BILL ANALYSIS � 1
1
SENATE ENERGY, UTILITIES AND COMMUNICATIONS COMMITTEE
ALEX PADILLA, CHAIR
R E V I S E D
SB 837 - Florez Hearing Date:
April 20, 2010 S
As Amended: April 15, 2010 FISCAL B
8
3
7
DESCRIPTION
Privacy
Current law imposes limitations on the collection and disclosure
of personal information by state agencies and restricts the
distribution of personal information for commercial purposes.
Release is permitted with the consent of the individual,
pursuant to the Public Records Act or a search warrant, or to a
governmental agency when required by state or federal law.
Current law prohibits an IOU from disclosing customer usage of
the services provided by the utility without a court order or
subpoena.
This bill declares that meter data collected by an IOU is the
property of the customer and prohibits an IOU from sharing,
selling, disclosing or otherwise making individual customer
information available to a third party without express written
authorization from the customer.
This bill requires an IOU that installs smart meters for
residential customers to adopt a statement of privacy and
security principles for smart meter systems. The statement must
be filed with and approved by the California Public Utilities
Commission (CPUC) and within six months of adopting a policy,
the IOU must develop a work plan for CPUC approval to implement
its statement of principles. In all cases, the statement must
contain specified elements.
�
This bill requires third parties which receive data from an IOU,
with customer consent, to also acknowledge, in writing, that the
information is confidential and shall not be shared or utilized
by any other person, corporation, or entity without the
customer's express written consent. Third parties with consent
to use the data as well as any entity that has access to the
IOU's system including contractors, equipment suppliers, or
software suppliers would be also be required to be notified of
the IOU's privacy and security principles, the IOU work plan,
and agree to follow the work plan.
This bill requires the CPUC to approve the sharing of
information with a demand response provider, approve and modify
IOU privacy and security policies and work plans, and to adopt
rules to ensure the safe transfer of usage information and any
other rules necessary to implement the privacy requirements of
this bill. The CPUC would also be permitted to authorize the
sharing of information with academic or other researchers.
This bill would require IOUs to automatically terminate a
customer's authorization for the release of data after three
years and permit the use of digital signatures for customer
consent.
This bill would require each public utility on or before March
1, 2012, and each March 1 thereafter, to report to the Office of
Privacy Protection information relative to request for
customer's utility records pursuant to warrants and
administrative subpoenas. The reports would be made available to
the public via the Internet.
This bill defines a demand response provider, restricts the
disclosure of IOU customer data it receives as a result of the
consent of an IOU customer, and requires that the demand service
provider adopt a statement of privacy and security principles
and work plan in the same manner specified above for IOUs. The
CPUC would be granted the authority to regulate demand response
providers use of consumer data.
This bill prohibits an IOU or third party from offering or
providing any incentive, discount or other inducement with a
monetary value, to a customer to obtain the customer's
authorization to release information.
�
Existing law requires a party that seeks production of personal
records using a subpoena duces tecum to serve the consumer whose
personal records will be produced under the subpoena with: (1) a
copy of the subpoena; and (2) a notice detailing actions the
consumer may take to protect his or her privacy and prevent
release of the documents.
This bill would include records maintained by an IOU, a publicly
owned gas utility, or a local publicly owned gas utility in the
definition of "personal records."
Existing law provides that a judge may order the production of
utility records to law enforcement for the purpose of criminal
investigations and prosecutions. Existing law does not prohibit
the holder of the utility records from notifying the customer
that the holder has received a court order to produce the
records, unless the court orders otherwise.
This bill would instead require the holder of the utility
records to notify the customer of the order to produce the
records, unless the court orders otherwise. If the court orders
that the customer not be notified, this bill would require that
the order include a statement of the facts as to why providing
notice would impede the investigation.
Disconnection
Current law restricts the termination of residential electrical
or gas service for nonpayment by an IOU unless the IOU conforms
to specified notice and timeline requirements and restricts
termination of service in specified situations.
Current orders of the CPUC establish rules, procedures and
notice requirements that an investor-owned utility (IOU) must
follow before an electric or gas customer's service can be
disconnected.
