Amended in Assembly April 18, 2013

California Legislature—2013–14 Regular Session

Assembly BillNo. 1274


Introduced by Assembly Member Bradford

February 22, 2013


An act to addbegin delete Sections 8382 and 8383 to the Public Utilities Code, relating to public utilities.end deletebegin insert Title 1.81.4 (commencing with Section 1798.98) to Part 4 of Division 3 of the Civil Code, relating to privacy.end insert

LEGISLATIVE COUNSEL’S DIGEST

AB 1274, as amended, Bradford. begin deletePublic utilities: consumer privacy. end deletebegin insertPrivacy: public utilities.end insert

Existing law prohibits, except as specified, an electric corporation or gas corporation, and a local publicly owned utility, from sharing, disclosing, or otherwise making accessible to a third party a consumer’s electric or gas usage that is made available as a part of an advanced metering infrastructure, including the name, account number, and residence of the customer (data). Existing law requires the electrical corporation or gas corporation, and a locally publicly owned utility, to use reasonable security procedures and practices to provide a consumer’s unencrypted data from unauthorized access, destruction, use, modification, or disclosure.

begin insert

Existing law makes the willful obtaining of personal identifying information, as defined, and use of that information for any unlawful purpose, a felony or misdemeanor. Existing law authorizes a person that has been injured as a result of a violation of this prohibition to bring an action against a claimant, as defined, to establish that they are a victim of identity theft, in connection with the claimant’s claim against that person and to bring a cross-complaint if the claimant has brought an action to recover on a claim against the person. A person who proves that he or she is a victim of identity theft by a preponderance of evidence is entitled to a judgment providing for actual damages, attorney’s fees, and costs, and any equitable relief that the court deems appropriate.

end insert
begin delete

This bill would require the commission, by order or rule, to require an electrical corporation or gas corporation to establish, on or before December 31, 2014, communication standards and protocols for a home area network device that communicates electrical or gas consumption data, as defined, of that device to the electric corporation or gas corporation through an advanced metering infrastructure to ensure against the unauthorized access, destruction, use, modification, or disclosure of the data (cyber-security) and compatibility of the home area network devices. The bill would require a local publicly owned utility, on or before December 31, 2014, to establish communication standards and protocols for a home area network device that communicates electrical consumption data of that device to the utility to ensure cyber-security. The bill would require the electric corporation or gas corporation and a local publicly owned utility to provide to the consumer educational materials regarding cyber-security after the development of the communication standards and protocols.

end delete
begin insert

This bill would prohibit a customer premises network provider, as defined, from sharing, disclosing, or otherwise making a customer’s electrical or gas consumption data accessible to a 3rd party, except upon the express consent of the customer, selling a customer’s electrical or gas consumption data, providing an incentive or discount to the customer for accessing the customer’s electrical or gas consumption data without the prior consent of the customer, or failing to comply with national or state standards for maintaining energy data security, as specified. The bill would prohibit a customer premises network provider or its contractor from providing a service that allows a customer to monitor his or her electricity or gas usage, except as specified. The bill would also allow a customer who suffers damages as a result of a violation of these provisions to bring an action in a court of appropriate jurisdiction to recover relief as specified.

end insert

Vote: majority. Appropriation: no. Fiscal committee: begin deleteyes end deletebegin insertnoend insert. State-mandated local program: no.

The people of the State of California do enact as follows:

P3    1begin insert

begin insertSECTION 1.end insert  

end insert

begin insertTitle 1.81.4 (commencing with Section 1798.98)
2is added to Part 4 of Division 3 of the end insert
begin insertCivil Codeend insertbegin insert, to read:end insert

begin insert

3 

4Title begin insert1.81.4.end insert  Customer Premises Network
5Providers

6

 

7

begin insert1798.98.end insert  

(a) For the purposes of this section, the following
8definitions shall apply:

9 (1) “Electrical or gas consumption data” has the meaning used
10in Section 8380 of the Public Utilities Code.

11(2) “Customer premises network provider” means a company
12that provides home area network connectivity or commercial area
13network connectivity if the network device receives electrical or
14gas consumption data from a utility advanced metering system.
15The term “customer premises network provider” does not include
16an electrical or gas corporation or publicly owned utility merely
17furnishing connectivity from network devices within customer
18premises to its utility advanced metering system.

19(b) A customer premises network provider and its contractors
20shall abide by the following:

21(1) A customer premises network provider shall not share,
22disclose, or otherwise make accessible to a third party a customer’s
23electrical or gas consumption data, except upon the express consent
24of the customer.

25(2) A customer premises network provider shall not sell a
26customer’s electrical or gas consumption data or any other
27personally identifiable information for any purpose.

28(3) A customer premises network provider and its contractors
29shall not provide an incentive or discount to the customer for
30accessing the customer’s electrical or gas consumption data
31without the prior consent of the customer.

