BILL ANALYSIS                                                                                                                                                                                                    



                                                                  AB 1274
                                                                  Page  1

          CONCURRENCE IN SENATE AMENDMENTS
          AB 1274 (Bradford)
          As Amended July 8, 2013
          Majority vote 
           
           ----------------------------------------------------------------- 
          |ASSEMBLY:  |75-0 |(May 9, 2013)   |SENATE: |37-0 |(September 3,  |
          |           |     |                |        |     |2013)          |
           ----------------------------------------------------------------- 
            
           Original Committee Reference:    JUD.  

           SUMMARY  :  Prohibits a business, as defined, from sharing,  
          disclosing, selling, or otherwise making a customer's electrical  
          and gas consumption data accessible to a third party, except as  
          specified.  Specifically,  this bill  :  

          1)Prohibits a business from sharing, disclosing, or otherwise  
            making accessible to any third party a customer's electrical  
            or natural gas usage data without obtaining the express  
            consent of the customer and conspicuously disclosing to whom  
            the disclosure will be made and how the data will be used. 

          2)Requires a business and a nonaffiliated third party, pursuant  
            to a contract, to implement and maintain reasonable security  
            procedures and practices to protect the data from unauthorized  
            disclosure. 

          3)Prohibits a business from providing an incentive or discount  
            to the customer for accessing the data without the prior  
            consent of the customer. 

          4)Requires a business to take reasonable steps to dispose of  
            that customer data within its custody or control when the data  
            is no longer to be retained by the business, as specified. 

          5)Permits a customer who suffers damages as a result of a  
            violation of the provisions of this bill to bring civil action  
            for actual damages not to exceed $500 for each willful  
            violation of these provisions.

           The Senate amendments  :  

            1) Apply the prohibitions in this bill to any "business" or  
             third party that handles a customer's data, instead of  








                                                                  AB 1274
                                                                  Page  2

             restricting the prohibition to a customer's network service  
             provider or energy management provider. 

           2) Clarify language relating to the security procedures and  
             practices that a business must maintain and requires the  
             business to dispose of the customer data once the data is no  
             longer to be retained by the business. 

           3) Limit the amount of damages that a customer may recover to  
             actual damages not to exceed $500 per violation.




           
          EXISTING LAW  :

          1)Prohibits an electrical corporation or gas corporation, and a  
            local publicly-owned utility, from sharing, disclosing, or  
            otherwise making accessible to a third party a customer's  
            electric or gas usage that is made available as part of an  
            advanced metering system.  

          2)Requires a gas or electrical corporation, and a local  
            publicly-owned utility, to use reasonable security procedures  
            and practices to protect a consumer's unencrypted data from  
            unauthorized access, destruction, use, modification, or  
            disclosure.  

          3)Requires a business that owns or licenses personal information  
            about a California resident to implement and maintain  
            reasonable security procedures and practices to protect the  
            consumer information from unauthorized access.  

          4)Requires a business that discloses personal information about  
            a California resident pursuant to a contract with a  
            nonaffiliated third party to require by contract that the  
            third party implement and maintain reasonable security  
            measures to prevent unauthorized access to the personal  
            information.  

           FISCAL EFFECT  :  None

           COMMENTS  :  In the past, a "meter reader" came to our homes and  
          places of business and read our gas and electric meters in order  








                                                                  AB 1274
                                                                  Page  3

          to determine our usage and bill us accordingly.  But today  
          public utilities have the ability to send that information over  
          the Internet through so-called "smart meters."  These devices,  
          however, do more than just send data to the public utility in  
          real time; they also allow consumers to monitor their energy  
          consumption patterns and, one hopes, use it to figure out ways  
          to be more efficient.  Almost three years ago the Assembly  
          Judiciary Committee heard SB 1476 (Padilla), Chapter 497,  
          Statutes of 2010.  SB 1476 required an investor-owned utility  
          (IOU) or publicly owned utility (POU) using advanced metering  
          (smart meters) to protect consumers' energy usage data from an  
          unauthorized access or disclosure.  It generally prohibited the  
          utilities from sharing or otherwise disclosing a customer's  
          consumption data and patterns to third parties without the  
          customer's consent, and it required those utilities to use  
          reasonable security procedures, including encryption.  Existing  
          law also prohibits gas and electric utilities from selling a  
          customer's usage data or any personal information or otherwise  
          sharing that data without the customer's consent.  Existing law  
          also requires the utility to maintain reasonable security  
          measures to protect the customer's consumer data. 

          This bill would extend many of the same prohibitions that  
          currently apply to gas and electrical utilities to other third  
          party businesses, including, but not limited to, the customer's  
          Internet service provider, that handle a customer's usage data.   
          This bill would also allow a customer who suffers damages as a  
          result of a violation of the bill's provision to bring an action  
          not to exceed $500. 

          According to the author, as "technology becomes available to  
          provide services to Californian's that will allow them, in real  
          time, to manage their energy use it is important to ensure that  
          privacy safeguards are in place so that customers can be  
          confident that these new service providers will protect this  
          information and not misuse or sell it without consent.   
          Important legislation has been enacted to protect the security  
          of the energy grid . . .  This bill will ensure that 3rd party  
          providers of services that access customer utility data will  
          follow similar rules that electric and gas utilities are already  
          required to follow."

           
          Analysis Prepared by  :   Thomas Clark / JUD. / (916) 319-2334 









                                                                  AB 1274
                                                                  Page  4


          FN:  
          0001439