BILL NUMBER: SB 837 AMENDED
BILL TEXT
AMENDED IN SENATE MARCH 25, 2010
INTRODUCED BY Senator Florez
JANUARY 5, 2010
An act to relating to electricity. An act
to amend Section 1798.3 of the Civil Code, to amend Section 1985.3 of
the Code of Civil Procedure, to amend Section 1326.1 of the Penal
Code, and to add Sections 589, 779.3, 2750, and 8364 .5
to, to add the heading of Chapter 4.5 (commencing with Section 2750)
to Part 2 of Division 1 of, to add Chapter 10 (commencing with
Section 5600) to Division 2 of, and to repeal the heading of Chapter
4.5 (commencing with Section 2771) of Part 2 of Division 1 of, the
Public Utilities Code, relating to utility service.
LEGISLATIVE COUNSEL'S DIGEST
SB 837, as amended, Florez. Electricity: smart meters.
Utility service: disconnection: smart meters: privacy.
(1) Under existing law, the Public Utilities Commission (CPUC) has
regulatory authority over public utilities, including electrical
corporations and gas corporations, as defined. Existing law
authorizes the CPUC to fix the rates and charges for every public
utility, and requires that those rates and charges be just and
reasonable. Existing law requires certain notice be given before an
electrical, gas, heat, or water corporation may terminate residential
service for nonpayment of a delinquent account and prohibits
termination of service for nonpayment in certain circumstances.
This bill would require the CPUC to impose certain requirements on
electrical corporations and gas corporations, and take other
specified actions, with respect to reducing service disconnections.
The
(2) The federal Energy
Independence and Security Act of 2007 states that it is the policy of
the United States to maintain a reliable and secure electricity
structure that achieves certain objectives that characterize a
Smart Grid smart grid . Existing
federal law requires each state regulatory authority, with respect to
each electric utility for which it has ratemaking authority, and
each nonregulated electric utility, to consider certain standards and
to determine whether or not it is appropriate to implement those
standards to carry out the purposes of the Public Utility Regulatory
Policies Act. The existing standards include time-based metering and
communications, consideration of smart grid investments, and
providing purchases with smart grid information, as specified.
Existing law requires the CPUC, by July 1, 2010, and in
consultation with the State Energy Resources Conservation and
Development Commission, the Independent System Operator, and other
key stakeholders, to determine the requirements for a smart grid
deployment plan consistent with certain policies set forth in state
and federal law. Existing law requires that the smart grid improve
overall efficiency, reliability, and cost-effectiveness of electrical
system operations, planning, and maintenance. Existing law requires
each electrical corporation, by July1, 2011, to develop and submit a
smart grid deployment plan to the commission for approval.
This bill would require the CPUC to ensure that each smart grid
deployment plan include testing and technology standards, as
specified, and ensure that each metering technology works properly in
a field test in a real home setting.
(3) Existing law prescribes the circumstances under which
telephone and telegraph corporations may release information
regarding residential subscribers without their written consent.
Existing law relative to restructuring of the electrical industry
requires the commission to implement minimum standards relative to
maintaining the confidentiality of residential and small commercial
customer information by electric service providers.
This bill would provide that meter data collected by an electrical
corporation or gas corporation is the property of the customer,
regardless of whether the data is kept by the customer or retained
solely by the utility, and would require that individual customer
information, including energy usage, billing, and credit information,
remain confidential unless the customer expressly authorizes, in
writing, that the information may be released to a third party. The
bill would require each electrical corporation and gas corporation
that installs smart meters on customer residences to adopt and obtain
the CPUC's approval of a statement of privacy and security
principles for smart meter systems and a work plan to implement those
principles. The bill would require the commission to adopt rules to
ensure the safe transfer of electronic usage information and would
authorize the commission to adopt other rules that the commission
determines are necessary or useful to implement the bill's
requirements.
The bill would provide that energy usage data in the possession of
a third-party demand response service provider, as defined, is the
property of the electrical end-use customer regardless of whether
that data is kept by the customer or retained solely by the service
provider. The bill would prohibit individual electrical end-use
customer information, as defined, in the custody of a third-party
demand response service provider from being provided to any other
person or corporation by the service provider unless the customer
expressly authorizes, in writing, that the information may be
released to that person or corporation and that person or corporation
acknowledges, in writing, that the information is confidential and
may not be shared or utilized by any other person or corporation
without the express written consent of the customer. The bill would
require each 3rd-party demand response service provider to adopt a
statement of privacy and security principles for the data to which it
has access as a result of providing demand response services and a
work plan to implement those principles. The bill would authorize the
CPUC to adopt rules to ensure the privacy of individual electrical
end-use customer information and would authorize the CPUC to exercise
certain enforcement powers relative to these requirements and any
rules that it adopts.
(4) This bill would require each public utility, on or before
March 1, 2012, and each March 1 thereafter, to report to the Office
of Information Security and Privacy Protection, State and Consumer
Services Agency, certain information relative to requests for
customer's utility records pursuant to federal warrants, state
warrants, grand jury subpoenas, civil subpoenas, and administrative
subpoenas. The bill would require that the reports be made available
to the public via the Internet.
(5) The Information Practices Act of 1977 generally regulates the
maintenance and dissemination of personal information by state
agencies. The act defines personal information for this purpose to
mean any information that is maintained by an agency, as defined,
that identifies or describes an individual, including his or her
name, social security number, physical description, home address,
home telephone number, education, financial matters, and medical or
employment history.
