as amended, Bradford. Privacy:
begin delete public utilities.end delete
Existing law prohibits, except as specified, an
begin delete electricend delete corporation or gas corporation, and a local publicly owned utility, from sharing, disclosing, or otherwise making accessible to a begin delete thirdend delete party a consumer’s electric or gas usage that is made available as a part of an advanced metering infrastructure, including the name, account number, and residence of the customer (data). Existing law requires the electrical corporation or gas corporation, and a begin delete locallyend delete publicly owned utility, to use reasonable security procedures and practices to provide a consumer’s unencrypted data from unauthorized access, destruction, use, modification, or disclosure.
Existing law makes the willful obtaining of personal identifying information, as defined, and use of that information for any unlawful purpose, a felony or misdemeanor. Existing law authorizes a person that has been injured as a result of a violation of this prohibition to bring an action against a claimant, as defined, to establish that they are a victim of identity theft, in connection with the claimant’s claim against that person and to bring a cross-complaint if the claimant has brought an action to recover on a claim against the person. A person who proves that he or she is a victim of identity theft by a preponderance of evidence is entitled to a judgment providing for actual damages, attorney’s fees, and costs, and any equitable relief that the court deems appropriate.
This bill would prohibit
begin delete an energy management service provider, as defined, from, among
other things, sharing, disclosing, or otherwise making a customer’s electrical or gas consumption data accessible to a 3rd party or selling a customer’s electrical or gas consumption data, except upon the consent of the customer, as specified. The bill would prohibit an energy management service provider or its contractors from providing an incentive or discount to the customer for accessing the customer’s electrical or gas consumption data without the prior consent of the
customer. The bill would prohibit
an energy management service provider or its contractor from providing a service that allows a customer to monitor his or her electricity or gas usage, except as specified.end delete
The bill would authorize a customer to bring a civil action for actual damages not to exceed $500 for each willful violation of these provisions.
Vote: majority. Appropriation: no. Fiscal committee: no. State-mandated local program: no.
The people of the State of California do enact as follows:
Title 1.81.4 (commencing with Section 1798.98)
30is added to Part 4 of Division 3 of the Civil Code, to read:
(a) For the purposes of this section, the following
36definitions shall apply:
37 (1) “Electrical or gas consumption data” has the meaning used
38in Section 8380 of the Public Utilities Code.
39(2) “Energy management service provider” means
an entity that
40receives electrical or gas consumption data from a utility advanced
P5 1metering system, but excludes an electrical or gas corporation or
2publicly owned utility or its agent, contractor, or vendor.
3(3) “Customer” means a residential customer or a nonresidential
4customer with a demand of 20kW or less during the previous
6(b) An energy management service provider and its contractors
7shall abide by the following:
8(1) An energy
management service provider shall not share,
9disclose, or otherwise make accessible to a third party a customer’s
10electrical or gas consumption data, except upon the express consent
11of the customer.
12(2) An energy management service provider shall not sell a
13customer’s electrical or gas consumption data or any other
14personally identifiable information for any purpose, except as
15provided in subdivision (d).
energy management service provider and its contractors
17shall not provide an incentive or discount to the customer for
18accessing the customer’s electrical or gas consumption data without
19the prior consent of the customer.
an energy management service provider or its contractor
21provides a service that allows a customer to monitor his or her
22electricity or gas usage, and uses the data for a purpose other than
23that specified in the agreement between the customer and the
24energy management service provider, either the energy
25management service provider shall prominently disclose the
26purpose and secure the customer’s express consent to the use of
27his or her data for that purpose prior to the use of the data, or the
28contract between the energy management service provider and its
29contractor shall provide that the contractor prominently discloses
30that purpose to the customer and secures the customer’s express
31consent to the use of his or her data for that purpose prior to the
32use of the data.
33(5) If an energy management service provider contracts with a
34third party for any service and that third party uses customer
35electrical or gas consumption data for a secondary commercial
36purpose, the energy management service provider shall prominently
37disclose that secondary commercial purpose and secure the
38customer’s consent to the use of his or her data for that purpose
39prior to the use of the data.
P6 1(6) An energy management service provider shall use industry
2standards for securing a customer’s unencrypted electrical or gas
3consumption data from the unauthorized access, destruction, use,
4modification, or disclosure of the data.
5(7) If a customer chooses to disclose his or her electrical or gas
6consumption data to a third party that is unaffiliated with, and has
7no other business relationship with, the energy management service
8provider, the energy management service provider shall not be
9responsible for the security of that data, or its use or misuse.
10(c) This section shall not preclude an energy management
11service provider from using or disclosing electrical or gas
12consumption data for analysis, research, reporting, sharing with
13third parties, or program management if the data has been
14aggregated sufficiently to protect individual customer identity and
15personally identifying information has been removed.
16(d) This section shall not preclude an energy management
17service provider, with the consent of the customer, from disclosing
18a customer’s electrical or gas consumption data to a third party for
19the operational needs of an electric or natural gas system or electric
20grid, or the implementation of demand response, energy
21management, or energy efficiency programs. The third party shall
22use industry standards for securing customer’s unencrypted data
23from the unauthorized access, destruction, use, modification, or
24disclosure of the data and for the destruction of data.
25(e) This section shall not preclude an energy management
26service provider from disclosing electrical or gas consumption
27data as required under state or federal law.
(a) A customer harmed by the release and
29unauthorized use of his or her electrical or gas consumption data,
30as described in Section 1798.98, may bring a civil action to recover
31actual damages in an amount not to exceed five hundred dollars
32($500) for each willful violation.
33(b) The rights, remedies, and penalties established by this title
34are in addition to the rights, remedies, or penalties established
35under any other law.
36(c) Nothing in this title shall abrogate any authority of the
37Attorney General to enforce existing law.