This bill requires IOUs to implement specific strategies to
compel customer payment prior to service disconnection and
directs the CPUC to require that IOUs reduced disconnection
rates for low-income customers so that they are consistent with
non-low-income customers.
Smart Meters
�
Current law establishes smart grid as the policy of the state
and requires the CPUC to determine the requirements for a smart
grid deployment plan no later than July 1, 2010; subsequently,
IOUs would be required to adopt a plan for implementation of a
smart grid no later than July 1, 2011.
Current orders of the CPUC require the IOUs to replace
traditional utility meters with an advanced metering
infrastructure (AMI) or "smart meters."
This bill requires the CPUC to ensure that each smart grid
deployment plan include specified testing and technology
standards and that each metering technology work property in a
field test in a real home setting.
BACKGROUND
Smart Meters
Smart Meters - The smart meter is a two-way communcation device
which transmits data back to a utility and negates the need for
manual meter readings. It also allows the utility to remotely
read the meter and disable and enable supply and is the
foundation for demand response programs such as critical peak
pricing which is designed to reduce electrical consumption
during times of peak demand. With additional software smart
meters open the door for a consumer to access consumption data
in real time and to manage their energy use and pricing more
proactively.
Smart meters are the first remote communication device designed
for smart grid applications. In general smart meters will
provide customers granular (i.e. hourly usage, specific
appliance usage) information regarding their electricity usage.
The transparency for the customer associated with their energy
consumption is expected to improve efforts for demand response
and energy efficiency at a local, state, and regional level.
Current estimates project installation of over 11 million smart
meters in California by 2011. Specifically, the PUC has
authorized the following installations for the state's IOUs:
�
Southern California Edison 5.3 million;
San Diego Gas & Electric 1.4 million electric/900,000
gas; and
Pacific Gas & Electric 5 million eletric/4.2 million
gas.
Deployment Problems - Although millions of smart meters have
been installed by the three IOUs without incident, last summer
PG&E began receiving an extraordinarily high number of customer
complaints from customers in the San Joaquin Valley who
experienced excessively high billing statements. These
complaints coincided with the installation of smart meters in
the region by PG&E and very high summer temperatures. At the
same time the CPUC also received several hundred customer
complaints from the same region concerning billing statements
and questioning the accuracy of smart meters.
In response to those complaints and communications from Senator
Dean Florez, the CPUC contracted for a third party evaluation of
PG&E's smart meters the results of which are due in
approximately four months. The evaluator will address the
following issues:
Whether PG&E smart meter system is measuring and billing
electric usage accurately, both now and since meter
deployment began;
Independent analysis of high bill customer complaints;
and
Analysis of PG&E's smart meter Program's past and
current operational and deployment processes, policies, and
procedures.
In addition, the CPUC is planning to review consumer complaints
and the overall accuracy of smart meters. The review will focus
first on complaints from the San Joaquin Valley area and cover
deployment policies and procedures and broader issues depending
on findings.
Privacy
When fully deployed the smart meter is intended to allow the
customer to view their data on-line, in real-time, via a utility
website or through third party applications such as Google
Powermeter. The question of how these data streams are
�
monitored and secured in order to insure customer privacy is of
concern to many. With additional software, the smart meter data
will show a customer's sleep, work, and travel habits, when
appliances are used, cooking and eating schedules, and likely
when a customer is home or not. This data can be a great tool
to manage peak electrical load and achieve greater energy
efficiency. It can however also be of great interest to third
parties for commercial purposes. The ability of third parties
to use utilities as conduits for customer information or, from
the home and bypassing the utilities is novel and introduces new
challenges to privacy with respect to energy consumption.
CPUC Rulemaking - The CPUC has initiated a rulemaking
(R.08-12-009) to consider policies for IOUs to develop a smarter
electric grid in the state. The proceeding will consider
setting policies, standards and protocols to guide the
development of a smart grid system and facilitate integration of
new technologies such as distributed generation, storage,
demand-side technologies, and electric vehicles. The rulemaking
will investigate the contact between the smart grid and
consumers, including residential, commercial, industrial, and
agricultural consumers and cyber-security issues including
policies to ensure customer privacy.