This bill would expand the definition of personal information to
include any information that is maintained by an agency that
identifies or describes an individual, family, household, or
residence, and would add utility usage information to the types of
information included in the definition.
(6) Existing law relative to civil discovery requires that a
subpoena duces tecum for personal records pertaining to a consumer be
served upon the consumer along with a specified affidavit. Personal
records are defined for this purpose to include the records of a
telephone corporation. Consumer is defined for this purpose to mean
any individual, partnership of 5 or fewer persons, association, or
trust that has transacted business with, or has used the services of,
the witness or for whom the witness has acted as agent or fiduciary.
This bill would expand the definition of personal records to
include records of an electrical corporation, gas corporation,
publicly owned gas utility, or local publicly owned electric utility.
The bill would also expand the definition of consumer to include a
family, household, or residence.
(7) Existing law provides that a judge may order the production of
utility records, as defined, only if certain conditions are met.
Existing law does not preclude the holder of the utility records from
notifying a customer of the receipt of the order for production
unless a court orders otherwise.
This bill would instead require a holder of utility records to
notify a customer of the receipt of the order for production unless a
court orders otherwise.
(8) Under existing law, a violation of the Public Utilities Act or
any order, decision, rule, direction, demand, or requirement of the
commission is a crime.
Because certain of the bill's provisions would be within the act
and because the bill would require action by the commission to
implement certain of its requirements, a violation of these
provisions would impose a state-mandated local program by creating a
new crime.
The California Constitution requires the state to reimburse local
agencies and school districts for certain costs mandated by the
state. Statutory provisions establish procedures for making that
reimbursement.
This bill would provide that no reimbursement is required by this
act for a specified reason.
Under existing law, the Public Utilities Commission has regulatory
authority over public utilities, including electrical corporations,
as defined. Existing law authorizes the commission to establish rules
for all public utilities, subject to control by the Legislature.
This bill would state the intent of the Legislature to enact
legislation that requires the commission to ensure that electrical
corporations that are authorized to deploy Smart Grid technology,
including smart meters, are meeting their intended goals and have not
shifted unnecessary deployment costs onto consumers.
Vote: majority. Appropriation: no. Fiscal committee: no
yes . State-mandated local program: no
yes .
THE PEOPLE OF THE STATE OF CALIFORNIA DO ENACT AS FOLLOWS:
SECTION 1. (a) Information concerning a utility
customer's energy usage belongs to the customer and should be treated
as confidential by electrical corporations and gas corporations, and
the Legislature finds and declares that this right of privacy needs
further protection in light of the detailed information on household
energy usage that will be available to electrical corporations and
gas corporations after the statewide deployment of smart meter
technology. If electrical corporations begin to provide other
services over wholly owned medium, including broadband over powerline
service, privacy protections need to apply to these services.
(b) It is the intent of the Legislature that the protections added
by Section 2750 of the Public Utilities Code are in addition to
those protections afforded customers pursuant to Section 394.4 of the
Public Utilities Code.
(c) It is the further intent of the Legislature to enact
additional protections to preserve the confidentiality of household
energy usage information and prevent its access and use by third
parties that provide equipment or software associated with deployment
and operation of the smart grid. A customer has a reasonable
expectation of privacy with respect to their occupancy, movement,
habits, or any other activity in their home that otherwise would not
be visible from outside. Smart appliance systems for the home should
protect a customer's reasonable expectation of privacy in his or her
activities and preferences, and the customer's right to control the
use of data collected from in-home smart appliances, in-home sensors,
or smart meters, should be protected by limiting a utility's and
other business processor's use of the data, and limiting access and
use by government and private parties.
(d) The Legislature finds that granting the Public Utilities
Commission authority to adopt and enforce rules to ensure customer
privacy with respect to energy usage information collected as a
result of smart meter systems, and to adopt requirements for network
security, are cognate and germane to the commission's regulation of
electrical corporations and gas corporations.
(e) Detailed and real-time consumption data held by, or accessible
to, electrical corporations, gas corporations, or third parties
should be available to law enforcement only with a warrant or in
those circumstances when a warrant is unnecessary to conduct a search
of a residence.
SEC. 2. Section 1798.3 of the Civil Code
is amended to read:
1798.3. As used in this chapter:
(a) The term "personal information" means any information that is
maintained by an agency that identifies or describes an individual,
family, household, or residence including, but not limited
to, his or her name, social security number, physical description,
home address, home telephone number, education, financial matters,
utility usage, and medical or employment history. It
includes statements made by, or attributed to, the individual.
(b) The term "agency" means every state office, officer,
department, division, bureau, board, commission, or other state
agency, except that the term agency shall not include:
(1) The California Legislature.
(2) Any agency established under Article VI of the California
Constitution.
(3) The State Compensation Insurance Fund, except as to any
records which contain personal information about the employees of the
State Compensation Insurance Fund.
(4) A local agency, as defined in subdivision (a) of Section 6252
of the Government Code.
(c) The term "disclose" means to disclose, release, transfer,
disseminate, or otherwise communicate all or any part of any record
orally, in writing, or by electronic or any other means to any person
or entity.
(d) The term "individual" means a natural person.
(e) The term "maintain" includes maintain, acquire, use, or
disclose.
(f) The term "person" means any natural person, corporation,
partnership, limited liability company, firm, or association.
(g) The term "record" means any file or grouping of information
about an individual that is maintained by an agency by reference to
an identifying particular such as the individual's name, photograph,
finger or voice print, or a number or symbol assigned to the
individual.
(h) The term "system of records" means one or more records, which
pertain to one or more individuals, which is maintained by any
agency, from which information is retrieved by the name of an
individual or by some identifying number, symbol or other identifying
particular assigned to the individual.
