BILL ANALYSIS �Ó
AB 1274
Page 1
CONCURRENCE IN SENATE AMENDMENTS
AB 1274 (Bradford)
As Amended July 8, 2013
Majority vote
-----------------------------------------------------------------
|ASSEMBLY: |75-0 |(May 9, 2013) |SENATE: |37-0 |(September 3, |
| | | | | |2013) |
-----------------------------------------------------------------
Original Committee Reference: JUD.
SUMMARY : Prohibits a business, as defined, from sharing,
disclosing, selling, or otherwise making a customer's electrical
and gas consumption data accessible to a third party, except as
specified. Specifically, this bill :
1)Prohibits a business from sharing, disclosing, or otherwise
making accessible to any third party a customer's electrical
or natural gas usage data without obtaining the express
consent of the customer and conspicuously disclosing to whom
the disclosure will be made and how the data will be used.
2)Requires a business and a nonaffiliated third party, pursuant
to a contract, to implement and maintain reasonable security
procedures and practices to protect the data from unauthorized
disclosure.
3)Prohibits a business from providing an incentive or discount
to the customer for accessing the data without the prior
consent of the customer.
4)Requires a business to take reasonable steps to dispose of
that customer data within its custody or control when the data
is no longer to be retained by the business, as specified.
5)Permits a customer who suffers damages as a result of a
violation of the provisions of this bill to bring civil action
for actual damages not to exceed $500 for each willful
violation of these provisions.
The Senate amendments :
1) Apply the prohibitions in this bill to any "business" or
third party that handles a customer's data, instead of
�
AB 1274
Page 2
restricting the prohibition to a customer's network service
provider or energy management provider.
2) Clarify language relating to the security procedures and
practices that a business must maintain and requires the
business to dispose of the customer data once the data is no
longer to be retained by the business.
3) Limit the amount of damages that a customer may recover to
actual damages not to exceed $500 per violation.
EXISTING LAW :
1)Prohibits an electrical corporation or gas corporation, and a
local publicly-owned utility, from sharing, disclosing, or
otherwise making accessible to a third party a customer's
electric or gas usage that is made available as part of an
advanced metering system.
2)Requires a gas or electrical corporation, and a local
publicly-owned utility, to use reasonable security procedures
and practices to protect a consumer's unencrypted data from
unauthorized access, destruction, use, modification, or
disclosure.
3)Requires a business that owns or licenses personal information
about a California resident to implement and maintain
reasonable security procedures and practices to protect the
consumer information from unauthorized access.
4)Requires a business that discloses personal information about
a California resident pursuant to a contract with a
nonaffiliated third party to require by contract that the
third party implement and maintain reasonable security
measures to prevent unauthorized access to the personal
information.
FISCAL EFFECT : None
COMMENTS : In the past, a "meter reader" came to our homes and
places of business and read our gas and electric meters in order
�
AB 1274
Page 3
to determine our usage and bill us accordingly. But today
public utilities have the ability to send that information over
the Internet through so-called "smart meters." These devices,
however, do more than just send data to the public utility in
real time; they also allow consumers to monitor their energy
consumption patterns and, one hopes, use it to figure out ways
to be more efficient. Almost three years ago the Assembly
Judiciary Committee heard SB 1476 (Padilla), Chapter 497,
Statutes of 2010. SB 1476 required an investor-owned utility
(IOU) or publicly owned utility (POU) using advanced metering
(smart meters) to protect consumers' energy usage data from an
unauthorized access or disclosure. It generally prohibited the
utilities from sharing or otherwise disclosing a customer's
consumption data and patterns to third parties without the
customer's consent, and it required those utilities to use
reasonable security procedures, including encryption. Existing
law also prohibits gas and electric utilities from selling a
customer's usage data or any personal information or otherwise
sharing that data without the customer's consent. Existing law
also requires the utility to maintain reasonable security
measures to protect the customer's consumer data.
This bill would extend many of the same prohibitions that
currently apply to gas and electrical utilities to other third
party businesses, including, but not limited to, the customer's
Internet service provider, that handle a customer's usage data.
This bill would also allow a customer who suffers damages as a
result of a violation of the bill's provision to bring an action
not to exceed $500.
According to the author, as "technology becomes available to
provide services to Californian's that will allow them, in real
time, to manage their energy use it is important to ensure that
privacy safeguards are in place so that customers can be
confident that these new service providers will protect this
information and not misuse or sell it without consent.
Important legislation has been enacted to protect the security
of the energy grid . . . This bill will ensure that 3rd party
providers of services that access customer utility data will
follow similar rules that electric and gas utilities are already
required to follow."
Analysis Prepared by : Thomas Clark / JUD. / (916) 319-2334
�
AB 1274
Page 4
FN:
0001439