BILL ANALYSIS                                                                                                                                                                                                    



                                                                  AB 1274
                                                                  Page  1

          Date of Hearing:  May 7, 2013

                           ASSEMBLY COMMITTEE ON JUDICIARY
                                Bob Wieckowski, Chair
                   AB 1274 (Bradford) - As Amended: April 18, 2013
           
          SUBJECT  :  Privacy: Public Utilities 

           KEY ISSUE  :  Should the network provider that receives data from  
          a "smart meter" be prohibited from disclosing or selling a  
          customer's electrical or gas consumption data to third parties  
          without the customer's consent, and otherwise be required TO  
          keep the data secure? 

           FISCAL EFFECT  :  As currently in print this bill is keyed  
          non-fiscal.

                                      SYNOPSIS

          In recent years California has encouraged the use of "smart  
          meters" by public gas and electric utility companies.  These  
          devices can send a customer's usage data over the Internet to  
          the public utility in real time, thereby obviating the need for  
          a utility company employee to come to the customer's residence  
          of commercial property to read a meter.  But smart meters do  
          more than just send data directly to the utility company; they  
          also allow consumers to monitor their energy consumption  
          patterns and by doing so, the reasoning goes, figure out ways to  
          be more efficient in their energy use.  These devices also make  
          it easier for utility companies to monitor peak times of energy  
          and thereby better allocate energy sources to different sectors  
          within an energy grid.  However, along with its benefits, some  
          argue that these devices pose threats to privacy, especially  
          when a customer's consumption patterns can be shared widely and  
          rapidly across the Internet, potentially along with other  
          personal information.  Three years ago this Committee heard AB  
          1476 (Chapter 497, Stats. of 2010).  That legislation requires  
          gas and electric utilities that used smart meters to protect  
          consumers' energy usage data from unauthorized access or  
          disclosure.  It generally prohibits the utilities from sharing,  
          selling, or otherwise disclosing a customer's consumption  
          patterns to third parties without the customer's consent, and it  
          requires those utilities to use reasonable security procedures,  
          including encryption.  This author-sponsored bill would extend  
          many of these same prohibitions to the "customer premises  








                                                                  AB 1274
                                                                  Page  2

          network provider" - that is, the customer's Internet service  
          provider that receives data from the smart meter and transmits  
          it to the gas or electric utility.  This bill would also allow a  
          customer who suffers damages as a result of a violation of the  
          bill's provision to bring a court action to recover specified  
          relief.  There is no opposition to this bill.   
          
           SUMMARY  :  Prohibits a "customer premises network provider," as  
          defined, from sharing, disclosing, selling, or otherwise making  
          a customer's electrical and gas consumption data accessible to a  
          third party, except as specified.  Specifically,  this bill  :  

          1)Defines a "customer premises network provider" [network  
            provider] to mean a company that provides home area network  
            connectivity or commercial area network connectivity if the  
            network device receives electrical or gas consumption data  
            from a utility advanced metering system.  Specifies that  
            "customer premises network provider" does not include an  
            electrical or gas corporation or publicly owned utility merely  
            furnishing connectivity from the network devices within the  
            customer premises to its utility advanced metering system.

          2)Prohibits a network provider from sharing, disclosing, or  
            otherwise making accessible to a third party a customer's  
            electrical or gas consumption data, except upon the express  
            consent of the customer or as required under state or federal  
            law. 

          3)Prohibits a network provider from selling a customer's  
            electrical or gas consumption data or any other personally  
            identifiable information for any purpose.

          4)Prohibits a network provider and its contractors from  
            providing an incentive or discount to the customer for  
            accessing the customer's electrical or gas consumption data  
            without the express consent of the customers. 

          5)Requires the network provider and its contractors to maintain  
            compliance with national or state standards for maintaining  
            energy data security in a manner that prevents negligent or  
            willful release of identity or personal information of one or  
            more utility customers. 

          6)Provides that if a network provider or its contractor provides  
            a service that allows a customer to monitor his or her  








                                                                  AB 1274
                                                                  Page  3

            electricity or gas usage, and uses the data for a purpose  
            other than that specified in the agreement between the  
            customer and the network, the network must disclose this  
            purpose to the customer and secure the customer's consent  
            prior to use. 