(i) The term "governmental entity," except as used in Section
1798.26, means any branch of the federal government or of the local
government.
(j) The term "commercial purpose" means any purpose which has
financial gain as a major objective. It does not include the
gathering or dissemination of newsworthy facts by a publisher or
broadcaster.
(k) The term "regulatory agency" means the Department of Financial
Institutions, the Department of Corporations, the Department of
Insurance, the Department of Real Estate, and agencies of the United
States or of any other state responsible for regulating financial
institutions.
SEC. 3. Section 1985.3 of the Code of
Civil Procedure is amended to read:
1985.3. (a) For purposes of this section, the following
definitions apply:
(1) "Personal records" means the original, any copy of books,
documents, other writings, or electronic data pertaining to a
consumer and which are maintained by any "witness" which
that is a physician, dentist, ophthalmologist,
optometrist, chiropractor, physical therapist, acupuncturist,
podiatrist, veterinarian, veterinary hospital, veterinary clinic,
pharmacist, pharmacy, hospital, medical center, clinic, radiology or
MRI center, clinical or diagnostic laboratory, state or national
bank, state or federal association (as defined in Section 5102 of the
Financial Code), state or federal credit union, trust company,
anyone authorized by this state to make or arrange loans that are
secured by real property, security brokerage firm, insurance company,
title insurance company, underwritten title company, escrow agent
licensed pursuant to Division 6 (commencing with Section 17000) of
the Financial Code or exempt from licensure pursuant to Section 17006
of the Financial Code, attorney, accountant, institution of the Farm
Credit System, as specified in Section 2002 of Title 12 of the
United States Code, an electrical corporation, gas corporation,
or telephone corporation which that
is a public utility, as defined in Section 216 of the Public
Utilities Code, or a publicly owned gas utility, or a local
publicly owned electric utility, as defined in Section 224.3 of the
Public Utilities Code, or psychotherapist, as defined in
Section 1010 of the Evidence Code, or a private or public preschool,
elementary school, secondary school, or postsecondary school as
described in Section 76244 of the Education Code.
(2) "Consumer" means any individual, family, household,
residence, partnership of five or fewer persons, association,
or trust which has transacted business with, or has used the services
of, the witness or for whom the witness has acted as agent or
fiduciary.
(3) "Subpoenaing party" means the person or persons causing a
subpoena duces tecum to be issued or served in connection with any
civil action or proceeding pursuant to this code, but shall not
include the state or local agencies described in Section 7465 of the
Government Code, or any entity provided for under Article VI of the
California Constitution in any proceeding maintained before an
adjudicative body of that entity pursuant to Chapter 4 (commencing
with Section 6000) of Division 3 of the Business and Professions
Code.
(4) "Deposition officer" means a person who meets the
qualifications specified in Section 2020.420.
(b) Prior to the date called for in the subpoena duces tecum for
the production of personal records, the subpoenaing party shall serve
or cause to be served on the consumer whose records are being sought
a copy of the subpoena duces tecum, of the affidavit supporting the
issuance of the subpoena, if any, and of the notice described in
subdivision (e), and proof of service as indicated in paragraph (1)
of subdivision (c). This service shall be made as follows:
(1) To the consumer personally, or at his or her last known
address, or in accordance with Chapter 5 (commencing with Section
1010) of Title 14 of Part 3, or, if he or she is a party, to his or
her attorney of record. If the consumer is a minor, service shall be
made on the minor's parent, guardian, conservator, or similar
fiduciary, or if one of them cannot be located with reasonable
diligence, then service shall be made on any person having the care
or control of the minor or with whom the minor resides or by whom the
minor is employed, and on the minor if the minor is at least 12
years of age.
(2) Not less than 10 days prior to the date for production
specified in the subpoena duces tecum, plus the additional time
provided by Section 1013 if service is by mail.
(3) At least five days prior to service upon the custodian of the
records, plus the additional time provided by Section 1013 if service
is by mail.
(c) Prior to the production of the records, the subpoenaing party
shall do either of the following:
(1) Serve or cause to be served upon the witness a proof of
personal service or of service by mail attesting to compliance with
subdivision (b).
(2) Furnish the witness a written authorization to release the
records signed by the consumer or by his or her attorney of record.
The witness may presume that any attorney purporting to sign the
authorization on behalf of the consumer acted with the consent of the
consumer, and that any objection to release of records is waived.
(d) A subpoena duces tecum for the production of personal records
shall be served in sufficient time to allow the witness a reasonable
time, as provided in Section 2020.410, to locate and produce the
records or copies thereof.
(e) Every copy of the subpoena duces tecum and affidavit, if any,
served on a consumer or his or her attorney in accordance with
subdivision (b) shall be accompanied by a notice, in a typeface
designed to call attention to the notice, indicating that (1) records
about the consumer are being sought from the witness named on the
subpoena; (2) if the consumer objects to the witness furnishing the
records to the party seeking the records, the consumer must file
papers with the court or serve a written objection as provided in
subdivision (g) prior to the date specified for production on the
subpoena; and (3) if the party who is seeking the records will not
agree in writing to cancel or limit the subpoena, an attorney should
be consulted about the consumer's interest in protecting his or her
rights of privacy. If a notice of taking of deposition is also
served, that other notice may be set forth in a single document with
the notice required by this subdivision.
