BILL ANALYSIS �� 1
SENATE ENERGY, UTILITIES AND COMMUNICATIONS COMMITTEE
ALEX PADILLA, CHAIR
AB 1274 - Bradford Hearing Date:
June 18, 2013 A
As Amended: June 11, 2103 Non-FISCAL
B
1
2
7
4
DESCRIPTION
Current law restricts electric or gas corporations
(investor-owned utilities or IOUs) and local publicly-owned
utilities (POU) from sharing, disclosing, or otherwise making
accessible to any third party a customer's electrical or gas
consumption data that is made available as part of an advanced
metering infrastructure, except in specified circumstances, and
with the consent of the customer. (Public Utilities Codes
8380-8381)
This bill prohibits an energy management service provider
(provider), as defined, from sharing, selling, disclosing, or
otherwise making accessible the electrical or gas consumption
data of a residential or small business customer, except for
specified purposes, with the consent of the customer.
This bill permits a provider to use and disclose data for
analysis, research and reporting if the data has been aggregated
sufficiently to protect customer identify and requires a
provider to use industry standards for securing data to prevent
its unauthorized access, destruction, use, modification or
disclosure.
This bill defines a customer as a residential or nonresidential
customer with an electric demand of 20 kilowatts or less.
This bill permits a customer that is harmed by the unauthorized
release and use of their data to bring a civil action to recover
actual damages capped at $500 for each violation.
�
BACKGROUND
Smart Meter Roll-Out - Changes in how electricity is produced,
delivered and consumed require 'smarter' power systems with
secure, reliable communications capabilities. Advanced Meters,
or Smart Meters, enable a utility to provide customers with
detailed information about their energy usage at different times
of the day, which in turn enables customers to better manage
their energy use. Advanced Meters also allow for faster outage
detection and restoration of electricity service.
The smart meter is a two-way communication device which
transmits data back to the utility and negates the need for
manual meter readings. It also allows the utility to remotely
disable and enable supply and is the foundation for demand
response programs such as critical peak pricing which is
designed to reduce electrical consumption during times of peak
demand. With additional software smart meters open the door for
a consumer to access consumption data in real time and to manage
their energy use more proactively.
The CPUC required Southern California Edison to install
approximately 5.3 million smart meters, San Diego Gas and
Electric Company 1.4 million electric smart meters and 900,000
natural gas meters, and Pacific Gas and Electric Company
approximately 5 million electric meters and 4.2 million natural
gas meters.
The IOUs have installed more than 10 million smart meters that
are pre-equipped with built-in Home Area Network (HAN)
functionality. The HAN function of the smart meter allows
customers to monitor their household energy consumption in
real-time through a wireless device placed inside their home.
It is viewed by the CPUC as a key step in advancing California's
goals of providing timely, actionable information to customers
to enable them to optimally manage or reduce their energy
consumption and save money. A variety of HAN devices are being
introduced by third-party manufacturers and becoming available
in the marketplace. Customers will be able to choose and buy
their own device that communicates with their smart meter
through a wireless link. As a result those third parties will
also have access to electrical and gas consumption data.
�
COMMENTS
1. Author's Purpose . This bill provides private persons
and companies with safeguards to ensure that they can have
a reasonable expectation that their privacy is maintained
as the market for 3rd party providers grows in the
automated energy information service industry. Not only
can vulnerable IT systems result in grid reliability
issues, but they can also allow the widespread release of
private customer information and usage data. Unauthorized
disclosure of customer data can lead to knowledge of
customers usage patterns, whether a customer is home or
not, or harassment by individuals or other companies.
Privacy is a basic customer protection principle; ensuring
that private customer usage information is kept secure is a
fundamental premise for that principle.
Detailed electricity usage data offers a window into the
lives of people inside of a home by revealing what
individual appliances they are using, and the transmission
of the data potentially subjects this information to
interception or theft by unauthorized third parties or
hackers. According to the Department of Energy, smart
meters may be able to reveal occupants' daily schedules
(including times when they are at or away from home or
asleep), whether their homes are equipped with alarm
systems, whether they own expensive electronic equipment
such as plasma TVs, and whether they use certain types of
medical equipment.
2. Data Disclosure Restrictions Common . With the
increasing use of technology in nearly every aspect of
private and commercial activities, the security of consumer
data is critical to protect privacy and fraudulent
activities. The result has been state and federal
restrictions on the use of medical, financial and other
personally identifying information with disclosure only
upon consent of the consumer. The intent of this bill is
consistent with those statutes.
Technology has only just reached electric and gas utilities
with the installation of smart meters by all of the IOUs
and several POUs in the state. When fully deployed the
smart meter is intended to allow the customer to view their
�
data on-line, in real-time, via a utility website or
through third party applications such as Google Powermeter.
The question of how these data streams are monitored and
secured in order to insure customer privacy is of concern
to many. With additional software, the smart meter data
will show a customer's sleep, work, and travel habits, when
appliances are used, cooking and eating schedules, and
likely when a customer is home or not. This data can be a
great tool to manage peak electrical load and achieve
greater energy efficiency. It can however also be of great
interest to third parties for commercial purposes. The
ability of third parties to use utilities as conduits for
customer information or, from the home and bypassing the
utilities is novel and introduces new challenges to privacy
with respect to energy consumption.
This bill is intended to ensure that a consumer's electric
and gas consumption data remains confidential unless they
consent to give a third party access to that data. The
technology sector has expressed its clear intent to use the
consumer data for additional marketing purposes. For
instance, the use of a HAN can show that a refrigerator is
an energy hog and would result in the HAN company selling
that information to a refrigerator manufacturer which could
then market its product directly to the customer. This
bill would not prohibit the sale of the data but would
require customer consent and disclosure of the secondary
purpose.
3. Clarity Needed . As drafted the group of customers and
the businesses required to get customer consent for data
release is not clear in this bill. Current law provides
that electric or gas consumption data which a business
secures as a result of a contract with an IOU or POU for
any customers is confidential unless a customer consents to
its disclosure and use for a secondary purpose. This bill
departs from that standard and only requires customer
consent for disclosure if the data is for a residential or
small business customer and only for businesses that are
"energy management service providers" which is not a
designation currently used in the marketplace. The issue
presented by the author is critical but the form of the
protections is not easily managed in the marketplace.
Moreover, the bill authorizes a provider to use the data
�
for different purposes, with the customer's consent, in
seven different places in the bill but is vague as to
whether consent is required for those purposes not listed.
In order to ensure that this bill, which applies to data
that a business accesses outside of a contract with an IOU
or POU, is consistent with current law on the subject, and
that businesses are clearly and consistently required to
secure customer consent for data disclosure, the committee
may wish to consider amendments that require any business
that is authorized by a customer to access their electric
or gas consumption data to clearly disclose and secure the
permission of the customer before the data is used for any
purpose other than that which is the basis of the business
arrangement. This language is attached.
4. Remedies . This bill permits a customer that is harmed
by the unauthorized release and use of their data to bring
a civil action to recover actual damages capped at $500 for
each violation. This issue is not discussed in this
analysis and will be considered by the Senate Judiciary
Committee.
5. Double Referral . Should this bill be approved by the
committee, it will be re-referred to the Senate Committee
on Judiciary for its consideration.
ASSEMBLY VOTES
Assembly Floor (75-0)
Assembly Judiciary Committee (10-0)
Assembly Rules Committee (8-0)
POSITIONS
Sponsor:
Author
Support:
California Public Utilities Commission
Division of Ratepayer Advocates
�
Oppose:
None on file.
Kellie Smith
AB 1274 Analysis
Hearing Date: June 18, 2013