Bills that would regulate the sharing of genetic data & create coverage in the CCPA of some HIPAA data are near to being written into law in California.
For many US West Coast companies, the California Consumer Privacy Act – the state’s landmark ‘Data Privacy Bill’ that went into effect earlier in 2020 may already be in the past.
Businesses no doubt spent time over recent years trying to incorporate privacy policies, to allow consumers to control how their data is handled & shared.
However, data privacy in California is just starting to become an issue, as a handful of bills focused on regulating data continue to move forward in the California State Assembly.
Under 1 piece of legislation, an amendment to the CCPA, California would have to observe Federal privacy standards for patient healthcare data. A.B. 713 – introduced by Assemblyman Kevin Mullin got the votes it needed in the Senate, & the Assembly on Mon. The bill needs to be signed into law by California Governor Gavin Newsom.
Medical Research Data
The amendment would except data de-identified in accordance with the Health Insurance Portability & Accountability Act (HIPAA), medical research data, personal information used for public health & safety activities, & patient information that is maintained by HIPAA business associates in the same manner as HIPAA protected health information (PHI).
At the moment the CCPA says that “personal information” “does not include consumer information that is de-identified or aggregate consumer information.”
Genetic Testing Companies
A further bill making its way through California’s Govt. would require direct-to-consumer genetic testing companies to obtain consent from customers before sharing data with a 3rd party. In particular, the companies would have to obtain a consumers’ affirmative consent before collecting, using & disclosing genetic data.
The Bill, S.B. 980, has seen vast approval in the Senate, where it passed 39-0 on Mon. & in the Assembly which passed it 69-0 in Aug.
Like A.B. 713, the final outcome of the bill, also known as the ‘Genetic Information Privacy Act’, rests in the hands of California’s Governor.
California’s Nov. Ballot
Both efforts are called ‘Proposition 24’, – the California Privacy Rights Act or CPRA, & is high-profile in California’s Nov. Ballot.
This initiative, which been called CCPA 2.0 by some, would put extra limits on how companies collect & use personal information, penalise organisations that compromise children’s data ,& make it harder to weaken privacy in the state. ‘Prop. 24’ would also create a regulatory agency to manage data privacy in California, something that does not exist at present.
The California Secretary of State, Alex Padilla, previously announced the CPRA had sufficient signatures to qualify for the ballot in Jun., so it’s inclusion is not a surprise.
Electronic Frontier Foundation
Privacy advocacy groups, e.g. the Electronic Frontier Foundation called parts of Prop 24 “a partial step forward” & “half-steps” last month.
Added support was gained, however, earlier this week when Andrew Yang, the former tech entrepreneur turned presidential candidate turned part-time CNN political commentator, joined Prop. 24’s advisory board.