BILL ANALYSIS �Ó
AB 1274
Page 1
Date of Hearing: May 7, 2013
ASSEMBLY COMMITTEE ON JUDICIARY
Bob Wieckowski, Chair
AB 1274 (Bradford) - As Amended: April 18, 2013
SUBJECT : Privacy: Public Utilities
KEY ISSUE : Should the network provider that receives data from
a "smart meter" be prohibited from disclosing or selling a
customer's electrical or gas consumption data to third parties
without the customer's consent, and otherwise be required TO
keep the data secure?
FISCAL EFFECT : As currently in print this bill is keyed
non-fiscal.
SYNOPSIS
In recent years California has encouraged the use of "smart
meters" by public gas and electric utility companies. These
devices can send a customer's usage data over the Internet to
the public utility in real time, thereby obviating the need for
a utility company employee to come to the customer's residence
of commercial property to read a meter. But smart meters do
more than just send data directly to the utility company; they
also allow consumers to monitor their energy consumption
patterns and by doing so, the reasoning goes, figure out ways to
be more efficient in their energy use. These devices also make
it easier for utility companies to monitor peak times of energy
and thereby better allocate energy sources to different sectors
within an energy grid. However, along with its benefits, some
argue that these devices pose threats to privacy, especially
when a customer's consumption patterns can be shared widely and
rapidly across the Internet, potentially along with other
personal information. Three years ago this Committee heard AB
1476 (Chapter 497, Stats. of 2010). That legislation requires
gas and electric utilities that used smart meters to protect
consumers' energy usage data from unauthorized access or
disclosure. It generally prohibits the utilities from sharing,
selling, or otherwise disclosing a customer's consumption
patterns to third parties without the customer's consent, and it
requires those utilities to use reasonable security procedures,
including encryption. This author-sponsored bill would extend
many of these same prohibitions to the "customer premises
�
AB 1274
Page 2
network provider" - that is, the customer's Internet service
provider that receives data from the smart meter and transmits
it to the gas or electric utility. This bill would also allow a
customer who suffers damages as a result of a violation of the
bill's provision to bring a court action to recover specified
relief. There is no opposition to this bill.
SUMMARY : Prohibits a "customer premises network provider," as
defined, from sharing, disclosing, selling, or otherwise making
a customer's electrical and gas consumption data accessible to a
third party, except as specified. Specifically, this bill :
1)Defines a "customer premises network provider" [network
provider] to mean a company that provides home area network
connectivity or commercial area network connectivity if the
network device receives electrical or gas consumption data
from a utility advanced metering system. Specifies that
"customer premises network provider" does not include an
electrical or gas corporation or publicly owned utility merely
furnishing connectivity from the network devices within the
customer premises to its utility advanced metering system.
2)Prohibits a network provider from sharing, disclosing, or
otherwise making accessible to a third party a customer's
electrical or gas consumption data, except upon the express
consent of the customer or as required under state or federal
law.
3)Prohibits a network provider from selling a customer's
electrical or gas consumption data or any other personally
identifiable information for any purpose.
4)Prohibits a network provider and its contractors from
providing an incentive or discount to the customer for
accessing the customer's electrical or gas consumption data
without the express consent of the customers.
5)Requires the network provider and its contractors to maintain
compliance with national or state standards for maintaining
energy data security in a manner that prevents negligent or
willful release of identity or personal information of one or
more utility customers.
6)Provides that if a network provider or its contractor provides
a service that allows a customer to monitor his or her
�
AB 1274
Page 3
electricity or gas usage, and uses the data for a purpose
other than that specified in the agreement between the
customer and the network, the network must disclose this
purpose to the customer and secure the customer's consent
prior to use.
7)Requires a network provider to use generally accepted
principles and practices for securing a customer's unencrypted
data from unauthorized access, destruction, use, modification,
or disclosure.
8)If the customer chooses to disclose consumption data to a
third party that is neither affiliated nor has no business
relationship with the network provider, the network provider
will not be responsible for the security, use, or misuse of
that data.
9)Permits a customer who suffers damages as a result of a
violation of the provisions of this bill to bring an action
and be entitled to remedies, as specified.
EXISTING LAW :
1)Prohibits an electrical corporation or gas corporation, and a
local publicly-owned utility, from sharing, disclosing, or
otherwise making accessible to a third party a customer's
electric or gas usage that is made available as part of an
advanced metering system. (Public Utilities Code Section
8380.)
2)Requires a gas or electrical corporation, and a local
publicly-owned utility, to use reasonable security procedures
and practices to protect a consumer's unencrypted data from
unauthorized access, destruction, use, modification, or
disclosure. (Public Utilities Code Section 8381.)
3)Requires a business that owns or licenses personal information
about a California resident to implement and maintain
reasonable security procedures and practices to protect the
consumer information from unauthorized access. (Civil Code
Sections 1798.81.5.)
4)Requires a business that discloses personal information about
a California resident pursuant to a contract with a
nonaffiliated third party to require by contract that the
�
AB 1274
Page 4
third party implement and maintain reasonable security
measures to prevent unauthorized access to the personal
information. (Civil Code Section 1798.81.5 (c).)
COMMENTS : In the old days, a "meter reader" came to our homes
and places of business and read our gas and electric meters in
order to determine our usage and bill us accordingly. But today
public utilities have the ability to send that information over
the Internet through so-called "smart meters." These devices,
however, do more than just send data to the public utility in
real time, they also allow consumers to monitor their energy
consumption patterns and, one hopes, use it to figure out ways
to be more efficient. Almost three years ago this Committee
heard AB 1476 (Chapter 497, Stats. of 2010). That bill required
an investor-owned utility (IOU) or publicly owned utility (POU)
using advanced metering (smart meters) to protect consumers'
energy usage data from an unauthorized access or disclosure. It
generally prohibited the utilities from sharing or otherwise
disclosing a customer's consumption data and patterns to third
parties without the customer's consent, and it required those
utilities to use reasonable security procedures, including
encryption. Existing law also prohibits gas and electric
utilities from selling a customer's usage data or any personal
information or otherwise sharing that data without the
customer's consent. Existing law also requires the utility to
maintain reasonable security measures to protect the customer's
consumer data.
This author-sponsored bill would extend many of the same
prohibitions and requirements that now apply to gas and
electrical utilities to the "customer premises network provider"
- that is, the customer's Internet service provider that
receives data from the smart meter and transmits it to the gas
or electric utility. This bill would also allow a customer who
suffers damages as a result of a violation of the bills
provision to bring an action in a court of appropriate
jurisdiction to recover specified relief, including both money
damages and injunctive relief.
ARGUMENTS IN SUPPORT : The author describes the purpose of this
bill as follows: "As technology becomes available to provide
services to Californian's that will allow them, in real time, to
manage their energy use it is important to ensure that privacy
safeguards are in place so that customers can be confident that
these new service providers will protect this information and
�
AB 1274
Page 5
not misuse or sell it without consent. Important legislation
has been enacted to protect the security of the energy grid.
But we need to make sure that the privacy of utility customers
are also protected so that this information is not available to
be used by those who might wish to cause harm to those
customers. This bill will ensure that 3rd party providers of
services that access customer utility data will follow similar
rules that electric and gas utilities are already required to
follow."
REGISTERED SUPPORT / OPPOSITION :
Support
None on file
Opposition
None on file
Analysis Prepared by : Thomas Clark / JUD. / (916) 319-2334