Disconnections
The installation of smart meters will allow for immediate remote
connection and disconnection of utility service. This service
can be advantageous for customers changing service due to a move
of their residence and will lower operational costs for the IOUs
which will translate into savings for ratepayers for the cost of
service. The smart meter will also allow a utility to more
quickly detect service outages and to restore service. The old
meter infrastructure required customer phone calls to the IOU to
detect outages.
However, ratepayer advocates are also concerned that the ability
to remotely disconnect service will increase the number of
disconnections and reduce the ability of customers to make-up
arrearages and avoid a loss of service.
As the economy has continued to decline, utility disconnections
have been on the rise. In response the CPUC has ordered interim
actions by the IOUs to reduce disconnections by improving
�
customer notification and education. The CPUC has also opened a
rulemaking to reexamine utility disconnection rules and
practices and identify more effective ways for the utilities to
work with their customers and develop solutions that avoid
unnecessary disconnections without placing an undue cost burden
on other customers.
COMMENTS
1) Author's Concerns . The author held two district
meetings on the issue of smart meters in the fall of 2009.
The major issues of concern to his constituents were the
ability of PG&E to remotely disconnect service, the testing
and accuracy of smart meters, and the privacy and security
of the data created by smart meters. The author notes that
"due to the increased amount of data collection with the
implementation of Smart Meters, there is a significant risk
regarding the loss of privacy. This bill creates privacy
standards and allows customers to have greater control over
the collection and sharing of their information. Due to
the complaints regarding the accuracy of Smart Meters in
Bakersfield, this bill requires additional testing of smart
meter technologies prior to their installation. These
tests include ensuring that the smart meter technology is
compatible with other smart technologies and corporations
billing and data collection systems."
2) Service Disconnection . The deployment of smart meters
will mean that the IOUs no longer have to send a
representative out to the customer's residence to terminate
service. The IOU can do so from their business office
almost instantly once smart meters are fully deployed.
This can work in a consumer's favor for changing service in
a move. It benefits all ratepayers because the cost of
operations is reduced.
Concern has been expressed however that the ability to
quickly terminate service will have a negative affect on
customer's who are in arrears with their bills. The IOUs
have not instituted remote connect and disconnect so the
impact is not yet known. Currently the IOUs have clear
notice and outreach provisions that they are required to
follow before terminating utility service. As an example,
�
PG&E reports that a customer gets several notices and two
phone calls before service disconnect which is not done any
earlier than 70 days after the bill is issued.
The economic crisis has resulted in an increase in utility
service disconnections which is of concern to ratepayer
groups, the IOUs and others. An analysis by the Division
of Ratepayer Advocates noted a 19% increase in the PG&E
territory over a 12 month period from 2008 to 2009 from the
prior 12 month cycle.
In response the CPUC has taken interim actions. Over the
holidays, a moratorium was established on disconnects. For
the foreseeable future all IOU customer service
representatives must inform any customer that owes an
arrearage on a utility bill that puts the customer at risk
for disconnection, that the customer has the right to
arrange for a bill payment plan extending a minimum of
three months in which to repay the arrearage. Customers
must keep current on their utility bills while repaying the
arrearage balance. Additionally, once a customer has
established credit as a customer of a utility, that utility
must not require the customer to pay additional
reestablishment of credit deposits with the utility for
either low-payment/no-payment of bills or following a
disconnection. The interim actions are part of a
proceeding the CPUC opened in February to address arrearage
management and shutoff prevention for residential energy
customers by improving customer notification and education.
This bill responds to the disconnect problem by directing
the CPUC to require the IOUs to implement strategies that
compel customer payment prior to service disconnection.
The CPUC's current rulemaking is considering those very
policies.
This bill also directs the CPUC to require the IOUs to
reduce disconnection rates for low-income customers so that
they are in line with the disconnection rates of customers
who are not categorized as low-income and to ensure that
disconnections remain at or below historical levels - in
effect establishing a cap on service disconnections.
Unfortunately there is a correlation between income and
disconnections. The institution of a cap for service
�
disconnection would likely prohibit the IOUs from
terminating service for low-income customers under any
circumstance.
