BILL ANALYSIS                                                                                                                                                                                                    Ó



                                                                            



           ----------------------------------------------------------------- 
          |SENATE RULES COMMITTEE            |                       AB 1274|
          |Office of Senate Floor Analyses   |                              |
          |1020 N Street, Suite 524          |                              |
          |(916) 651-1520         Fax: (916) |                              |
          |327-4478                          |                              |
           ----------------------------------------------------------------- 
           
                                           
                                    THIRD READING


          Bill No:  AB 1274
          Author:   Bradford (D)
          Amended:  7/8/13 in Senate
          Vote:     21

           
           SENATE ENERGY, UTIL. & COMMUNIC. COMMITTEE  :  8-0, 6/18/13
          AYES:  Padilla, Fuller, Corbett, DeSaulnier, Hill, Knight, Wolk,  
            Wright
          NO VOTE RECORDED:  Cannella, De León, Pavley

           SENATE JUDICIARY COMMITTEE  :  6-0, 7/2/13
          AYES:  Walters, Anderson, Corbett, Jackson, Leno, Monning
          NO VOTE RECORDED:  Evans
           
          ASSEMBLY FLOOR  :  75-0, 5/9/13 - See last page for vote


           SUBJECT  :    Privacy:  customer electrical or natural gas usage  
          data

          SOURCE  :     Author


           DIGEST  :    This bill prohibits a business, as defined, from  
          sharing, selling, disclosing, or otherwise making accessible the  
          electrical or gas consumption data of a residential or small  
          business customer, except as specified.

           ANALYSIS :    

          Existing law:

                                                                CONTINUED





                                                                    AB 1274
                                                                     Page  
          2

           1. Provides that, among other rights, all people have an  
             inalienable right to pursue and obtain privacy. 

           2. States that a local publicly owned utility (POU), an  
             electrical corporation, or gas corporation, shall not share,  
             disclose, or otherwise make accessible to any third party a  
             customer's electrical or gas consumption data, except as  
             specified or upon the consent of the customer.  Also  
             prohibits these entities from selling a customer's utility  
             consumption data.  

           3. Provides that if an electrical or gas corporation or local  
             publicly owned electric utility contracts with a third party  
             for a service that permits a customer to monitor his/her  
             electricity or gas usage and the third party uses that  
             information for a secondary commercial purpose, the contract  
             between the utility and third party shall provide that the  
             third party prominently disclose that secondary commercial  
             purpose to the customer and require the third party to secure  
             the customer's consent prior to the use of the data for that  
             secondary commercial purpose.  

           4. States that a local POU, an electrical corporation, or gas  
             corporation, shall not provide an incentive or discount to  
             the customer for accessing the customer's utility consumption  
             data without the prior consent of the customer.  

           5. States that a local POU, an electrical corporation, or gas  
             corporation, shall use reasonable security procedures and  
             practices to protect a customer's unencrypted electrical or  
             gas consumption data from unauthorized access, destruction,  
             use, modification, or disclosure.  

           6. Does not preclude a local POU, an electrical corporation, or  
             gas corporation, from disclosing a customer's electrical or  
             gas consumption data to a third party for system, grid, or  
             operational needs, or the implementation of demand response,  
             energy management, or energy efficiency programs, provided  
             that, for contracts entered into after January 1, 2011, the  
             utility has required by contract that the third party  
             implement and maintain reasonable security procedures and  
             practices appropriate to the nature of the information, to  
             protect the personal information from unauthorized access,  
             destruction, use, modification, or disclosure, and prohibits  

                                                                CONTINUED





                                                                    AB 1274
                                                                     Page  
          3

             the use of the data for a secondary commercial purpose not  
             related to the primary purpose of the contract without the  
             customer's prior consent to that use.  

          This bill:

           1. Provides that unless otherwise required or authorized by  
             federal or state law, a business shall not share, disclose,  
             or otherwise make accessible to any third party a customer's  
             data without obtaining the express consent of the customer  
             and conspicuously disclosing to whom the disclosure will be  
             made and how the data will be used.

           2. Provides that a business shall not provide an incentive or  
             discount to the customer for accessing the data without the  
             prior consent of the customer.

           3. Provides that a business shall implement and maintain  
             reasonable security procedures and practices appropriate to  
             the nature of the information to protect the data from  
             unauthorized access, destruction, use, modification, or  
             disclosure.

           4. Provides that a business that discloses data, with the  
             express consent of the customer, pursuant to a contract with  
             a nonaffiliated third party, shall require by contract that  
             the third party implement and maintain reasonable security  
             procedures and practices appropriate to the nature of the  
             information, to protect the data from unauthorized access,  
             destruction, use, modification, or disclosure.

           5. Provides further that a business shall take all reasonable  
             steps to dispose, or arrange for the disposal, of customer  
             data within its custody or control when the records are no  
             longer to be retained by the business by (a) shredding, (b)  
             erasing, or (c) otherwise modifying the data in those records  
             to make it unreadable or undecipherable through any means.

           6. Provides that a customer harmed by the release and  
             unauthorized use of his/her customer data, in violation of  
             the above provisions, may bring a civil action to recover  
             actual damages in an amount not to exceed $500 for each  
             willful violation. 


                                                                CONTINUED





                                                                    AB 1274
                                                                     Page  
          4

           7. States that it shall not apply to an electrical corporation,  
             a gas corporation, or a local publicly owned electric utility  
             or a business that secures the data as a result of a contract  
             with an electrical or gas corporation or a local publicly  
             owned electric utility, as specified.

