BILL ANALYSIS                                                                                                                                                                                                              1





                SENATE ENERGY, UTILITIES AND COMMUNICATIONS COMMITTEE
                                 ALEX PADILLA, CHAIR
          

          AB 1274 -  Bradford                               Hearing Date:   
          June 18, 2013              A
          As Amended:         June 11, 2103                 Non-FISCAL      
            B

                                                                        1
                                                                        2
                                                                        7
                                                                        4

                                      DESCRIPTION
           
           Current law  restricts electric or gas corporations  
          (investor-owned utilities or IOUs) and local publicly-owned  
          utilities (POU) from sharing, disclosing, or otherwise making  
          accessible to any third party a customer's electrical or gas  
          consumption data that is made available as part of an advanced  
          metering infrastructure, except in specified circumstances, and  
          with the consent of the customer.  (Public Utilities Codes  
          8380-8381) 

           This bill  prohibits an energy management service provider  
          (provider), as defined, from sharing, selling, disclosing, or  
          otherwise making accessible the electrical or gas consumption  
          data of a residential or small business customer, except for  
          specified purposes, with the consent of the customer.

           This bill  permits a provider to use and disclose data for  
          analysis, research and reporting if the data has been aggregated  
          sufficiently to protect customer identify and requires a  
          provider to use industry standards for securing data to prevent  
          its unauthorized access, destruction, use, modification or  
          disclosure. 

           This bill  defines a customer as a residential or nonresidential  
          customer with an electric demand of 20 kilowatts or less.

          This bill  permits a customer that is harmed by the unauthorized  
          release and use of their data to bring a civil action to recover  
          actual damages capped at $500 for each violation.












                                      BACKGROUND
           
          Smart Meter Roll-Out - Changes in how electricity is produced,  
          delivered and consumed require 'smarter' power systems with  
          secure, reliable communications capabilities. Advanced Meters,  
          or Smart Meters, enable a utility to provide customers with  
          detailed information about their energy usage at different times  
          of the day, which in turn enables customers to better manage  
          their energy use. Advanced Meters also allow for faster outage  
          detection and restoration of electricity service.

          The smart meter is a two-way communication device which  
          transmits data back to the utility and negates the need for  
          manual meter readings.  It also allows the utility to remotely  
          disable and enable supply and is the foundation for demand  
          response programs such as critical peak pricing which is  
          designed to reduce electrical consumption during times of peak  
          demand.  With additional software smart meters open the door for  
          a consumer to access consumption data in real time and to manage  
          their energy use more proactively.  

          The CPUC required Southern California Edison to install  
          approximately 5.3 million smart meters, San Diego Gas and  
          Electric Company 1.4 million electric smart meters and 900,000  
          natural gas meters, and Pacific Gas and Electric Company  
          approximately 5 million electric meters and 4.2 million natural  
          gas meters. 

          The IOUs have installed more than 10 million smart meters that  
          are pre-equipped with built-in Home Area Network (HAN)  
          functionality.   The HAN function of the smart meter allows  
          customers to monitor their household energy consumption in  
          real-time through a wireless device placed inside their home.   
          It is viewed by the CPUC as a key step in advancing California's  
          goals of providing timely, actionable information to customers  
          to enable them to optimally manage or reduce their energy  
          consumption and save money. A variety of HAN devices are being  
          introduced by third-party manufacturers and becoming available  
          in the marketplace. Customers will be able to choose and buy  
          their own device that communicates with their smart meter  
          through a wireless link.  As a result those third parties will  
          also have access to electrical and gas consumption data.











                                       COMMENTS
           
              1.   Author's Purpose  .  This bill provides private persons  
               and companies with safeguards to ensure that they can have  
               a reasonable expectation that their privacy is maintained  
               as the market for 3rd party providers grows in the  
               automated energy information service industry.  Not only  
               can vulnerable IT systems result in grid reliability  
               issues, but they can also allow the widespread release of  
               private customer information and usage data. Unauthorized  
               disclosure of customer data can lead to knowledge of  
               customers usage patterns, whether a customer is home or  
               not, or harassment by individuals or other companies.  
               Privacy is a basic customer protection principle; ensuring  
               that private customer usage information is kept secure is a  
               fundamental premise for that principle.

