BILL ANALYSIS                                                                                                                                                                                                    



                                                                  SB 1476
                                                                  Page  1

          Date of Hearing:   June 29, 2010

                           ASSEMBLY COMMITTEE ON JUDICIARY
                                  Mike Feuer, Chair
                    SB 1476 (Padilla) - As Amended:  June 23, 2010

                    Proposed Consent (As Proposed to be Amended)

           SENATE VOTE  :  30-0
           
          SUBJECT  :   Public Utilities: Consumer Privacy: Advanced Metering  


           KEY ISSUE  :  Should public utilities that use advanced "smart"  
          metering technology be prohibited from sharing or selling  
          consumer consumption data and personal information, as  
          specified, and be required to establish reasonable DATA security  
          measures?

           FISCAL EFFECT  :  As currently in print this bill is keyed fiscal.  


                                      SYNOPSIS

          This bill would impose certain restrictions and privacy  
          requirements on investor owned gas and electric utilities (IOUs)  
          and local publicly-owned utilities (POUs) that use advanced  
          metering devices, generally known as "smart meters."  The "smart  
          meter" allows data to be sent via Internet directly to the  
          utility (thus avoiding the need for individual collection at  
          each meter) and permits consumers to monitor their consumption  
          data in order, ideally, to adjust their behavior and use energy  
          more efficiently.  However, customers generally access this data  
          through third parties, such as Google Power Meter, that provide  
          the consumer with tools for analyzing the data and how they  
          might change their consumption patterns.  However, third party  
          providers often require the consumer to permit the provider to  
          share the consumption data for commercial use.  This bill would  
          do the following: require utilities to offer the consumer an  
          option to access data without the condition of sharing  
          consumption data; prohibit utilities from sharing, disclosing,  
          or selling consumption data or personal information, subject to  
          certain exceptions; and require both the public utilities and  
          third party contractors to adopt reasonable security measures.   
          The California Public Utilities Commission, Sempra, and SMUD  








                                                                  SB 1476
                                                                  Page  2

          have generally been supportive of the bill but have sought  
          amendments clarifying that the general prohibition on sharing  
          and disclosing data not prohibit them from sharing information  
          with third parties not be construed to prohibit customer use of  
          "demand response" and energy efficiency programs, so long as  
          those third party provider maintains reasonable security  
          measures.  The June 23 amendments appear to address these  
          concerns.  The author has agreed to take some additional  
          technical amendments in this Committee that were suggested by  
          Sempra and TechNet.  There is no opposition to this bill.  The  
          bill has not received any negative votes in any committee or  
          floor vote thus far. 

           SUMMARY  :  Prohibits any electrical or gas corporation, or any  
          locally owned public utility that employs advanced metering (or  
          "smart meters") from sharing, disclosing, or selling a  
          customer's personal information data or consumption data,  
          subject to certain exceptions, and requires public utilities to  
          adopt reasonable security measures to protect a customers  
          personal information and consumption data from unauthorized  
          access.  Specifically,  this bill  :   

          1)Repeals a pilot project relating to the relative value to  
            ratepayers of information, rate design, and metering  
            innovations. 

          2)Prohibits an electrical corporation or gas corporation that  
            employs an advanced metering infrastructure (electrical or gas  
            corporation) from sharing, disclosing, or otherwise making  
            accessible to any third party a customer's electrical or gas  
            consumption data, except upon the consent of the consumer.   
            Permits use of aggregated data for purposes of consumption  
            analysis, reporting, or program management so long as all  
            information regarding a customer's individual identity has  
            been removed. 

          3)Prohibits an electrical or gas corporation from selling a  
            customer's electrical or gas consumption data or any other  
            personally identifiable information for any purpose.

          4)Prohibits an electrical or gas corporation, or any contractor  
            of the utility, from conditioning a customer's access to  
            electrical or gas consumption data on the payment of an  
            incentive or discount. 









                                                                  SB 1476
                                                                  Page  3

          5)Provides that if the electrical or gas corporation contracts  
            with a third party for a service that allows a customer to  
            monitor his or her electricity or gas usage, and that third  
            party uses the data for a secondary commercial purpose, the  
            electrical or gas corporation shall ensure that the third  
            party prominently discloses that secondary use to the  
            customer. 