(f) A subpoena duces tecum for personal records maintained by a
telephone corporation which is a public utility, as defined in
Section 216 of the Public Utilities Code, shall not be valid or
effective unless it includes a consent to release, signed by the
consumer whose records are requested, as required by Section 2891 of
the Public Utilities Code.
(g) Any consumer whose personal records are sought by a subpoena
duces tecum and who is a party to the civil action in which this
subpoena duces tecum is served may, prior to the date for production,
bring a motion under Section 1987.1 to quash or modify the subpoena
duces tecum. Notice of the bringing of that motion shall be given to
the witness and deposition officer at least five days prior to
production. The failure to provide notice to the deposition officer
shall not invalidate the motion to quash or modify the subpoena duces
tecum but may be raised by the deposition officer as an affirmative
defense in any action for liability for improper release of records.
Any other consumer or nonparty whose personal records are sought
by a subpoena duces tecum may, prior to the date of production, serve
on the subpoenaing party, the witness, and the deposition officer, a
written objection that cites the specific grounds on which
production of the personal records should be prohibited.
No
A witness or deposition officer shall not be
required to produce personal records after receipt of notice that
the motion has been brought by a consumer, or after receipt of a
written objection from a nonparty consumer, except upon order of the
court in which the action is pending or by agreement of the parties,
witnesses, and consumers affected.
The party requesting a consumer's personal records may bring a
motion under Section 1987.1 to enforce the subpoena within 20 days of
service of the written objection. The motion shall be accompanied by
a declaration showing a reasonable and good faith attempt at
informal resolution of the dispute between the party requesting the
personal records and the consumer or the consumer's attorney.
(h) Upon good cause shown and provided that the rights of
witnesses and consumers are preserved, a subpoenaing party shall be
entitled to obtain an order shortening the time for service of a
subpoena duces tecum or waiving the requirements of subdivision (b)
where due diligence by the subpoenaing party has been shown.
(i) Nothing contained in this This
section shall not be construed to apply to any
subpoena duces tecum which that does
not request the records of any particular consumer or consumers and
which that requires a custodian of
records to delete all information which that
would in any way identify any consumer whose records are to be
produced.
(j) This section shall not apply to proceedings conducted under
Division 1 (commencing with Section 50), Division 4 (commencing with
Section 3200), Division 4.5 (commencing with Section 6100), or
Division 4.7 (commencing with Section 6200), of the Labor Code.
(k) Failure to comply with this section shall be sufficient basis
for the witness to refuse to produce the personal records sought by a
subpoena duces tecum.
(l) If the subpoenaing party is the consumer, and the consumer is
the only subject of the subpoenaed records, notice to the consumer,
and delivery of the other documents specified in subdivision (b) to
the consumer, is not required under this section.
SEC. 4. Section 1326.1 of the Penal
Code is amended to read:
1326.1. (a) An order for the production of utility records in
whatever form and however stored shall be issued by a judge only upon
a written ex parte application by a peace officer showing specific
and articulable facts that there are reasonable grounds to believe
that the records or information sought are relevant and material to
an ongoing investigation of a felony violation of Section 186.10 or
of any felony subject to the enhancement set forth in Section 186.11.
The ex parte application shall specify with particularity the
records to be produced, which shall be only those of the individual
or individuals who are the subject of the criminal investigation. The
ex parte application and any subsequent judicial order shall be open
to the public as a judicial record unless ordered sealed by the
court, for a period of 60 days. The sealing of these records may be
extended for 60-day periods upon a showing to the court that it is
necessary for the continuance of the investigation. Sixty-day
extensions may continue for up to one year or until termination of
the investigation of the individual or individuals, whichever is
sooner. The records ordered to be produced shall be returned to the
peace officer applicant or his or her designee within a reasonable
time period after service of the order upon the holder of the utility
records.
(b) As used in subdivision (a), "utility records" include, but are
not limited to, subscriber information, telephone or pager number
information, toll call records, call detail records, automated
message accounting records, billing statements, payment records, and
applications for service in the custody of companies engaged in the
business of providing telephone, pager, electric, gas, propane,
water, or other like services. "Utility records" do not include the
installation of, or the data collected from the installation of pen
registers or trap-tracers, nor the contents of a wire or electronic
communication.
(c) Nothing in this section shall preclude the
The holder of the utility records from notifying
shall notify a customer of the receipt of the
order for production of records unless a court orders the holder of
the utility records to withhold notification to the customer upon a
finding that this notice would impede the investigation. Where a
court has made an order to withhold notification to the customer
under this subdivision, the order shall include a statement of
the facts as to why providing notice would impede the investigation
and the peace officer or law enforcement agency who obtained
the utility records shall notify the customer by delivering a copy of
the ex parte order to the customer within 10 days of the termination
of the investigation.
(d) No A holder of utility records,
or any an officer, employee, or agent
thereof, shall not be liable to any person for (A)
disclosing information in response to an order pursuant to this
section, or (B) complying with an order under this section not to
disclose to the customer, the order or the dissemination of
information pursuant to the order.
(e) Nothing in this This section
shall not preclude the holder of the utility records from
voluntarily disclosing information or providing records to law
enforcement upon request.
(f) Utility records released pursuant to this section shall be
used only for the purpose of criminal investigations and
prosecutions.
SEC. 5. Section 589 is added to the
Public Utilities Code , to read:
589. (a) On or before March 1, 2012, and each March 1 thereafter,
each public utility shall report all of the following to the Office
of Information Security and Privacy Protection, State and Consumer
Services Agency:
(1) The number of federal warrants, state warrants, grand jury
subpoenas, civil subpoenas, and administrative subpoenas received by
the utility during the prior calendar year for information pertaining
to a California consumer of the utility's services.
