BILL ANALYSIS                                                                                                                                                                                                    



                                                                  AB 1274
                                                                  Page  1


          ASSEMBLY THIRD READING
          AB 1274 (Bradford)
          As Amended April 18, 2013
          Majority vote 

           JUDICIARY           10-0                                        
           
           ----------------------------------------------------------------- 
          |Ayes:|Wieckowski, Wagner,       |     |                          |
          |     |Alejo, Chau, Dickinson,   |     |                          |
          |     |Garcia, Gorell,           |     |                          |
          |     |Maienschein, Muratsuchi,  |     |                          |
          |     |Stone                     |     |                          |
          |-----+--------------------------+-----+--------------------------|
          |     |                          |     |                          |
           ----------------------------------------------------------------- 
           SUMMARY  :  Prohibits a "customer premises network provider," as  
          defined, from sharing, disclosing, selling, or otherwise making  
          a customer's electrical and gas consumption data accessible to a  
          third party, except as specified.  Specifically,  this bill  :  

          1)Defines a "customer premises network provider" (network  
            provider) to mean a company that provides home area network  
            connectivity or commercial area network connectivity if the  
            network device receives electrical or gas consumption data  
            from a utility advanced metering system.  Specifies that  
            "customer premises network provider" does not include an  
            electrical or gas corporation or publicly owned utility merely  
            furnishing connectivity from the network devices within the  
            customer premises to its utility advanced metering system.

          2)Prohibits a network provider from sharing, disclosing, or  
            otherwise making accessible to a third party a customer's  
            electrical or gas consumption data, except upon the express  
            consent of the customer or as required under state or federal  
            law. 

          3)Prohibits a network provider from selling a customer's  
            electrical or gas consumption data or any other personally  
            identifiable information for any purpose.

          4)Prohibits a network provider and its contractors from  
            providing an incentive or discount to the customer for  
            accessing the customer's electrical or gas consumption data  








                                                                  AB 1274
                                                                  Page  2


            without the express consent of the customers. 

          5)Requires the network provider and its contractors to maintain  
            compliance with national or state standards for maintaining  
            energy data security in a manner that prevents negligent or  
            willful release of identity or personal information of one or  
            more utility customers. 

          6)Provides that if a network provider or its contractor provides  
            a service that allows a customer to monitor his or her  
            electricity or gas usage, and uses the data for a purpose  
            other than that specified in the agreement between the  
            customer and the network, the network must disclose this  
            purpose to the customer and secure the customer's consent  
            prior to use. 

          7)Requires a network provider to use generally accepted  
            principles and practices for securing a customer's unencrypted  
            data from unauthorized access, destruction, use, modification,  
            or disclosure.

          8)Provides that if the customer chooses to disclose consumption  
            data to a third party that is neither affiliated nor has no  
            business relationship with the network provider, the network  
            provider will not be responsible for the security, use, or  
            misuse of that data. 

          9)Permits a customer who suffers damages as a result of a  
            violation of the provisions of this bill to bring an action  
            and be entitled to remedies, as specified. 

           EXISTING LAW  :

          1)Prohibits an electrical corporation or gas corporation, and a  
            local publicly-owned utility, from sharing, disclosing, or  
            otherwise making accessible to a third party a customer's  
            electric or gas usage that is made available as part of an  
            advanced metering system.  

          2)Requires a gas or electrical corporation, and a local  
            publicly-owned utility, to use reasonable security procedures  
            and practices to protect a consumer's unencrypted data from  
            unauthorized access, destruction, use, modification, or  
            disclosure.  








                                                                  AB 1274
                                                                  Page  3



          3)Requires a business that owns or licenses personal information  
            about a California resident to implement and maintain  
            reasonable security procedures and practices to protect the  
            consumer information from unauthorized access.  

          4)Requires a business that discloses personal information about  
            a California resident pursuant to a contract with a  
            nonaffiliated third party to require by contract that the  
            third party implement and maintain reasonable security  
            measures to prevent unauthorized access to the personal  
            information.  

           FISCAL EFFECT  :  None

           COMMENTS  :  In the past, a "meter reader" came to our homes and  
          places of business and read our gas and electric meters in order  
          to determine our usage and bill us accordingly.  But today  
          public utilities have the ability to send that information over  
          the Internet through so-called "smart meters."  These devices,  
          however, do more than just send data to the public utility in  
          real time, they also allow consumers to monitor their energy  
          consumption patterns and, one hopes, use it to figure out ways  
          to be more efficient.  Almost three years ago the Assembly  
          Judiciary Committee heard SB 1476 (Padilla), Chapter 497,  
          Statutes of 2010.  SB 1476 required an investor-owned utility  
          (IOU) or publicly owned utility (POU) using advanced metering  
          (smart meters) to protect consumers' energy usage data from an  
          unauthorized access or disclosure.  It generally prohibited the  
          utilities from sharing or otherwise disclosing a customer's  
          consumption data and patterns to third parties without the  
          customer's consent, and it required those utilities to use  
          reasonable security procedures, including encryption.  Existing  
          law also prohibits gas and electric utilities from selling a  
          customer's usage data or any personal information or otherwise  
          sharing that data without the customer's consent.  Existing law  
          also requires the utility to maintain reasonable security  
          measures to protect the customer's consumer data. 

          This bill would extend many of the same prohibitions and  
          requirements that now apply to gas and electrical utilities to  
          the "customer premises network provider" - that is, the  
          customer's Internet service provider that receives data from the  
          smart meter and transmits it to the gas or electric utility.   








                                                                  AB 1274
                                                                  Page  4


          This bill would also allow a customer who suffers damages as a  
          result of a violation of the bills provision to bring an action  
          in a court of appropriate jurisdiction to recover specified  
          relief, including both money damages and injunctive relief. 
          
          The author describes the purpose of this bill as follows:  "As  
          technology becomes available to provide services to  
          Californian's that will allow them, in real time, to manage  
          their energy use it is important to ensure that privacy  
          safeguards are in place so that customers can be confident that  
          these new service providers will protect this information and  
          not misuse or sell it without consent.  Important legislation  
          has been enacted to protect the security of the energy grid.   
          But we need to make sure that the privacy of utility customers  
          are also protected so that this information is not available to  
          be used by those who might wish to cause harm to those  
          customers.  This bill will ensure that 3rd party providers of  
          services that access customer utility data will follow similar  
          rules that electric and gas utilities are already required to  
          follow."

           
          Analysis Prepared by  :   Thomas Clark / JUD. / (916) 319-2334 


                                                                FN: 0000391