This bill also requires safeguards to protect against
negative health and public safety consequences of remote
disconnections. The IOUs are already prohibited from
terminating service for customers who have a medical
condition, certified by physician, which necessitates
utility service in their care.
Because the cap on service disconnections is not practical
and because the issues under review by the CPUC to try and
reduce disconnections are generally the same as proposed by
this bill, the author and committee may wish to consider
striking this provision.
3) Privacy Protection . The issue of privacy and IOU data
is of growing concern with the coming of a smarter
electrical grid. Current law lacks clear direction on the
protection and use of a customer's data. The IOUs are
somewhat unique in that their business model and
interaction with regulating agencies is data intense - the
use of that data is critical for planning and regulatory
purposes and to develop strong customer-based energy
efficiency and demand response programs.
It is important to note that meter data and customer
information has been held for decades by the IOUs and the
committee is not aware of breaches of customer privacy
resulting in the inappropriate use or disclosure of the
information. Nevertheless the introduction of smart meters,
a smart grid, and the current and future ability of the
consumer to access data through innovative third party
programs does warrant increased scrutiny and protection.
However the privacy framework of this bill raises several
concerns including:
the creation of property rights of meter data
for the customer;
inadvertent creation of barriers to data and
consumer interface with that data;
excessively detailed mandates on the IOUs for
�
the content of privacy policies that could constrain
even the normal everyday business use of the data by
the IOUs;
protection of only smart meter data and not
all of a customer's personally identifiable
information;
increased CPUC workload requirements as a
result of the requirement that the CPUC regulate and
approve privacy policy adoptions and work plans
adopted by the IOUs;
Increased CPUC workload to regulate access to
data by researchers; and
The requirement that the CPUC undertake the
regulation of private entities, their use of customer
data, and adoption of privacy policies and work plans.
To address these concerns, the author and committee may
wish to consider a framework of self-regulation provisions
which directly requires the IOUs to establish privacy
policies, but removes CPUC review and approvals and
regulation of third party entities by the CPUC (a complete
copy of the amendments are attached):
Strike the privacy provisions of Public
Utilities Code Section 2750 as currently proposed and
instead require the IOUs to restrict releases of all
personally identifiable information, not just smart
meter data, without express written consent from the
customer with specified exceptions;
Require each IOU to develop a privacy policy
that is consistent with the Federal Trade Commission's
Fair Information Practice Principles;
Remove CPUC regulation of privacy policies and
enforcement; and
Remove regulation of the use of data by demand
response providers and other third parties and the
mandate that demand response providers adopt privacy
and security policies.
1) Consistent Treatment in the Law . The policy of the
Legislature in consumer privacy protection has been
self-regulation by entities that collect and use consumer
data. The Legislature has clearly regulated state agencies
�
in their use of data but the committee is aware of no other
regulated industries or private entities which are subject
to agency oversight of consumer privacy protections. Banks
do have a detailed body of law regarding the disclosure of
data between subsidiaries but even these requirements are
not under the jurisdiction of state regulators. The
consumer's recourse is through the courts.
2) Deployment Plans . This bill directs the CPUC to
institute specified testing and technology standards for
smart grid deployment plans. Because the utilities are in
the process of deploying smart meters, the author and
committee may wish to consider an amendment that would
apply the testing and technology standards to deployment
plans approved by the CPUC after January 1, 2012.
3) Inconsistent Terms . This bill uses "smart meter data,"
"energy usage data," "meter data," "consumption data," and
"data" interchangeably. The author and committee may wish
to consider amendments to use one consistent phrase such as
"energy usage data."
POSITIONS
Sponsor:
Author
Support:
American Civil Liberties Union
Consumer Action
Consumer Federation of California
Division of Ratepayer Advocates
Privacy Rights Clearinghouse
Sacramento Municipal Utility District (if amended)
TURN - The Utility Reform Network
Oppose:
Pacific Gas & Electric Company (unless amended)
Sempra Energy (unless amended)
�
Maurice Pitesky
Kellie Smith
SB 837 Analysis
Hearing Date: April 20, 2010
Attachment - recommended amendments