               Detailed electricity usage data offers a window into the  
               lives of people inside of a home by revealing what  
               individual appliances they are using, and the transmission  
               of the data potentially subjects this information to  
               interception or theft by unauthorized third parties or  
               hackers.  According to the Department of Energy, smart  
               meters may be able to reveal occupants' daily schedules  
               (including times when they are at or away from home or  
               asleep), whether their homes are equipped with alarm  
               systems, whether they own expensive electronic equipment  
               such as plasma TVs, and whether they use certain types of  
               medical equipment.

              2.   Data Disclosure Restrictions Common  .  With the  
               increasing use of technology in nearly every aspect of  
               private and commercial activities, the security of consumer  
               data is critical to protect privacy and fraudulent  
               activities.  The result has been state and federal  
               restrictions on the use of medical, financial and other  
               personally identifying information with disclosure only  
               upon consent of the consumer.  The intent of this bill is  
               consistent with those statutes.

               Technology has only just reached electric and gas utilities  
               with the installation of smart meters by all of the IOUs  
               and several POUs in the state.  When fully deployed the  
               smart meter is intended to allow the customer to view their  










               data on-line, in real-time, via a utility website or  
               through third party applications such as Google Powermeter.  
                The question of how these data streams are monitored and  
               secured in order to insure customer privacy is of concern  
               to many.  With additional software, the smart meter data  
               will show a customer's sleep, work, and travel habits, when  
               appliances are used, cooking and eating schedules, and  
               likely when a customer is home or not.  This data can be a  
               great tool to manage peak electrical load and achieve  
               greater energy efficiency.  It can however also be of great  
               interest to third parties for commercial purposes.  The  
               ability of third parties to use utilities as conduits for  
               customer information or, from the home and bypassing the  
               utilities is novel and introduces new challenges to privacy  
               with respect to energy consumption.  

               This bill is intended to ensure that a consumer's electric  
               and gas consumption data remains confidential unless they  
               consent to give a third party access to that data.  The  
               technology sector has expressed its clear intent to use the  
               consumer data for additional marketing purposes.  For  
               instance, the use of a HAN can show that a refrigerator is  
               an energy hog and would result in the HAN company selling  
               that information to a refrigerator manufacturer which could  
               then market its product directly to the customer.  This  
               bill would not prohibit the sale of the data but would  
               require customer consent and disclosure of the secondary  
               purpose.

              3.   Clarity Needed  .  As drafted the group of customers and  
               the businesses required to get customer consent for data  
               release is not clear in this bill.  Current law provides  
               that electric or gas consumption data which a business  
               secures as a result of a contract with an IOU or POU for  
               any customers is confidential unless a customer consents to  
               its disclosure and use for a secondary purpose.  This bill  
               departs from that standard and only requires customer  
               consent for disclosure if the data is for a residential or  
               small business customer and only for businesses that are  
               "energy management service providers" which is not a  
               designation currently used in the marketplace.  The issue  
               presented by the author is critical but the form of the  
               protections is not easily managed in the marketplace.   
               Moreover, the bill authorizes a provider to use the data  










               for different purposes, with the customer's consent, in  
               seven different places in the bill but is vague as to  
               whether consent is required for those purposes not listed.   


               In order to ensure that this bill, which applies to data  
               that a business accesses outside of a contract with an IOU  
               or POU, is consistent with current law on the subject, and  
               that businesses are clearly and consistently required to  
               secure customer consent for data disclosure, the committee  
               may wish to consider amendments that require any business  
               that is authorized by a customer to access their electric  
               or gas consumption data to clearly disclose and secure the  
               permission of the customer before the data is used for any  
               purpose other than that which is the basis of the business  
               arrangement. This language is attached. 

              4.   Remedies  .  This bill permits a customer that is harmed  
               by the unauthorized release and use of their data to bring  
               a civil action to recover actual damages capped at $500 for  
               each violation.  This issue is not discussed in this  
               analysis and will be considered by the Senate Judiciary  
               Committee.

              5.   Double Referral  . Should this bill be approved by the  
               committee, it will be re-referred to the Senate Committee  
               on Judiciary for its consideration. 

                                    ASSEMBLY VOTES
           
          Assembly Floor                     (75-0)
          Assembly Judiciary Committee       (10-0)
          Assembly Rules Committee           (8-0)

                                       POSITIONS
           
           Sponsor:
           
          Author

           Support:
           
          California Public Utilities Commission
          Division of Ratepayer Advocates











           Oppose:
           
          None on file.

          














          Kellie Smith 
          AB 1274 Analysis
          Hearing Date:  June 18, 2013