(2) The number and types of actions taken by the utility in
response to each category of information request listed in paragraph
(1).
(3) The number of customers whose utility records were produced in
response to each category of information request listed in paragraph
(1).
(4) The type of information disclosed about the utility's
customers in response to each category of information request listed
in paragraph (1).
(5) The total amount of money received by the utility to respond
to each category of information request in paragraph (1).
(b) Information need not be disclosed pursuant to subdivision (a)
where prohibited by some other law. If the utility does not disclose
information pursuant to this subdivision, it shall include a
statement in the report as to the basis for the withholding of that
information.
(c) On or before June 1, 2012, and each June 1 thereafter, each
public utility shall make the report prepared pursuant to subdivision
(a) available on the utility's Internet Web site and shall provide
an electronic version of the report to the Office of Information
Security and Privacy Protection, State and Consumer Services Agency.
(d) On or before July 1, 2012, and each July 1 thereafter, the
Office of Information Security and Privacy Protection, State and
Consumer Services Agency shall make a copy of each utility report
furnished to the office pursuant to this section available on the
office's Internet Web site in a manner that will allow the public to
conduct online searches for information contained in the reports.
SEC. 6. Section 779.3 is added to the
Public Utilities Code , to read:
779.3. (a) The Legislature finds and declares all of the
following:
(1) The Division of Ratepayer Advocates is an independent
organization within the Public Utilities Commission that represents
consumers' interests on utility matters, with the statutory mission
to obtain the lowest possible rates for utility services consistent
with safe and reliable service levels.
(2) In November 2009, the division released its report entitled
"Status of Energy Utility Service Disconnections in California,"
which evaluated energy utility disconnection data comparing the 12
months of September 2008 through August 2009, to prior years, back to
January 2006, and compared California trends to national trends.
(3) That data evaluated by the division showed the following:
(A) Disconnections of low-income customers during the period
September 2008 through August 2009 were 19 percent higher than the
past year, with the largest increase for Pacific Gas and Electric
Company's customers.
(B) Disconnections of non-low-income customers have decreased,
except in Pacific Gas and Electric Company's service territory.
(C) While low-income customers have traditionally suffered more
disconnections than non-low-income customers, the recent disparity is
the worst in three years.
(D) A large number of customers, particularly low-income
customers, go through the disconnect-reconnect cycle.
(E) Energy utility workforce constraints have limited
disconnections to a fraction of those customers failing to pay after
receiving final disconnect notices, but the remote disconnection
functionality of smart meters will lift this constraint.
(4) Increasing service disconnections during the current economic
downturn exacerbate the hardship that likely led to the service
disconnection in the first place, and since most disconnected
customers, within hours or days of disconnection, pay their utility
bills in order to be reconnected, the division questions whether
those disconnections are preventable.
(5) It is the intent of the Legislature to enact legislation
implementing the recommendations of the Division of Ratepayer
Advocates to reduce those disconnections that are preventable along
with additional protective measures.
(b) The commission shall require electrical corporations and gas
corporations to implement specific strategies that compel customer
payment prior to, rather than after service disconnection, with the
goal of eliminating all avoidable disconnections. In implementing
this requirement, the commission shall consider requiring electrical
and gas corporations to do all of the following:
(1) Offer autopay to all customers, and provide incentives for
signing up for autopay or for fulfilling commitments to payment
plans.
(2) Offer customers the ability to receive disconnect notices via
a preferred method that is most likely to get their attention,
including telephone calls, emails, text messaging, a home electricity
monitoring device or other network device, and third-party
notification.
(3) Provide additional messages in late payment and disconnect
notices that constructively alert customers of the options the
utilities may offer and provide the list of costs, both direct and
indirect, the customers may face when service is disconnected.
(4) Engage in proactive offers regarding the variety of assistance
programs before disconnection takes place.
(5) Increase in-person contacts before disconnection.
(6) Create an arrearage management program.
(7) Give priority installation of programmable communicating
thermostats to customers who are at risk for disconnection so that
they can better manage their usage and load.
(c) The commission shall require electrical corporations and gas
corporations to reduce the disconnection rates for low-income
customers, including customers participating in the California
Alternate Rates for Energy program, so that they are in line with the
disconnection rates of those customers that are not low-income
customers.
(d) The commission shall ensure that electric and gas service
disconnections remain at, or below, historical levels regardless of
whether remote disconnections utilizing Advanced Metering
Infrastructure technology, known as AMI or smart meters, are
implemented. In implementing this requirement, the commission shall
consider requiring electrical corporations and gas corporations to do
all of the following:
(1) Benchmark disconnection rates in order to facilitate the
program.
(2) Randomly survey customers eligible for disconnection during
customer interactions to identify the most effective means of helping
them avoid future disconnections.
(3) Share best practices on an ongoing basis.
(4) Maintain the personal contact associated with in-person
disconnections for a transition period until all of the following
occur:
(A) Any initial problems with smart meters are addressed.
(B)
Status reports are filed with the commission that identify smart
meter remote disconnection issues and present solutions used to
mitigate these issues.
(C) Ratepayers have been informed about new disconnection
processes.
(D) Alternatives that can be deployed to the in-person service
associated with disconnections are created, including disconnection
hotlines with live agents available to respond to customer problems
associated with disconnections, and increasing the number of local
payment centers.
