BILL ANALYSIS �
SB 1476
Page 1
Date of Hearing: June 29, 2010
ASSEMBLY COMMITTEE ON JUDICIARY
Mike Feuer, Chair
SB 1476 (Padilla) - As Amended: June 23, 2010
Proposed Consent (As Proposed to be Amended)
SENATE VOTE : 30-0
SUBJECT : Public Utilities: Consumer Privacy: Advanced Metering
KEY ISSUE : Should public utilities that use advanced "smart"
metering technology be prohibited from sharing or selling
consumer consumption data and personal information, as
specified, and be required to establish reasonable DATA security
measures?
FISCAL EFFECT : As currently in print this bill is keyed fiscal.
SYNOPSIS
This bill would impose certain restrictions and privacy
requirements on investor owned gas and electric utilities (IOUs)
and local publicly-owned utilities (POUs) that use advanced
metering devices, generally known as "smart meters." The "smart
meter" allows data to be sent via Internet directly to the
utility (thus avoiding the need for individual collection at
each meter) and permits consumers to monitor their consumption
data in order, ideally, to adjust their behavior and use energy
more efficiently. However, customers generally access this data
through third parties, such as Google Power Meter, that provide
the consumer with tools for analyzing the data and how they
might change their consumption patterns. However, third party
providers often require the consumer to permit the provider to
share the consumption data for commercial use. This bill would
do the following: require utilities to offer the consumer an
option to access data without the condition of sharing
consumption data; prohibit utilities from sharing, disclosing,
or selling consumption data or personal information, subject to
certain exceptions; and require both the public utilities and
third party contractors to adopt reasonable security measures.
The California Public Utilities Commission, Sempra, and SMUD
�
SB 1476
Page 2
have generally been supportive of the bill but have sought
amendments clarifying that the general prohibition on sharing
and disclosing data not prohibit them from sharing information
with third parties not be construed to prohibit customer use of
"demand response" and energy efficiency programs, so long as
those third party provider maintains reasonable security
measures. The June 23 amendments appear to address these
concerns. The author has agreed to take some additional
technical amendments in this Committee that were suggested by
Sempra and TechNet. There is no opposition to this bill. The
bill has not received any negative votes in any committee or
floor vote thus far.
SUMMARY : Prohibits any electrical or gas corporation, or any
locally owned public utility that employs advanced metering (or
"smart meters") from sharing, disclosing, or selling a
customer's personal information data or consumption data,
subject to certain exceptions, and requires public utilities to
adopt reasonable security measures to protect a customers
personal information and consumption data from unauthorized
access. Specifically, this bill :
1)Repeals a pilot project relating to the relative value to
ratepayers of information, rate design, and metering
innovations.
2)Prohibits an electrical corporation or gas corporation that
employs an advanced metering infrastructure (electrical or gas
corporation) from sharing, disclosing, or otherwise making
accessible to any third party a customer's electrical or gas
consumption data, except upon the consent of the consumer.
Permits use of aggregated data for purposes of consumption
analysis, reporting, or program management so long as all
information regarding a customer's individual identity has
been removed.
3)Prohibits an electrical or gas corporation from selling a
customer's electrical or gas consumption data or any other
personally identifiable information for any purpose.
4)Prohibits an electrical or gas corporation, or any contractor
of the utility, from conditioning a customer's access to
electrical or gas consumption data on the payment of an
incentive or discount.
�
SB 1476
Page 3
5)Provides that if the electrical or gas corporation contracts
with a third party for a service that allows a customer to
monitor his or her electricity or gas usage, and that third
party uses the data for a secondary commercial purpose, the
electrical or gas corporation shall ensure that the third
party prominently discloses that secondary use to the
customer.
6)Requires the electrical or gas corporation to provide the
customer with an option to monitor his or her electricity or
gas usage which is not conditioned on the use of the data by a
third party for a secondary commercial purpose.
7)Requires an electrical or gas corporation to use reasonable
security procedures and practices to protect a consumers
electrical or gas consumption data from unauthorized access,
destruction, use, modification, or disclosure.
8)Provides that nothing in this bill shall preclude an
electrical or gas corporation from disclosing a customer's
aggregated data for purposes of analysis, reporting, or
management, as specified, or from disclosing a customer's
consumption data to a third party for system, grid, or
operational needs, or the implementation of demand response or
energy efficiency programs, so long as the third party is
contractually required to maintain reasonable security
procedures and practices.
9)Provides that nothing in this bill shall preclude an
electrical or gas corporation from disclosing electrical or
gas consumption data as required under state or federal law or
by an order of the Public Utilities Commission.
10)Provides that if the customer chooses to disclose his or her
electrical or gas consumption data to a third party that is
unaffiliated with, and has no other business relationship
with, the electrical or gas corporation, the electrical or gas
corporation shall not be responsible for the security of that
data, or its misuse.
11) Applies requirements identical to the above to local,
publicly owned electrical utilities.
EXISTING LAW :
�
SB 1476
Page 4
1)Requires the Public Utilities Commission (PUC) to conduct a
pilot study on rate design and metering innovations to assist
residential and small commercial customers with better
management of their electricity use. Consumption data
obtained in the pilot study cannot be used for any commercial
purposes unless specifically authorized by the customer.
(Public Utilities Code Section 393 et seq.)