          6)Requires the electrical or gas corporation to provide the  
            customer with an option to monitor his or her electricity or  
            gas usage which is not conditioned on the use of the data by a  
            third party for a secondary commercial purpose. 

          7)Requires an electrical or gas corporation to use reasonable  
            security procedures and practices to protect a consumers  
            electrical or gas consumption data from unauthorized access,  
            destruction, use, modification, or disclosure. 

          8)Provides that nothing in this bill shall preclude an  
            electrical or gas corporation from disclosing a customer's  
            aggregated data for purposes of analysis, reporting, or  
            management, as specified, or from disclosing a customer's  
            consumption data to a third party for system, grid, or  
            operational needs, or the implementation of demand response or  
            energy efficiency programs, so long as the third party is  
            contractually required to maintain reasonable security  
            procedures and practices. 

          9)Provides that nothing in this bill shall preclude an  
            electrical or gas corporation from disclosing electrical or  
            gas consumption data as required under state or federal law or  
            by an order of the Public Utilities Commission. 

          10)Provides that if the customer chooses to disclose his or her  
            electrical or gas consumption data to a third party that is  
            unaffiliated with, and has no other business relationship  
            with, the electrical or gas corporation, the electrical or gas  
            corporation shall not be responsible for the security of that  
            data, or its misuse. 

          11) Applies requirements identical to the above to local,  
            publicly owned electrical utilities. 

           EXISTING LAW  : 









                                                                  SB 1476
                                                                  Page  4

          1)Requires the Public Utilities Commission (PUC) to conduct a  
            pilot study on rate design and metering innovations to assist  
            residential and small commercial customers with better  
            management of their electricity use.  Consumption data  
            obtained in the pilot study cannot be used for any commercial  
            purposes unless specifically authorized by the customer.   
            (Public Utilities Code Section 393 et seq.)

          2)Requires a business that owns or licenses the personal  
            information about a California resident to implement and  
            maintain reasonable security procedures and practices to  
            protect the consumer information from unauthorized access.   
            Requires any business or state agency that owns or licenses  
            personal information to notify the affected person in the  
            event that any unencrypted computerized personal information  
            is subject to a security breach.  (Civil Code Sections  
            1798.81.5 and 178.82.)

          3)Requires a business that discloses personal information about  
            a California resident pursuant to a contract with a  
            nonaffiliated third party to require by contract that the  
            third party implement and maintain reasonable security  
            measures to prevent unauthorized access to the personal  
            information.  (Civil Code Section 1798.81.5 (c).)

          4)Establishes smart grid as the policy of the state and requires  
            the PUC to determine the requirements for smart grid  
            deployment no later than July 1, 2010.  Investor owned public  
            utilities would be required to adopt a plan for implementation  
            of a smart grid no later than July 1, 2011.  (Public Utilities  
            Code Section 8360 et seq.)

           COMMENTS  :  This bill is a follow up to SB 17 of 2009 by the same  
          author. (Chapter 327, Stats. of 2009).  That bill required the  
          PUC, in consultation with other state agencies and stakeholders,  
          to determine the requirements for a "smart grid" deployment plan  
          and required investor owned public utilities in the state to  
          adopt implementation plans no later than July 1, 2011.  Because  
          installation of "smart meters" has already begun, this bill  
          seeks to protect the privacy of a customer's consumption data  
          and personal information by restricting the use of the data and  
          requiring the utility and third parties to implement and  
          maintain security policies and procedures designed to protect  
          data from unauthorized access. 









