BILL NUMBER: SB 1476AMENDED BILL TEXT AMENDED IN ASSEMBLY AUGUST 2, 2010 AMENDED IN ASSEMBLY JUNE 23, 2010 AMENDED IN ASSEMBLY JUNE 10, 2010 AMENDED IN SENATE APRIL 20, 2010 AMENDED IN SENATE APRIL 5, 2010 INTRODUCED BY Senator Padilla FEBRUARY 19, 2010 An act to add Chapter 5 (commencing with Section 8380) to Division 4.1 of, and to repeal Section 393 of, the Public Utilities Code, relating to public utilities. LEGISLATIVE COUNSEL'S DIGEST SB 1476, as amended, Padilla. Public utilities: customer privacy: advanced metering infrastructure. Under existing law, the Public Utilities Commission has regulatory authority over public utilities, including electrical corporations and gas corporations, as defined. Existing law requires the commission to conduct a pilot study of certain customers of each electrical corporation to determine the relative value to ratepayers of information, rate design, and metering innovations using specified approaches, but prohibits this data from being used for any commercial purpose, unless authorized by the customer. This bill would repeal the provisions relating to the pilot study. This bill would prohibit an electrical corporation or gas corporation from sharing, disclosing, or otherwise making accessible to any 3rd party a customer's electrical or gas consumption data, as defined, except as specified, and would require those utilities to use reasonable security procedures and practices to protect a customer's unencrypted electrical and gas consumption data from unauthorized access, destruction, use, modification, or disclosure. The bill would prohibit an electrical corporation or gas corporation from selling a customer's electrical or gas consumption data or any other personally identifiable information for any purpose. The bill would prohibit an electrical corporation or gas corporation from conditioning a customer's access to electrical or gas consumption data on the payment of an incentive or discount. The bill would provide that if the electrical corporation or gas corporation contracts with a 3rd party for a service that allows a customer to monitor his or her electricity or gas usage, and the 3rd party uses the data for a secondary commercial purpose, the utility is required to ensure that the 3rd party prominently discloses that secondary use of the data to the customer and requires the utility to provide the customer with an option to monitor his or her electricity and gas usage that is not conditioned upon the use of the data by a 3rd party for a secondary commercial purpose. The bill would adoptnearnearly identical requirements applicable to a local publicly owned electric utility with respect to electrical consumption data, as defined. Vote: majority. Appropriation: no. Fiscal committee: yes. State-mandated local program: no. THE PEOPLE OF THE STATE OF CALIFORNIA DO ENACT AS FOLLOWS: SECTION 1. Section 393 of the Public Utilities Code is repealed. SEC. 2. Chapter 5 (commencing with Section 8380) is added to Division 4.1 of the Public Utilities Code, to read: CHAPTER 5. PRIVACY PROTECTIONS FOR ENERGY CONSUMPTION DATA 8380. (a) For purposes of this section, "electrical or gas consumption data" means data about a customer's electrical or natural gas usage that is made available as part of an advanced metering infrastructure. (b) (1) An electrical corporation or gas corporation shall not share, disclose, or otherwise make accessible to any third party a customer's electrical or gas consumption data, except as provided in subdivision (e) or upon the consent of the customer. (2) An electrical corporation or gas corporation shall not sell a customer's electrical or gas consumption data or any other personally identifiable information for any purpose. (c) An electrical corporation, gas corporation, and any contractor of the utility shall not condition a customer's access to electrical or gas consumption data on the payment of an incentive or discount. If an electrical corporation or gas corporation contracts with a third party for a service that allows a customer to monitor his or her electricity or gas usage, and that third party uses the data for a secondary commercial purpose, the electrical corporation or gas corporation shall ensure that the third party prominently discloses that secondary use to the customer. The electrical corporation or gas corporation shall also provide the customer with an option to monitor his or her electricity or gas usage, which is not conditioned on the use of the data by a third party for a secondary commercial purpose. (d) An electrical corporation or gas corporation shall use reasonable security procedures and practices to protect a customer's unencrypted electrical or gas consumption data from unauthorized access, destruction, use, modification, or disclosure. (e) (1) Nothing in this section shall preclude an electrical corporation or gas corporation from using customer aggregate electrical or gas consumption data for analysis, reporting, or program management if all information has been removed regarding the individual identity of a customer. (2) Nothing in this section shall preclude an electrical corporation or gas corporation from disclosing a customer's electrical or gas consumption data to a third party for system, grid, or operational needs, or the implementation of demand response , energy management, or energy efficiency programs, provided that the utility has required by contract that the third party implement and maintain reasonable security procedures and practices appropriate to the nature of the information, to protect the personal information from unauthorized access, destruction, use, modification, or disclosure. (3) Nothing in this section shall preclude an electrical corporation or gas corporation from disclosing electrical or gas consumption data as required under state or federal law or by an order of the commission. (f) If a customer chooses to disclose his or her electrical or gas consumption data to a third party that is unaffiliated with, and has no other business relationship with, the electrical or gas corporation, the electrical or gas corporation shall not be responsible for the security of that data, or its use or misuse. 8381. (a) For purposes of this section, "electrical consumption data" means data about a customer's electrical usage that is made available as part of an advanced metering infrastructure. (b) (1) A local publicly owned electric utility shall not share, disclose, or otherwise make accessible to any third party a customer' s electrical consumption data, except as provided in subdivision (e) or upon the consent of the customer. (2) A local publicly owned electric utility shall not sell a customer's electrical consumption data or any other personally identifiable information for any purpose. (c) A local publicly owned electric utility and any contractor of the utility shall not condition a customer's access to electrical consumption data on the payment of an incentive or discount. If a local publicly owned electric utility contracts with a third party for a service that allows a customer to monitor his or her electricity usage, and that third party uses the data for a secondary commercial purpose, the local publicly owned electric utility shall ensure that the third party prominently discloses that secondary use to the customer. The local publicly owned electric utility shall also provide the customer with an option to monitor his or her electricity usage, which is not conditioned on the use of the data by a third party for a secondary commercial purpose. (d) A local publicly owned electric utility shall use reasonable security procedures and practices to protect a customer's unencrypted electrical consumption data from unauthorized access, destruction, use, modification, or disclosure. (e) (1) Nothing in this section shall preclude a local publicly owned electric utility from using customer aggregate electrical consumption data for analysis, reporting, or program management if all information has been removed regarding the individual identity of a customer. (2) Nothing in this section shall preclude a local publicly owned electric utility from disclosing a customer's electrical consumption data to a third party for system, grid, or operational needs, or the implementation of demand response , energy management, or energy efficiency programs, provided that the utility has required by contract that the third party implement and maintain reasonable security procedures and practices appropriate to the nature of the information, to protect the personal information from unauthorized access, destruction, use, modification, or disclosure. (3) Nothing in this section shall preclude a local publicly owned electric utility from disclosing electrical consumption data as required under state or federal law. (f) If a customer chooses to disclose his or her electrical consumption data to a third party that is unaffiliated with, and has no other business relationship with, the local publicly owned electric utility, the utility shall not be responsible for the security of that data, or its use or misuse.