BILL NUMBER: SB 837 AMENDED
BILL TEXT
AMENDED IN ASSEMBLY JUNE 22, 2010
AMENDED IN SENATE JUNE 1, 2010
AMENDED IN SENATE MAY 12, 2010
AMENDED IN SENATE APRIL 27, 2010
AMENDED IN SENATE APRIL 15, 2010
AMENDED IN SENATE MARCH 25, 2010
INTRODUCED BY Senator Florez
JANUARY 5, 2010
An act to add Title 3.6 (commencing with Section 1883) to
Part 4 of Division 3 of the Civil Code, and to add Sections
779.3 and 8364.5 to the Public Utilities Code, relating to utility
service.
LEGISLATIVE COUNSEL'S DIGEST
SB 837, as amended, Florez. Utility service: disconnection: smart
meters. meters: privacy.
(1) The federal Energy Independence and Security Act of 2007
states that it is the policy of the United States to maintain a
reliable and secure electricity structure that achieves certain
objectives that characterize a smart grid. Existing federal law
requires each state regulatory authority, with respect to each
electric utility for which it has ratemaking authority, and each
nonregulated electric utility, to consider certain standards and to
determine whether or not it is appropriate to implement those
standards to carry out the purposes of the Public Utility Regulatory
Policies Act. The existing standards include time-based metering and
communications, consideration of smart grid investments, and
providing purchases with smart grid information, as specified.
Under existing law, the Public Utilities Commission (CPUC) has
regulatory authority over public utilities, including electrical
corporations and gas corporations, as defined. Existing law requires
the CPUC, by July 1, 2010, and in consultation with the State Energy
Resources Conservation and Development Commission, the Independent
System Operator, and other key stakeholders, to determine the
requirements for a smart grid deployment plan consistent with certain
policies set forth in state and federal law. Existing law requires
that the smart grid improve overall efficiency, reliability, and
cost-effectiveness of electrical system operations, planning, and
maintenance. Existing law requires each electrical corporation, by
July 1, 2011, to develop and submit a smart grid deployment plan to
the commission for approval.
This bill would require the CPUC to ensure that each smart grid
deployment plan authorized by the CPUC after January 1, 2012, include
testing and technology standards, as specified. The bill would
require each electrical corporation to ensure that each metering
technology works properly in a field test in a real home setting.
(2) Existing law authorizes the CPUC to fix the rates and charges
for every public utility, and requires that those rates and charges
be just and reasonable. Existing law requires certain notice be given
before an electrical, gas, heat, or water corporation may terminate
residential service for nonpayment of a delinquent account and
prohibits termination of service for nonpayment in certain
circumstances.
This bill would require the CPUC to evaluate the impact of
advanced metering infrastructure technology , commonly referred
to as smart meters, on the frequency of energy utility
disconnections, adopt policies to minimize any adverse impacts, and
consider requiring electrical corporations and gas corporations to
evaluate their customer communication policies relative to
disconnections of service and share unsuccessful and successful
practices in their creation of best practices.
(3) Existing law prescribes the circumstances under which
telephone and telegraph corporations may release information
regarding residential subscribers without their written consent.
Existing law relative to restructuring of the electrical industry
requires the commission to implement minimum standards relative to
maintaining the confidentiality of residential and small commercial
customer information by electric service providers.
This bill would prohibit individual electrical end-use customer
information, as defined, in the custody of a 3rd-party demand
response service provider, as defined, from being provided to any
other person or entity by the service provider unless the customer
expressly authorizes, in writing, that the information may be
released to that person or entity and that person or corporation
acknowledges, in writing, that the information is confidential and
may not be shared, disclosed, made accessible, or utilized by any
other person or entity without the express written consent of the
customer. The bill would require each 3rd-party demand response
service provider to adopt a statement of privacy and security
principles for the data to which it has access as a result of
providing demand response services. The bill would authorize a
customer to give a 3rd party access to his or her electricity or gas
usage data by providing written authorization to the customer's
electrical corporation, gas corporation, or publicly owned electric
or gas utility, to release the usage data to the 3rd party.