                                                                  SB 1476
                                                                  Page  5

          Background  :  Advanced metering technology is clearly the wave of  
          the future.  The term "smart meter" generally refers to meters  
          that allow two-way wireless communication between the individual  
          consumer's meter and the utility company.  In short, the meter  
          sends a consumer's consumption data over the Internet to the  
          utility company, thereby eliminating the need for the utility  
          company to send personnel to read each meter manually.   
          Moreover, smart meters also have the potential to permit  
          consumers to use energy much more efficiently and cost  
          effectively.  For example, the smart meter allows consumer to  
          monitor their energy use and thereby consider ways that they  
          might reduce overall energy consumption.  In addition, so-called  
          "demand response" and related efficiency programs provide  
          consumers with more detailed analysis of the data, for example  
          by showing consumers how they can save money through off-peak  
          usage.  This not only saves the consumer money, it also puts  
          less pressure on the power grid and could potentially reduce the  
          danger of "black outs" during peak usage periods. 

          To date, however, most utility companies independently lack the  
          capacity to allow consumers to directly access data from the  
          utility in a way that provides useful feedback and analysis.   
          Instead, consumers access their data through third party "demand  
          response providers" (e.g. Google Power Meter) or companies that  
          provide consumers with energy efficiency tools (e.g. OPOWER).   
          In order to provide this service, however, these third parties  
          often require the customer to permit the third party to share  
          consumption data for commercial purposes.    

          This bill seeks to protect the privacy of a customer's  
          consumption data and personal information. Most notably, this  
          bill would prohibit public utilities from sharing, selling, or  
          otherwise disclosing a customer's consumption data and personal  
          information, subject to certain exceptions.  In addition,  
          tracking existing language of Civil Code Section 1798.81.5,  
          which applies to private businesses that keep a customer's  
          personal information, this bill would require utilities to  
          implement and maintain reasonable security measures to protect  
          consumption data and personal information.  To the extent that  
          utilities are permitted to share information with third parties  
          - such as those that offer demand response and energy efficiency  
          programs - they must require by contract that the third party  
          maintain reasonable security procedures.  If third parties share  
          any of that information for commercial purposes, this fact must  
          be conspicuously disclosed to the customer.  Finally, the bill  








                                                                  SB 1476
                                                                  Page  6

          requires public utilities to offer customers at least one option  
          of accessing consumption data that does not require an agreement  
          to authorize the sharing of that data for commercial purposes. 

           ARGUMENTS IN SUPPORT  :  The author, who last year carried  
          legislation to require the PUC to develop a plan for  
          implementing a smart grid system, is obviously supportive of the  
          new technology.  However, the author also believes that a  
          customer's information - both personally identifiable  
          information and specific consumption patterns - should be  
          protected from unauthorized access.  For example, the author  
          notes that detailed consumption data can reveal sensitive  
          information about a customer's schedule and habits, including  
          the times at which a person may or may not be home or on  
          vacation.  Finally, the author believes that consumers should  
          have an option to access their consumption data without having  
          to permit a third party to share, sell, or disclose that  
          information for commercial purposes.

          The Public Utilities Commission, Sempra Energy, and SMUD have  
          generally supported this bill subject to certain amendments.   
          The most recent amendments reflected in the June 23 version of  
          the bill appear to address those concerns.  Overall, the PUC and  
          the utilities have primarily been concerned that the bill not be  
          construed in a way that would prohibit utilities from sharing  
          information with third party "demand response" providers and  
          other parties that offer useful energy efficiency programs.   
          These efficiencies, after all, are the primary reason for  
          adopting smart meters.  The June 23 amendments appear to have  
          removed this opposition.  However, Sempra and TechNet (which  
          wrote a letter of concern) also requested technical amendments  
          listed below, and which the author has agreed to take. 
           
          Proposed Author Technical Amendments: 

            -  On page 4 line 10 after "customer's" insert:  unencrypted  
           -  On page 4 line 22 after "response" insert:  energy management   

           -  On page 6 line 6 after "response" insert:  energy management  
           -  On page 6 line 17 after "customer's" insert:  unencrypted  
           



          REGISTERED SUPPORT / OPPOSITION  :








                                                                  SB 1476
                                                                  Page  7


           Support 
           
          Division of Ratepayer Advocates, PUC
          California Public Utilities Commission (if amended)
          Sacramento Municipal Utility District (SMUD) (if amended) 
          Sempra Energy (if amended)
           
            Opposition 
           
          None of file


           Analysis Prepared by  :    Thomas Clark / JUD. / (916) 319-2334