(e) The commission shall require safeguards to protect against
negative health and public safety consequences of remote
disconnections of electric and gas service once smart meters are
installed. In implementing this requirement, the commission shall
consider requiring electrical corporations and gas corporations to do
both of the following:
(1) Add a process that enables consumers to obtain temporary
service reinstatements for 10 days once they initiate an
investigation or request for repayment assistance, to be available
only once a year to avoid abuse.
(2) Provide additional notice regarding the procedure for service
reinstatement, including notice regarding temporary reinstatement.
SEC. 7. Section 2750 is added to the
Public Utilities Code , to read:
2750. (a) For purposes of this section, an authorization,
acknowledgement, or consent is written or in writing if made by an
"electronic record" that includes a "digital signature," as those
terms are defined in Section 1633 of the Civil Code.
(b) The meter data collected by an electrical corporation or gas
corporation is the property of the customer, regardless of whether
the data is kept by the customer or retained solely by the utility.
(c) Individual customer information shall remain confidential. For
purposes of this section, "individual customer information" includes
both of the following:
(1) Energy usage information about an individual, family,
household, or residence.
(2) Billing and credit information about an individual, family,
household, or residence.
(d) (1) Individual customer information in the custody of an
electrical corporation or gas corporation shall not be provided to a
third party unless the customer expressly authorizes, in writing, the
release of that information to that third party and the third party
acknowledges, in writing, that the information is confidential and
shall not be shared or utilized by any other person, corporation, or
other entity without the express written consent of the customer.
(2) A customer may authorize the release of historical information
by the utility, but the customer or the third party shall pay any
reasonable administrative cost incurred by the utility in complying
with the release.
(3) A written authorization by a customer for the release of
confidential information shall automatically terminate after the
passage of three years from the date of the written authorization and
any renewal shall be in writing.
(e) (1) Each electrical corporation and gas corporation
implementing smart meter technology, by July 1, 2011, or within six
months of the installation of smart meters on customer residences,
shall adopt a statement of privacy and security principles for smart
meter systems. Each electrical corporation and gas corporation
implementing smart meter technology shall file the statement of
principles with the commission. The commission shall approve, or
modify and approve, the statement of principles. The statement of
principles shall include the following elements:
(A) A customer has a right to transparency in information
gathering and use. The utility shall provide customers with
meaningful, clear, and full notice regarding the collection, use,
dissemination, and maintenance of individual customer information
gathered as a result of the smart meter system.
(B) A customer has a right to participate in what and how
information about the customer is collected and used. The utility
shall employ a process when using individual customer information
gathered as a result of the smart meter system that, to the extent
practicable, seeks the customer's consent for the collection, use,
dissemination, and maintenance of the information. The utility shall
provide mechanisms for customers to access, correct, and seek redress
regarding their individual customer information gathered as a result
of the smart meter system.
(C) A customer has a right to know each reason information is
being gathered. The utility shall articulate and communicate with
specificity to the customer each purpose for which individual
customer information is being gathered through use of the smart meter
system.
(D) Maintenance of information shall be minimized. The utility
shall collect or retain only that individual customer information
that is directly relevant and necessary to accomplish a specified
purpose. Individual customer information shall only be retained for
as long as necessary to fulfill the specified purpose.
(E) Information shall be used only for the purposes for which it
was gathered. Individual customer information shall be used solely
for the purposes for which it was collected and may be shared only
for purposes that are compatible with the purposes for which it was
gathered.
(F) The utility shall maintain the quality and integrity of
information. The utility, to the extent practicable, shall ensure
that all individual customer information is accurate, relevant,
timely, and complete. The utility shall provide a mechanism for
customers to easily and confidentially access and view their
information and a means to report errors. The utility shall correct
erroneous information that is challenged by the consumer.
(G) The utility shall maintain the security of the information
gathering system. The utility shall protect individual customer
information through appropriate security safeguards against risks of
loss, unauthorized access or use, destruction, modification, or
unintended or inappropriate disclosure, and the smart grid technology
employed by the utility shall be capable of implementing these
security safeguards.
(H) The utility shall undertake reasonable auditing to verify
compliance with the utility's statement of principles. The utility
shall be responsible for ensuring compliance with its statement of
privacy and security principles for smart meter systems and, to that
end, shall undertake appropriate training of its employees and
contractors and audit the individual customer information being
gathered and maintained and the dissemination of that information.
(2) No later than six months following the commission's approval
of the statement of privacy and security principles for smart meter
systems, the electrical corporation or gas corporation shall adopt a
work plan for implementation of the statement of principles. The
electrical corporation or gas corporation shall file the work plan
with the commission. The commission shall approve, or modify and
approve, the work plan. Information in the work plan that might be
detrimental to the security of the smart meter system shall be filed
in a manner that preserves the confidentiality of the information.
(3) Upon approval of the statement of privacy and security
principles for smart meter systems and the work plan, the utility
shall make the statement of principles and the work plan available on
the utility's Internet Web site. Information that might be
detrimental to the security of the smart meter system shall be
omitted from the information made available on the Internet Web site.
The utility's Internet Web site shall provide a mechanism for
customers to make inquiries about, or comment upon, the statement of
principles and work plan.
(4) An electrical corporation or gas corporation shall ensure that
any person, other than the customer, or corporation that is
permitted to have access to the smart grid system, including a
contractor, equipment supplier, or software supplier of the utility,
is aware of the utility's statement of privacy and security
principles for smart meter systems and the work plan, and agrees to
follow the requirements of the work plan and act in a manner that is
compatible with the statement of principles.
(5) An electrical corporation or gas corporation shall promptly
notify the commission of any violation of the work plan by any
employee of the utility or any person or corporation that is
permitted to have access to the smart grid system.