(3)
(4) Under existing law, a violation of the Public
Utilities Act or any order, decision, rule, direction, demand, or
requirement of the commission is a crime.
Because certain of the bill's provisions would be within the act
and because the bill would require action by the commission to
implement certain of its requirements, a violation of these
provisions would impose a state-mandated local program by creating a
new crime.
The California Constitution requires the state to reimburse local
agencies and school districts for certain costs mandated by the
state. Statutory provisions establish procedures for making that
reimbursement.
This bill would provide that no reimbursement is required by this
act for a specified reason.
Vote: majority. Appropriation: no. Fiscal committee: yes.
State-mandated local program: yes.
THE PEOPLE OF THE STATE OF CALIFORNIA DO ENACT AS FOLLOWS:
SECTION 1. (a) Information concerning a utility
customer's energy usage should be treated as confidential by
electrical corporations and gas corporations, and the Legislature
finds and declares that this right of privacy needs further
protection in light of the detailed information on household energy
usage that will be available to electrical corporations and gas
corporations after the statewide deployment of smart meter
technology. If electrical corporations begin to provide other
services over wholly owned medium, including broadband over powerline
service, privacy protections need to apply to these services.
(b) It is the intent of the Legislature to enact additional
protections to preserve the confidentiality of household energy usage
information and prevent its access and use by third parties that
provide equipment or software associated with deployment and
operation of the smart grid. A customer has a reasonable expectation
of privacy with respect to their occupancy, movement, habits, or any
other activity in their home that otherwise would not be visible from
outside. Smart appliance systems for the home should protect a
customer's reasonable expectation of privacy in his or her activities
and preferences, and the customer's right to control the use of
energy usage data collected from in-home smart appliances, in-home
sensors, or smart meters, should be protected by limiting a utility's
and other business processor's use of the energy usage data, and
limiting access and use by government and private parties.
(c) Detailed and real-time consumption data held by, or accessible
to, electrical corporations, gas corporations, or third parties
should be available to law enforcement only with a warrant or in
those circumstances when a warrant is unnecessary to conduct a search
of a residence.
SEC. 2. Title 3.6 (commencing with Section 1883)
is added to Part 4 of Division 3 of the Civil Code
, to read:
TITLE 3.6. CONFIDENTIALITY OF UTILITY USAGE INFORMATION
1883. (a) For purposes of this title, "third-party demand
response service provider" means a person or corporation that is not
an electrical corporation who collects customer energy usage data or
collects that data and provides equipment, software, or services that
enable end-use electrical customers to reduce their electricity
usage in a given time period, or shift that usage to another time
period, in response to a price signal, a financial incentive, an
environmental condition, or a reliability signal.
(b) For purposes of this title, an authorization, acknowledgment,
or consent is "written" or "in writing" if made by an "electronic
record" that includes a "digital signature" as those terms are
defined in Section 1633.
1883.1. (a) Individual electrical end-use customer information
shall remain confidential. For purposes of this section, "individual
electrical end-use customer information" includes both of the
following:
(1) Electrical usage information about an individual, family,
household, or residence.
(2) Billing and credit information about an individual, family,
household, or residence.
(b) Individual electrical end-use customer information in the
custody of a third-party demand response service provider shall not
be shared, disclosed, or otherwise made accessible to any other
person or entity by a third-party demand response service provider
unless the customer expressly authorizes, in writing, the release of
that information to that person or entity and that person or entity
acknowledges, in writing, that the information is confidential and
shall not be shared, disclosed, made accessible, or utilized by any
other person or entity without the express written consent of the
customer. Individual electrical end-use customer information shall
not be sold under any circumstances.
(c) (1) (A) Each third-party demand response service provider,
before providing demand response service on customer residences,
shall adopt a statement of privacy and security principles.
(B) The statement of privacy and security principles shall
incorporate each of the following principles of the Fair Information
Practice Principles adopted by the Federal Trade Commission:
(i) Notice/Awareness.