2)Requires a business that owns or licenses the personal
information about a California resident to implement and
maintain reasonable security procedures and practices to
protect the consumer information from unauthorized access.
Requires any business or state agency that owns or licenses
personal information to notify the affected person in the
event that any unencrypted computerized personal information
is subject to a security breach. (Civil Code Sections
1798.81.5 and 178.82.)
3)Requires a business that discloses personal information about
a California resident pursuant to a contract with a
nonaffiliated third party to require by contract that the
third party implement and maintain reasonable security
measures to prevent unauthorized access to the personal
information. (Civil Code Section 1798.81.5 (c).)
4)Establishes smart grid as the policy of the state and requires
the PUC to determine the requirements for smart grid
deployment no later than July 1, 2010. Investor owned public
utilities would be required to adopt a plan for implementation
of a smart grid no later than July 1, 2011. (Public Utilities
Code Section 8360 et seq.)
COMMENTS : This bill is a follow up to SB 17 of 2009 by the same
author. (Chapter 327, Stats. of 2009). That bill required the
PUC, in consultation with other state agencies and stakeholders,
to determine the requirements for a "smart grid" deployment plan
and required investor owned public utilities in the state to
adopt implementation plans no later than July 1, 2011. Because
installation of "smart meters" has already begun, this bill
seeks to protect the privacy of a customer's consumption data
and personal information by restricting the use of the data and
requiring the utility and third parties to implement and
maintain security policies and procedures designed to protect
data from unauthorized access.
�
SB 1476
Page 5
Background : Advanced metering technology is clearly the wave of
the future. The term "smart meter" generally refers to meters
that allow two-way wireless communication between the individual
consumer's meter and the utility company. In short, the meter
sends a consumer's consumption data over the Internet to the
utility company, thereby eliminating the need for the utility
company to send personnel to read each meter manually.
Moreover, smart meters also have the potential to permit
consumers to use energy much more efficiently and cost
effectively. For example, the smart meter allows consumer to
monitor their energy use and thereby consider ways that they
might reduce overall energy consumption. In addition, so-called
"demand response" and related efficiency programs provide
consumers with more detailed analysis of the data, for example
by showing consumers how they can save money through off-peak
usage. This not only saves the consumer money, it also puts
less pressure on the power grid and could potentially reduce the
danger of "black outs" during peak usage periods.
To date, however, most utility companies independently lack the
capacity to allow consumers to directly access data from the
utility in a way that provides useful feedback and analysis.
Instead, consumers access their data through third party "demand
response providers" (e.g. Google Power Meter) or companies that
provide consumers with energy efficiency tools (e.g. OPOWER).
In order to provide this service, however, these third parties
often require the customer to permit the third party to share
consumption data for commercial purposes.
This bill seeks to protect the privacy of a customer's
consumption data and personal information. Most notably, this
bill would prohibit public utilities from sharing, selling, or
otherwise disclosing a customer's consumption data and personal
information, subject to certain exceptions. In addition,
tracking existing language of Civil Code Section 1798.81.5,
which applies to private businesses that keep a customer's
personal information, this bill would require utilities to
implement and maintain reasonable security measures to protect
consumption data and personal information. To the extent that
utilities are permitted to share information with third parties
- such as those that offer demand response and energy efficiency
programs - they must require by contract that the third party
maintain reasonable security procedures. If third parties share
any of that information for commercial purposes, this fact must
be conspicuously disclosed to the customer. Finally, the bill
�
SB 1476
Page 6
requires public utilities to offer customers at least one option
of accessing consumption data that does not require an agreement
to authorize the sharing of that data for commercial purposes.
ARGUMENTS IN SUPPORT : The author, who last year carried
legislation to require the PUC to develop a plan for
implementing a smart grid system, is obviously supportive of the
new technology. However, the author also believes that a
customer's information - both personally identifiable
information and specific consumption patterns - should be
protected from unauthorized access. For example, the author
notes that detailed consumption data can reveal sensitive
information about a customer's schedule and habits, including
the times at which a person may or may not be home or on
vacation. Finally, the author believes that consumers should
have an option to access their consumption data without having
to permit a third party to share, sell, or disclose that
information for commercial purposes.
The Public Utilities Commission, Sempra Energy, and SMUD have
generally supported this bill subject to certain amendments.
The most recent amendments reflected in the June 23 version of
the bill appear to address those concerns. Overall, the PUC and
the utilities have primarily been concerned that the bill not be
construed in a way that would prohibit utilities from sharing
information with third party "demand response" providers and
other parties that offer useful energy efficiency programs.
These efficiencies, after all, are the primary reason for
adopting smart meters. The June 23 amendments appear to have
removed this opposition. However, Sempra and TechNet (which
wrote a letter of concern) also requested technical amendments
listed below, and which the author has agreed to take.
Proposed Author Technical Amendments:
- On page 4 line 10 after "customer's" insert: unencrypted
- On page 4 line 22 after "response" insert: energy management
- On page 6 line 6 after "response" insert: energy management
- On page 6 line 17 after "customer's" insert: unencrypted
REGISTERED SUPPORT / OPPOSITION :
�
SB 1476
Page 7
Support
Division of Ratepayer Advocates, PUC
California Public Utilities Commission (if amended)
Sacramento Municipal Utility District (SMUD) (if amended)
Sempra Energy (if amended)
Opposition
None of file
Analysis Prepared by : Thomas Clark / JUD. / (916) 319-2334