32(4) A customer premises network provider and its contractors
33shall maintain compliance with national or state standards for
34maintaining energy data security in a manner that prevents
35negligent or willful release of identity or personal information of
36one or more utility customers.

37(5) If a customer premises network provider or its contractor
38provides a service that allows a customer to monitor his or her
P4    1electricity or gas usage, and uses the data for a purpose other than
2that specified in the agreement between the customer and the
3customer premises network provider, either the customer premises
4network provider shall prominently disclose the purpose and secure
5the customer’s express consent to the use of his or her data for
6that purpose prior to the use of the data or the contract between
7the customer premises network provider and its contractor shall
8provide that the contractor prominently discloses that purpose to
9the customer and secures the customer’s express consent to the
10use of his or her data for that purpose prior to the use of the data.

11(6) A customer premises network provider shall use generally
12accepted principles and practices for securing a customer’s
13unencrypted electrical or gas consumption data from the
14unauthorized access, destruction, use, modification, or disclosure
15of the data.

16(7) If a customer chooses to disclose his or her electrical or gas
17consumption data to a third party that is unaffiliated with, and has
18no other business relationship with the customer premises network
19provider, the customer premises network provider shall not be
20responsible for the security of that data, or its use or misuse.

21(c) This section shall not preclude a customer premises network
22provider from disclosing electrical or gas consumption data as
23required under state or federal law.

24

begin insert1798.99.end insert  

(a) A customer who suffers damages as a result of a
25violation of Section 1798.98 by any entity or person may bring an
26action in a court of appropriate jurisdiction against that entity or
27person and the court may award any of the following:

28(1) In the case of a negligent violation, actual damages,
29including court costs, loss of wages, attorney’s fees, and, when
30applicable, pain and suffering.

31(2) In the case of a willful violation:

32(A) Actual damages as set forth in paragraph (1).

33(B) Punitive damages of not less than one hundred dollars
34($100) or more than five thousand dollars ($5,000) for each
35violation as the court deems proper.

36(C) Any other relief the court deems proper.

37(3) Injunctive relief shall be available to a consumer aggrieved
38by a violation or a threatened violation of this title whether or not
39the customer seeks any other remedy under this section.

P5    1(4) The prevailing plaintiffs in any action commenced under
2this section shall be entitled to recover court costs and reasonable
3attorney’s fees.

4(b) If a plaintiff only seeks and obtains injunctive relief to
5compel compliance with this title, court costs and attorney’s fees
6shall be awarded pursuant to Section 1021.5 of the Code of Civil
7Procedure.

8(c) Nothing in this section is intended to affect remedies
9available under Section 128.5 of the Code of Civil Procedure.

end insert
begin delete

  

10

SECTION 1.  

Section 8382 is added to the Public Utilities Code,
11to read:

12

8382.  

(a) The commission shall, by order or rule, require an
13electric corporation or gas corporation to establish, on or before
14December 31, 2014, communication standards and protocols for
15a home area network device that communicates electrical or gas
16consumption data of that device to the electric corporation or gas
17corporation through an advanced metering infrastructure to ensure
18against the unauthorized access, destruction, use, modification, or
19disclosure of the data and compatibility of the home area network
20devices.

21(b) An electric corporation or gas corporation shall ensure the
22consumer’s electrical or gas consumption data are not compromised
23by a third-party consultant of the corporation.

24(c) After the development of the communication standards and
25protocols, the electric corporation or gas corporation shall provide
26to consumers educational materials regarding measures to ensure
27against the unauthorized access, destruction, use, modification, or
28disclosure of the electrical or gas consumption data.

29(d) As used in this section, “electrical or gas consumption data”
30means a consumer’s electrical or gas usage, and includes the name,
31account number, or residence of the consumer.

32

SEC. 2.  

Section 8383 is added to the Public Utilities Code, to
33read:

34

8383.  

(a) On or before December 31, 2014, a local publicly
35owned electric utility shall establish communication standards and
36protocols for a home area network device that communicates
37electrical consumption data of that device to the utility through an
38advanced metering infrastructure to ensure against the unauthorized
39access, destruction, use, modification, or disclosure of the data
40and compatibility of the home area network devices.

P6    1(b) A local publicly owned electric utility shall ensure that the
2consumer’s electrical consumption data are not compromised by
3a third-party consultant of the utility.

4(c) After the development of the communication standards and
5protocols, the local publicly owned electric utility shall provide to
6consumers educational materials regarding measures to ensure
7against the unauthorized access, destruction, use, modification, or
8disclosure of the electrical or gas consumption data.

9(d) As used in this section, “electrical consumption data” means
10a consumer’s electrical usage, and includes the name, account
11number, or residence of the consumer.

end delete


O

    98