(ii) Choice/Consent.
(iii) Access/Participation.
(iv) Integrity/Security.
(v) Enforcement/Redress.
(C) The statement of privacy and security principles shall
additionally incorporate the principle that maintenance of
information shall be minimized. The third-party demand response
service provider shall collect or retain only that individual
customer information that is directly relevant and necessary to
accomplish a purpose specified in the statement of privacy and
security principles. Individual customer information shall only be
retained for as long as necessary to fulfill the specified purpose.
(2) Upon adoption of the statement of privacy and security
principles, the third-party demand response service provider shall
make the statement of principles available on the third-party demand
response service provider's Internet Web site or supply it to
customers in writing or as an electronic record, as defined in
Section 1633. Information that might be detrimental to the security
of the demand response technology utilized by the third-party demand
response service provider shall be omitted from the information made
available on the Internet Web site or directly supplied to customers.
The third-party demand response service provider shall provide a
mechanism for customers to make inquiries about, or comment upon, the
statement of principles.
(3) A third-party demand response service provider shall ensure
that any person, other than the customer, including a contractor,
equipment supplier, or software supplier of the third-party demand
response service provider, is aware of the third-party demand
response service provider's statement of privacy and security
principles and agrees to act in a manner that is compatible with the
statement of privacy and security principles.
(d) This section does not limit the ability of the electrical
end-use customer to directly and voluntarily provide confidential
information to any person or entity.
1883.5. (a) A customer may give a third party access to his or
her electricity or gas usage data by providing written authorization
to the customer's electrical corporation, gas corporation, or
publicly owned electric or gas utility, to release the usage data to
the third party.
(b) The electrical corporation, gas corporation, or publicly owned
utility shall not be responsible for a third party's use or
maintenance of utility usage data released to the third party
pursuant to the customer's written authorization.
SECTION 1. SEC. 3. Section 779.3 is
added to the Public Utilities Code, to read:
779.3. The Legislature finds and declares that, due to the
importance of having electrical service to one's residence, the issue
of utility service disconnections requires careful scrutiny by the
commission. The commission shall evaluate the impact of advanced
metering infrastructure technology on the frequency of energy utility
disconnections and adopt policies to minimize any adverse impacts.
The commission shall also consider requiring electrical corporations
and gas corporations to evaluate their customer communication
policies relative to disconnections of service and share unsuccessful
and successful practices in their creation of best practices.
SEC. 2. SEC. 4. Section 8364.5 is
added to the Public Utilities Code, to read:
8364.5. (a) The commission shall ensure that each smart grid
deployment plan authorized by the commission after January 1, 2012,
includes testing and technology standards.
(b) Testing standards shall include all of the following:
(1) A requirement that the smart metering technology have a
comprehensive security audit. The security auditing plan and the
results of the security audit shall be made publicly available upon
approval by the commission.
(2) A requirement that the manufacturer disclose to the
electrical corporation or gas corporation whether it
created a cryptographic protocol for data encryption and specify the
protocol used.
(3) A requirement that the manufacturer submit to the
electrical corporation or gas corporation security audit
results as part of a direct access meter project self-certification
program.
(c) Technology standards shall do both of the following:
(1) Ensure that the particular smart metering technology is
compatible with other smart technologies.
(2) Ensure that the particular smart metering technology is
compatible with the electrical corporation's energy usage data
collection and billing system.
(d) Each electrical corporation shall ensure that each metering
technology works properly in a field test in a real home setting.
SEC. 3. SEC. 5. No reimbursement is
required by this act pursuant to Section 6 of Article XIII B of the
California Constitution because the only costs that may be incurred
by a local agency or school district will be incurred because this
act creates a new crime or infraction, eliminates a crime or
infraction, or changes the penalty for a crime or infraction, within
the meaning of Section 17556 of the Government Code, or changes the
definition of a crime within the meaning of Section 6 of Article XIII
B of the California Constitution.