(6) The commission may exercise its authority pursuant to Sections
2111 and 2113 to enforce the requirements of the work plan with
respect to any person or corporation that is not an electrical
corporation or gas corporation.
(f) The commission shall adopt rules to ensure the safe transfer
of electronic usage information and may adopt other rules that the
commission determines are necessary or useful to implement the
requirements of this section. The commission shall approve a
reasonable charge that may be collected by an electrical corporation
or gas corporation for providing historical information pursuant to
paragraph (2) of subdivision (c).
(g) This section does not limit the ability of a customer to
directly and voluntarily provide confidential information to a third
party. An electrical corporation or gas corporation shall provide a
customer, the customer's electric service provider, the customer's
third-party demand response service provider, or other third-party
entity authorized by the customer to have read-only access to the
customers' smart meter data, including meter data used to calculate
charges for electric service, historical load data, and any other
proprietary customer information. The access shall be convenient and
secure, and the data shall be made available no later than the next
day of service. An authorization shall be made in writing.
(h) (1) This section does not limit the authority of the
commission, subject to Section 583, or the Energy Commission, to
require an electrical corporation or gas corporation to provide, for
authorized purposes, composite statistical information derived from
individual customer information that does not disclose individual
customer data.
(2) The commission may approve the sharing of information with a
third-party demand response service provider pursuant to subdivision
(f) of Section 5601.
(3) The commission may authorize the sharing of information with
academic or other researchers retained to evaluate system
reliability, vulnerability, security, or other authorized research
topics, provided that the results of the research publicly disclose
only composite statistical information derived from individual
customer information that does not disclose individual customer data.
The commission may condition the sharing of information by an
electrical corporation or gas corporation upon the removal of
individual identifying information and characteristics. The
commission shall ensure that academic or other researchers have
obtained approval from their institutional review board to use the
requested data. The commission shall require each electrical
corporation and gas corporation to adopt a mechanism for academic or
other researchers to confidentially report suspected system
vulnerabilities that they have found in their research and testing.
The commission shall require each electrical corporation and gas
corporation to adopt a mechanism for members of the public to
anonymously report system vulnerabilities.
(i) The commission may exercise its enforcement authority pursuant
to Chapter 11 (commencing with section 2100) of Part 1 with respect
to an electrical corporation or gas corporation to enforce the
requirements of this section.
SEC. 8. The heading of Chapter 4.5 (commencing
with Section 2750) is added to Part 2 of Division 1 of the
Public Utilities Code , to read:
CHAPTER 4.5. ELECTRICAL AND GAS CORPORATIONS
SEC. 9. The heading of Chapter 4.5 (commencing
with Section 2771) of Part 2 of Division 1 of the Public
Utilities Code is repealed.
CHAPTER 4.5. ELECTRICAL AND GAS CORPORATIONS
SEC. 10. Chapter 10 (commencing with Section 5600)
is added to Division 2 of the Public Utilities Code
, to read:
CHAPTER 10. THIRD-PARTY DEMAND RESPONSE SERVICE PROVIDERS
5600. (a) For purposes of this chapter, "third-party demand
response service provider" means a person or corporation that is not
an electrical corporation who collects customer energy usage data and
provides equipment, software, or services that enable end-use
electrical customers to reduce their electricity usage in a given
time period, or shift that usage to another time period, in response
to a price signal, a financial incentive, an environmental condition,
or a reliability signal.
(b) For purposes of this chapter, an authorization,
acknowledgement, or consent is written or in writing if made by an
"electronic record" that includes a "digital signature" as those
terms are defined in Section 1633 of the Civil Code.
5601. (a) Energy usage data is the property of the electrical
end-use customer, regardless of whether the data is kept by the
customer or retained solely by a third-party demand response service
provider.
(b) Individual electrical end-use customer information shall
remain confidential. For purposes of this section, "individual
electrical end-use customer information" includes both of the
following:
(1) Electrical usage information about an individual, family,
household, or residence.
(2) Billing and credit information about an individual, family,
household, or residence.
(c) (1) Individual electrical end-use customer information in the
custody of a third-party demand response service provider shall not
be provided to any other person or corporation by a third-party
demand response service provider unless the customer expressly
authorizes, in writing, the release of that information to that
person or corporation and that person or corporation acknowledges, in
writing, that the information is confidential and shall not be
shared or utilized by any other person or corporation without the
express written consent of the customer.
(2) A written authorization by an electrical end-use customer for
the release of confidential information shall automatically terminate
three years from the date of the written authorization, and any
renewal shall be in writing.
(d) (1) Each third-party demand response service provider, within
six months of commencing providing demand response service on
customer residences, shall adopt a statement of privacy and security
principles for smart meter systems. The statement of principles shall
include the following elements:
(A) A customer has a right to transparency in information
gathering and use. The third-party demand response service provider
shall provide customers with meaningful, clear, and full notice
regarding the collection, use, dissemination, and maintenance of
individual customer information gathered as a result of the demand
response services.
(B) A customer has a right to participate in what and how
information about the customer is collected and used. The third-party
demand response service provider shall employ a process when using
individual customer information gathered as a result of providing
demand response services that, to the extent practicable, seeks the
customer's consent for the collection, use, dissemination, and
maintenance of the information. The third-party demand response
service provider shall provide mechanisms for customers to access,
correct, and seek redress regarding their individual customer
information gathered as a result of providing demand response
services.
(C) A customer has a right to know the reason information is being
gathered. The third-party demand response service provider shall
articulate and communicate to the customer the purposes for which
individual customer information is being gathered as a result of
providing demand response services.
