AB 1274, as amended, Bradford. Privacy: public utilities.
Existing law prohibits, except as specified, an electric corporation or gas corporation, and a local publicly owned utility, from sharing, disclosing, or otherwise making accessible to a third party a consumer’s electric or gas usage that is made available as a part of an advanced metering infrastructure, including the name, account number, and residence of the customer (data). Existing law requires the electrical corporation or gas corporation, and a locally publicly owned utility, to use reasonable security procedures and practices to provide a consumer’s unencrypted data from unauthorized access, destruction, use, modification, or disclosure.
Existing law makes the willful obtaining of personal identifying information, as defined, and use of that information for any unlawful purpose, a felony or misdemeanor. Existing law authorizes a person that has been injured as a result of a violation of this prohibition to bring an action against a claimant, as defined, to establish that they are a victim of identity theft, in connection with the claimant’s claim against that person and to bring a cross-complaint if the claimant has brought an action to recover on a claim against the person. A person who proves that he or she is a victim of identity theft by a preponderance of evidence is entitled to a judgment providing for actual damages, attorney’s fees, and costs, and any equitable relief that the court deems appropriate.
This bill would prohibitbegin delete a customer premises networkend deletebegin insert an energy management serviceend insert provider, as defined, frombegin insert, among
other things,end insert sharing, disclosing, or otherwise making a customer’s electrical or gas consumption data accessible to a 3rd partybegin delete, except upon the express consent of the customer,end deletebegin insert orend insert selling a customer’s electrical or gas consumption data,begin insert except upon the consent of the customer, as specified. The bill would prohibit an energy management service provider or its contractors fromend insert providing an incentive or discount to the customer for accessing the customer’s electrical or gas consumption data without the prior consent of thebegin delete customer, or failing to comply with national or state standards for maintaining energy data security, as specifiedend deletebegin insert
customerend insert. The bill would prohibitbegin delete a customer premises networkend deletebegin insert
an energy management serviceend insert provider or its contractor from providing a service that allows a customer to monitor his or her electricity or gas usage, except as specified. The bill wouldbegin delete also allowend deletebegin insert authorizeend insert a customerbegin delete who suffers damages as a result of a violation of these provisions to bring anend deletebegin insert to bring a civilend insert actionbegin delete in a court of appropriate jurisdiction to recover relief as specifiedend deletebegin insert for actual damages not to exceed $500 for
each willful violation of these provisionsend insert.
Vote: majority. Appropriation: no. Fiscal committee: no. State-mandated local program: no.
The people of the State of California do enact as follows:
Title 1.81.4 (commencing with Section 1798.98)
2is added to Part 4 of Division 3 of the Civil Code, to read:
3
(a) For the purposes of this section, the following
8definitions shall apply:
9 (1) “Electrical or gas consumption data” has the meaning used
10in Section 8380 of the Public Utilities Code.
11(2) begin delete“Customer premises network provider” end deletebegin insert“Energy
12management service providerend insertbegin insert” end insertmeansbegin delete a companyend deletebegin insert
an entity end insert that
P3 1begin delete provides home area network connectivity or commercial area receives electrical or
2network connectivity if the network deviceend delete
3gas consumption data from a utility advanced metering systembegin insert,
4but excludes an electrical or gas corporation or publicly owned
5utility or its agent, contractor, or vendorend insert. begin deleteThe term “customer
6premises network provider” does not include an electrical or gas
7corporation or publicly owned utility merely furnishing
8connectivity from network devices within customer premises to
9its utility advanced
metering system.end delete
10(3) “Customer” means a residential customer or a
11nonresidential customer with a demand of 20kW or less during
12the previous calendar year.
13(b) begin deleteA customer premises network end deletebegin insertAn energy management service end insert
14provider and its contractors shall abide by the following:
15(1) begin deleteA customer premises network end deletebegin insertAn energy
management service end insert
16provider shall not share, disclose, or otherwise make accessible to
17a third party a customer’s electrical or gas consumption data, except
18upon the express consent of the customer.
19(2) begin deleteA customer premises network end deletebegin insertAn energy management service end insert
20provider shall not sell a customer’s electrical or gas consumption
21data or any other personally identifiable information for any
22purposebegin insert, except as provided in subdivision (d)end insert.
23(3) begin deleteA customer premises network end deletebegin insertAn
energy management service end insert
24provider and its contractors shall not provide an incentive or
25discount to the customer for accessing the customer’s electrical or
26gas consumption data without the prior consent of the customer.
27(4) A customer premises network provider and its contractors
28shall maintain compliance with national or state standards for
29maintaining energy data security in a manner that prevents
30negligent or willful release of identity or personal information of
31one or more utility customers.
