BILL ANALYSIS �Ó
AB 1274
Page 1
ASSEMBLY THIRD READING
AB 1274 (Bradford)
As Amended April 18, 2013
Majority vote
JUDICIARY 10-0
-----------------------------------------------------------------
|Ayes:|Wieckowski, Wagner, | | |
| |Alejo, Chau, Dickinson, | | |
| |Garcia, Gorell, | | |
| |Maienschein, Muratsuchi, | | |
| |Stone | | |
|-----+--------------------------+-----+--------------------------|
| | | | |
-----------------------------------------------------------------
SUMMARY : Prohibits a "customer premises network provider," as
defined, from sharing, disclosing, selling, or otherwise making
a customer's electrical and gas consumption data accessible to a
third party, except as specified. Specifically, this bill :
1)Defines a "customer premises network provider" (network
provider) to mean a company that provides home area network
connectivity or commercial area network connectivity if the
network device receives electrical or gas consumption data
from a utility advanced metering system. Specifies that
"customer premises network provider" does not include an
electrical or gas corporation or publicly owned utility merely
furnishing connectivity from the network devices within the
customer premises to its utility advanced metering system.
2)Prohibits a network provider from sharing, disclosing, or
otherwise making accessible to a third party a customer's
electrical or gas consumption data, except upon the express
consent of the customer or as required under state or federal
law.
3)Prohibits a network provider from selling a customer's
electrical or gas consumption data or any other personally
identifiable information for any purpose.
4)Prohibits a network provider and its contractors from
providing an incentive or discount to the customer for
accessing the customer's electrical or gas consumption data
�
AB 1274
Page 2
without the express consent of the customers.
5)Requires the network provider and its contractors to maintain
compliance with national or state standards for maintaining
energy data security in a manner that prevents negligent or
willful release of identity or personal information of one or
more utility customers.
6)Provides that if a network provider or its contractor provides
a service that allows a customer to monitor his or her
electricity or gas usage, and uses the data for a purpose
other than that specified in the agreement between the
customer and the network, the network must disclose this
purpose to the customer and secure the customer's consent
prior to use.
7)Requires a network provider to use generally accepted
principles and practices for securing a customer's unencrypted
data from unauthorized access, destruction, use, modification,
or disclosure.
8)Provides that if the customer chooses to disclose consumption
data to a third party that is neither affiliated nor has no
business relationship with the network provider, the network
provider will not be responsible for the security, use, or
misuse of that data.
9)Permits a customer who suffers damages as a result of a
violation of the provisions of this bill to bring an action
and be entitled to remedies, as specified.
EXISTING LAW :
1)Prohibits an electrical corporation or gas corporation, and a
local publicly-owned utility, from sharing, disclosing, or
otherwise making accessible to a third party a customer's
electric or gas usage that is made available as part of an
advanced metering system.
2)Requires a gas or electrical corporation, and a local
publicly-owned utility, to use reasonable security procedures
and practices to protect a consumer's unencrypted data from
unauthorized access, destruction, use, modification, or
disclosure.
�
AB 1274
Page 3
3)Requires a business that owns or licenses personal information
about a California resident to implement and maintain
reasonable security procedures and practices to protect the
consumer information from unauthorized access.
4)Requires a business that discloses personal information about
a California resident pursuant to a contract with a
nonaffiliated third party to require by contract that the
third party implement and maintain reasonable security
measures to prevent unauthorized access to the personal
information.
FISCAL EFFECT : None
COMMENTS : In the past, a "meter reader" came to our homes and
places of business and read our gas and electric meters in order
to determine our usage and bill us accordingly. But today
public utilities have the ability to send that information over
the Internet through so-called "smart meters." These devices,
however, do more than just send data to the public utility in
real time, they also allow consumers to monitor their energy
consumption patterns and, one hopes, use it to figure out ways
to be more efficient. Almost three years ago the Assembly
Judiciary Committee heard SB 1476 (Padilla), Chapter 497,
Statutes of 2010. SB 1476 required an investor-owned utility
(IOU) or publicly owned utility (POU) using advanced metering
(smart meters) to protect consumers' energy usage data from an
unauthorized access or disclosure. It generally prohibited the
utilities from sharing or otherwise disclosing a customer's
consumption data and patterns to third parties without the
customer's consent, and it required those utilities to use
reasonable security procedures, including encryption. Existing
law also prohibits gas and electric utilities from selling a
customer's usage data or any personal information or otherwise
sharing that data without the customer's consent. Existing law
also requires the utility to maintain reasonable security
measures to protect the customer's consumer data.
This bill would extend many of the same prohibitions and
requirements that now apply to gas and electrical utilities to
the "customer premises network provider" - that is, the
customer's Internet service provider that receives data from the
smart meter and transmits it to the gas or electric utility.
�
AB 1274
Page 4
This bill would also allow a customer who suffers damages as a
result of a violation of the bills provision to bring an action
in a court of appropriate jurisdiction to recover specified
relief, including both money damages and injunctive relief.
The author describes the purpose of this bill as follows: "As
technology becomes available to provide services to
Californian's that will allow them, in real time, to manage
their energy use it is important to ensure that privacy
safeguards are in place so that customers can be confident that
these new service providers will protect this information and
not misuse or sell it without consent. Important legislation
has been enacted to protect the security of the energy grid.
But we need to make sure that the privacy of utility customers
are also protected so that this information is not available to
be used by those who might wish to cause harm to those
customers. This bill will ensure that 3rd party providers of
services that access customer utility data will follow similar
rules that electric and gas utilities are already required to
follow."
Analysis Prepared by : Thomas Clark / JUD. / (916) 319-2334
FN: 0000391