(D) Maintenance of information shall be minimized. The third-party
demand response service provider shall collect or retain only that
individual customer information that is directly relevant and
necessary to accomplish a specified purpose. Individual customer
information shall only be retained for as long as necessary to
fulfill the specified purpose.
(E) Information shall be used only for the purposes for which it
was gathered. Individual customer information shall be used solely
for the purposes for which it was collected and may be shared only
for purposes that are compatible with the purposes for which it was
gathered.
(F) The third-party demand response service provider shall
maintain the quality and integrity of information. The third-party
demand response service provider, to the extent practicable, shall
ensure that all individual customer information is accurate,
relevant, timely, and complete. The third-party demand response
service provider shall correct erroneous information that is
challenged by the consumer.
(G) The third-party demand response service provider shall
maintain the security of the information gathering system. The
third-party demand response service provider shall protect individual
customer information through appropriate security safeguards against
risks of loss, unauthorized access or use, destruction,
modification, or unintended or inappropriate disclosure, and the
demand response technology employed by the third-party demand
response service provider shall be capable of implementing these
security safeguards.
(H) (1) The third-party demand response service provider shall
undertake reasonable auditing to verify compliance with the
third-party demand response service provider's statement of
principles. The third-party demand response service provider shall be
responsible for ensuring compliance with its statement of privacy
and security principles for the demand response technologies utilized
by the third-party demand response service provider and, to that
end, shall undertake appropriate training of its employees and
contractors and audit the individual customer information being
gathered and maintained and the dissemination of that information.
(2) No later than six months following the adoption of the
statement of privacy and security principles for a third-party demand
response service provider, the third-party demand response service
provider shall adopt a work plan for implementation of the statement
of principles. Information in the work plan that might be detrimental
to the security of the demand response technology utilized by the
third-party demand response service provider shall be handled in a
manner that preserves the confidentiality of the information.
(3) Upon adoption of the statement of privacy, security
principles, and the work plan, the third-party demand response
service provider shall make the statement of principles and the work
plan available on the third-party demand response service provider's
Internet Web site or supply it to customers in writing or as an
electronic record, as defined in Section 1633 of the Civil Code.
Information that might be detrimental to the security of the demand
response technology utilized by the third-party demand response
service provider shall be omitted from the information made available
on the Internet Web site or directly supplied to customers. The
third-party demand response service provider shall provide a
mechanism for customers to make inquiries about, or comment upon, the
statement of principles and work plan.
(4) A third-party demand response service provider shall ensure
that any person, other than the customer, or corporation that is
permitted to have access to the demand response technology utilized
by the third-party demand response service provider, including a
contractor, equipment supplier, or software supplier of the
third-party demand response service provider, is aware of the
third-party demand response service provider's statement of privacy,
security principles, and the work plan, and agrees to follow the
requirements of the work plan and act in a manner that is compatible
with the statement of principles.
(5) A third-party demand response service provider shall promptly
investigate and take corrective action to prevent any violation of
the work plan by any employee of the third-party demand response
service provider or any person or corporation that is permitted to
have access to the demand response technology utilized by the
third-party demand response service provider.
(e) The commission may adopt rules to ensure the privacy of
electrical end-use customer information and may adopt other rules
that the commission determines are necessary or useful to implement
the requirements of this chapter.
(f) This section does not limit the ability of the electrical
end-use customer to directly and voluntarily provide confidential
information to any person or corporation.
(g) This section does not limit the authority of the commission to
adopt rules authorizing the sharing of information between a
third-party demand response service provider and an electrical
corporation when this sharing is in the interest of the electrical
end-use customer, provided the requirements of this section are
applicable to any information provided to the third-party demand
response service provider and the requirements of Section 2750 are
applicable to any information provided to the electrical corporation.
5602. The commission may exercise its authority pursuant to
Sections 2111 and 2113 to enforce the requirements of this chapter or
any rule adopted by the commission.
SEC. 11. Section 8364.5 is added to the
Public Utilities Code , to read:
8364.5. (a) The commission shall ensure that each smart grid
deployment plan includes testing and technology standards.
(b) Testing standards shall include all of the following:
(1) A requirement that the smart metering technology have a
comprehensive security audit. The security auditing plan and the
results of the security audit shall be made publicly available upon
approval by the commission.
(2) A requirement that the manufacturer disclose whether it
created a cryptographic protocol for data encryption and specify the
protocol used.
(3) A requirement that the manufacturer submit security audit
results as part of a direct access meter project self-certification
program.
(c) Technology standards shall do both of the following:
(1) Ensure that the particular smart metering technology is
compatible with other smart technologies.
(2) Ensure that the particular smart metering technology is
compatible with the electrical corporation's data collection and
billing system.
(d) The commission shall ensure that each metering technology
works properly in a field test in a real home setting.
SEC. 12. No reimbursement is required by this act
pursuant to Section 6 of Article XIII B of the California
Constitution because the only costs that may be incurred by a local
agency or school district will be incurred because this act creates a
new crime or infraction, eliminates a crime or infraction, or
changes the penalty for a crime or infraction, within the meaning of
Section 17556 of the Government Code,
or changes the definition of a crime within the
meaning of Section 6 of Article XIII B of the California
Constitution.
SECTION 1. It is the intent of the Legislature
to enact legislation that requires the Public Utilities Commission to
ensure that electrical corporations that are authorized to deploy
Smart Grid technology, including smart meters, are meeting their
intended goals and have not shifted unnecessary deployment costs onto
consumers.