           Background
           
          California gas and electric utility providers are developing and  
          implementing advanced metering infrastructure across the state.   
          The "smart meter" is the most recognizable component of this new  
          infrastructure.  Through a smart meter, a utility is able to  
          gather consumption data from a consumer in real time, allowing  
          it to offer new demand response and energy management programs  
          such as critical peak pricing, where utility rates fluctuate in  
          response to overall system demand.  With this new technology and  
          access to real-time energy usage data has come an increased  
          interest in using this data for marketing and other purposes.

          Responding to privacy concerns surrounding the use of utility  
          consumption data, the Legislature passed and Governor  
          Schwarzenegger signed SB 1476 (Padilla, Chapter 497, Statutes of  
          2010) which, among other things, prohibited a utility as defined  
          from sharing, disclosing, or otherwise making a consumer's  
          electrical or gas consumption data accessible to third parties,  
          except in specified instances.  The bill also required that, in  
          cases where a utility contracts with a third party for a service  
          that allows a customer to monitor his/her electricity or gas  
          usage and the third party uses that information for a secondary  
          commercial purpose, the contract between the utility and the  
          third party must prominently disclose that purpose to the  
          customer.  SB 1476 also permitted a utility to disclose a  
          customer's electrical or gas consumption data to a third party  
          for system, grid, or operational needs, or the implementation of  
          demand response, energy management, or energy efficiency  
          programs provided that the contract between the utility and that  
          third party prohibited the use of the data for a secondary  
          commercial purpose without the customer's consent.  The  
          following year, the Legislature passed and Governor  Brown  
          signed SB 674 (Padilla, Chapter 255, Statutes of 2011), which  
          amended the protections added by SB 1476 to make clear that a  
          customer's prior consent is required for the use and release of  
          the customer's data for a secondary purpose in both of the  
          instances described above.  However, neither SB 1476 nor SB 674  

                                                                CONTINUED





                                                                    AB 1274
                                                                     Page  
          5

          imposed restrictions on the use of a customer's utility  
          consumption data in situations when this data is acquired from a  
          source other than the utility provider or their third-party  
          contractors, or after this data has been transmitted to a third  
          party by the utility provider.

          The development of "smart grid" infrastructure in California has  
          enabled utility customers to receive detailed, real-time  
          information about their energy usage.  This new data about one's  
          utility consumption allows customers to better manage their  
          overall energy use and identify more precisely where energy is  
          being used in their home.  For some customers, a device called a  
          "home area network" (HAN) is built into their "smart meter"  
          which allows the metering infrastructure to interface with an  
          existing home computer network.  According to the Public  
          Utilities Commission (PUC), some of these HANs include  
          independent communications channels that can be controlled by  
          consumers, enabling the consumer to provide third-parties not  
          related or connected to the utility provider with access to  
          their utility consumption data through the Internet.

          With this new technology and access to real-time energy usage  
          data has come an increased interest in using this data for  
          marketing purposes.  The technology sector has revealed how  
          analysis of this data can, for instance, show that a consumer  
          owns a refrigerator that is an energy hog, giving this data a  
          high value in the marketplace.  However, the information gained  
          through analysis of utility consumption data is potentially much  
          more revealing.  

           FISCAL EFFECT  :    Appropriation:  No   Fiscal Com.:  No   Local:  
           No

           SUPPORT  :   (Verified  7/8/13)

          Division of Ratepayer Advocates
          Public Utilities Commission

           ARGUMENTS IN SUPPORT  :    The author writes:

            Existing law prohibits utilities from selling or sharing  
            customer data on gas and electricity use unless ordered by  
            federal or state authorities.


                                                                CONTINUED





                                                                    AB 1274
                                                                     Page  
          6

            This bill prohibits a 3rd party from sharing, disclosing, or  
            otherwise making a customer's electrical or gas consumption  
            data accessible to another entity except with the consent of  
            the customer; it prohibits selling a customer's electrical or  
            gas consumption data, and it prohibits providing an incentive  
            or discount to the customer for accessing the customer's  
            electrical or gas consumption data without the prior consent  
            of the customer.

            This bill provides remedies to the customer in the event that  
            they are damaged by the willful release of private  
            information.

            Third party providers are not utilities and do not fall within  
            the scope of the PUC's regulatory oversight therefore they are  
            not subject to current data privacy laws.  This bill addresses  
            that gap so that independent 3rd parties are required to  
            maintain privacy of customer data.

           ASSEMBLY FLOOR  :  75-0, 5/9/13
          AYES:  Achadjian, Alejo, Allen, Ammiano, Atkins, Bigelow, Bloom,  
            Blumenfield, Bocanegra, Bonilla, Bonta, Bradford, Brown,  
            Buchanan, Ian Calderon, Campos, Chau, Chávez, Chesbro, Conway,  
            Cooley, Dahle, Daly, Dickinson, Donnelly, Eggman, Fong, Fox,  
            Frazier, Beth Gaines, Garcia, Gatto, Gomez, Gordon, Gorell,  
            Gray, Hagman, Hall, Harkey, Roger Hernández, Jones,  
            Jones-Sawyer, Levine, Linder, Lowenthal, Maienschein, Mansoor,  
            Medina, Melendez, Mitchell, Morrell, Mullin, Muratsuchi,  
            Nazarian, Nestande, Olsen, Pan, Patterson, Perea, V. Manuel  
            Pérez, Quirk, Quirk-Silva, Rendon, Salas, Skinner, Stone,  
            Ting, Torres, Wagner, Weber, Wieckowski, Wilk, Williams,  
            Yamada, John A. Pérez
          NO VOTE RECORDED:  Grove, Holden, Logue, Waldron, Vacancy


          JG:k  7/8/13   Senate Floor Analyses 

                           SUPPORT/OPPOSITION:  SEE ABOVE

                                   ****  END  ****





                                                                CONTINUED





                                                                    AB 1274
                                                                     Page  
          7














































                                                                CONTINUED