition, the Committee may also wish to consider amending the third-party sharing restriction to ensure that it sufficiently protects consumers. Exceptions should be included to allow for disclosure of aggregated data and disclosure for billing purposes. Suggested amendments: 1. On page 2, delete lines 9-14 and insert: SB 1476 (Padilla) Page 6 of ? (b) A local publicly owned electric utility shall not share, sell, disclose, or otherwise make accessible to any third party a customer's electric consumption data. A local publicly owned electric utility may make a customer's electric consumption data accessible to a third party, however, in either of the following circumstances: (1) the customer has first been given the option described in subdivision (a), the customer has declined that option, and the customer chooses to access his or her electric consumption data from that third party; or (2) the data is accessed or shared by a third party or utility with the customer's express written prior consent for a demand response program which manages customer consumption of electricity in response to supply conditions. (c) A local publicly owned electric utility shall use reasonable security procedures and practices to protect a customer's electric consumption data from unauthorized access, destruction, use, modification, or disclosure. (d) Nothing in this section shall preclude a local publicly owned electric utility from using customer aggregate consumption data for analysis, reporting, or program management if all information has been removed regarding the individual identity of a customer. (e) Nothing in this section shall preclude a local publicly owned electric utility from disclosing a customer's electric consumption data to a third party for billing purposes. (f) For purposes of this section, "electric consumption data" means data that is made available as part of an advanced metering infrastructure. 2. On page 3, delete lines 25-30 and insert: (b) An electrical or gas corporation shall not share, sell, disclose, or otherwise make accessible to any third party a customer's electric or gas consumption data. An electrical or gas corporation may make a customer's electric or gas consumption data accessible to a third party, however, in either of the following circumstances: SB 1476 (Padilla) Page 7 of ? (1) the customer has first been given the option described in subdivision (a), the customer has declined that option, and the customer chooses to access his or her electric or gas consumption data from that third party; or (2) the data is accessed or shared by a third party or utility with the customer's express prior written consent for a demand response program which manages customer consumption of electricity in response to supply conditions. (c) An electrical or gas corporation shall use reasonable security procedures and practices to protect a customer's electric or gas consumption data from unauthorized access, destruction, use, modification, or disclosure. (d) Nothing in this section shall preclude an electrical or gas corporation from using customer aggregate consumption data for analysis, reporting, or program management if all information has been removed regarding the individual identity of a customer. (e) Nothing in this section shall preclude an electrical or gas corporation from disclosing a customer's electric consumption data to a third party for billing purposes. (f) For purposes of this section, "electric or gas consumption data" means data that is made available as part of an advanced metering infrastructure. Support : None Known Opposition : None Known HISTORY Source : Author Related Pending Legislation : SB 837 (Florez) also contains privacy protections related to electrical and gas corporations and "third-party demand service providers." This bill is also scheduled to be heard by the Committee on April 13, 2010. Prior Legislation : None Known SB 1476 (Padilla) Page 8 of ? Prior Vote : Senate Energy, Utilities, and Communications Committee (Ayes 10, Noes 0) **************