          7)Requires a network provider to use generally accepted  
            principles and practices for securing a customer's unencrypted  
            data from unauthorized access, destruction, use, modification,  
            or disclosure.

          8)If the customer chooses to disclose consumption data to a  
            third party that is neither affiliated nor has no business  
            relationship with the network provider, the network provider  
            will not be responsible for the security, use, or misuse of  
            that data. 

          9)Permits a customer who suffers damages as a result of a  
            violation of the provisions of this bill to bring an action  
            and be entitled to remedies, as specified. 

           EXISTING LAW  :

          1)Prohibits an electrical corporation or gas corporation, and a  
            local publicly-owned utility, from sharing, disclosing, or  
            otherwise making accessible to a third party a customer's  
            electric or gas usage that is made available as part of an  
            advanced metering system.  (Public Utilities Code Section  
            8380.)

          2)Requires a gas or electrical corporation, and a local  
            publicly-owned utility, to use reasonable security procedures  
            and practices to protect a consumer's unencrypted data from  
            unauthorized access, destruction, use, modification, or  
            disclosure.  (Public Utilities Code Section 8381.) 

          3)Requires a business that owns or licenses personal information  
            about a California resident to implement and maintain  
            reasonable security procedures and practices to protect the  
            consumer information from unauthorized access.  (Civil Code  
            Sections 1798.81.5.)

          4)Requires a business that discloses personal information about  
            a California resident pursuant to a contract with a  
            nonaffiliated third party to require by contract that the  








                                                                  AB 1274
                                                                  Page  4

            third party implement and maintain reasonable security  
            measures to prevent unauthorized access to the personal  
            information.  (Civil Code Section 1798.81.5 (c).)

           COMMENTS  :  In the old days, a "meter reader" came to our homes  
          and places of business and read our gas and electric meters in  
          order to determine our usage and bill us accordingly.  But today  
          public utilities have the ability to send that information over  
          the Internet through so-called "smart meters."  These devices,  
          however, do more than just send data to the public utility in  
          real time, they also allow consumers to monitor their energy  
          consumption patterns and, one hopes, use it to figure out ways  
          to be more efficient.  Almost three years ago this Committee  
          heard AB 1476 (Chapter 497, Stats. of 2010).  That bill required  
          an investor-owned utility (IOU) or publicly owned utility (POU)  
          using advanced metering (smart meters) to protect consumers'  
          energy usage data from an unauthorized access or disclosure.  It  
          generally prohibited the utilities from sharing or otherwise  
          disclosing a customer's consumption data and patterns to third  
          parties without the customer's consent, and it required those  
          utilities to use reasonable security procedures, including  
          encryption.  Existing law also prohibits gas and electric  
          utilities from selling a customer's usage data or any personal  
          information or otherwise sharing that data without the  
          customer's consent.  Existing law also requires the utility to  
          maintain reasonable security measures to protect the customer's  
          consumer data. 

          This author-sponsored bill would extend many of the same  
          prohibitions and requirements that now apply to gas and  
          electrical utilities to the "customer premises network provider"  
          - that is, the customer's Internet service provider that  
          receives data from the smart meter and transmits it to the gas  
          or electric utility.  This bill would also allow a customer who  
          suffers damages as a result of a violation of the bills  
          provision to bring an action in a court of appropriate  
          jurisdiction to recover specified relief, including both money  
          damages and injunctive relief. 
          
           ARGUMENTS IN SUPPORT  :  The author describes the purpose of this  
          bill as follows: "As technology becomes available to provide  
          services to Californian's that will allow them, in real time, to  
          manage their energy use it is important to ensure that privacy  
          safeguards are in place so that customers can be confident that  
          these new service providers will protect this information and  








                                                                  AB 1274
                                                                  Page  5

          not misuse or sell it without consent.  Important legislation  
          has been enacted to protect the security of the energy grid.   
          But we need to make sure that the privacy of utility customers  
          are also protected so that this information is not available to  
          be used by those who might wish to cause harm to those  
          customers.  This bill will ensure that 3rd party providers of  
          services that access customer utility data will follow similar  
          rules that electric and gas utilities are already required to  
          follow."

           REGISTERED SUPPORT / OPPOSITION  :   

           Support 
           
          None on file

           Opposition 
           
          None on file
           
          Analysis Prepared by  :   Thomas Clark / JUD. / (916) 319-2334