32(5)
end delete
33begin insert(4)end insert Ifbegin delete a customer premises networkend deletebegin insert
an energy management
34serviceend insert provider or its contractor provides a service that allows a
35customer to monitor his or her electricity or gas usage, and uses
36the data for a purpose other than that specified in the agreement
37between the customer and the begin deletecustomer premises networkend deletebegin insert energy
38management serviceend insert provider, either thebegin delete customer premises begin insert energy management serviceend insert provider shall prominently
39networkend delete
40disclose the purpose and secure the customer’s express consent to
P4 1the use of his or her data for that purpose prior to the use of
the
2databegin insert,end insert or the contract between thebegin delete customer premises networkend deletebegin insert energy
3management serviceend insert provider and its contractor shall provide that
4the contractor prominently discloses that purpose to the customer
5and secures the customer’s express consent to the use of his or her
6data for that purpose prior to the use of the data.
7(5) If an energy management service provider contracts with a
8third party for any service and that third party uses customer
9electrical or gas consumption data for a secondary commercial
10purpose, the energy management
service provider shall
11prominently disclose that secondary commercial purpose and
12secure the customer’s consent to the use of his or her data for that
13purpose prior to the use of the data.
14(6) begin deleteA customer premises network end deletebegin insertAn energy management service end insert
15provider shall use begin deletegenerally accepted principles and practicesend delete
16begin insert industry standardsend insert for securing a customer’s unencrypted electrical
17or gas consumption data from the unauthorized access, destruction,
18use, modification, or disclosure of the data.
19(7) If a customer chooses to disclose his or her electrical or gas
20consumption data to a third party that is unaffiliated with, and has
21no other business relationship withbegin insert,end insert thebegin delete customer premises networkend delete
22begin insert energy management service end insert provider, thebegin delete customer premises begin insert energy management serviceend insert provider shall not be
23networkend delete
24responsible for the security of that data, or its use or misuse.
25(c) This section shall not preclude an energy management
26service provider from using or disclosing electrical or gas
27consumption data for analysis, research, reporting, sharing with
28third parties, or program management if the data has been
29aggregated sufficiently to protect individual customer identity and
30personally identifying information has been removed.
31(d) This section shall not preclude an energy management
32service provider, with the consent of the customer, from disclosing
33a customer’s electrical or gas consumption data to a third party
34for the operational needs of an electric or natural gas system or
35electric grid, or the implementation of demand response, energy
36management, or energy efficiency programs. The third party shall
37use industry standards for securing customer’s unencrypted data
38from the unauthorized access, destruction, use, modification, or
39disclosure of the
data and for the destruction of data.
40(c)
end delete
P5 1begin insert(e)end insert This section shall not precludebegin delete a customer premises networkend delete
2begin insert an energy management serviceend insert provider from disclosing electrical
3or gas consumption data as required under state or federal law.
(a) A customer who suffers damages as a result of a
5violation of Section 1798.98 by any entity or person may bring an
6action in a court of appropriate jurisdiction against that entity or
7person and the court may award any of the following:
8(1) In the case of a negligent violation, actual damages, including
9court costs, loss of wages, attorney’s fees, and, when applicable,
10pain and suffering.
11(2) In the case of a willful violation:
12(A) Actual damages as set forth in paragraph (1).
13(B) Punitive damages of not less than one hundred dollars ($100)
14or
more than five thousand dollars ($5,000) for each violation as
15the court deems proper.
16(C) Any other relief the court deems proper.
17(3) Injunctive relief shall be available to a consumer aggrieved
18by a violation or a threatened violation of this title whether or not
19the customer seeks any other remedy under this section.
20(4) The prevailing plaintiffs in any action commenced under
21this section shall be entitled to recover court costs and reasonable
22attorney’s fees.
23(b) If a plaintiff only seeks and obtains injunctive relief to
24compel compliance with this title, court costs and attorney’s fees
25shall be awarded pursuant to Section 1021.5 of the Code of Civil
26Procedure.
27(c) Nothing in this
section is intended to affect remedies
28available under Section 128.5 of the Code of Civil Procedure.
(a) A customer harmed by the release and
30unauthorized use of his or her electrical or gas consumption data,
31as described in Section 1798.98, may bring a civil action to recover
32actual damages in an amount not to exceed five hundred dollars
33($500) for each willful violation.
34(b) The rights, remedies, and penalties established by this title
35are in addition to the rights, remedies, or penalties established
36under any other law.
37(c) Nothing in this title shall abrogate any authority of the
38Attorney General to enforce existing law.
O
97