IE11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

Privacy, Health Data Bills Destined to Become Law Next Year

Gov. Gavin Newsom has signed several pieces of technology and innovation legislation, which will now become law — and vetoed others, while, in at least one case, using their intent to refine state operations.

capitol-portrait.jpg
The year’s legislative session may have lacked a single dramatic tech bill the size and scope of 2018’s California Consumer Privacy Act (CCPA), but legislators approved several important pieces of technology and innovation legislation in a session punctuated by COVID-19 — and Gov. Gavin Newsom signed some of them into law.

Here are some of the 2020 legislative session’s most significant tech bills, which Newsom signed by Sept. 30 per state law. Unless otherwise noted, signed legislation takes effect Jan. 1.

• Newsom signed Senate Bill 932, from Sen. Scott Wiener, D-San Francisco, on Sept. 26; as an urgency statute, it took effect immediately. The bill requires that electronic communicable-disease reporting tools used by the California Department of Public Health (CDPH) and local health officials collect and report data relating to the sexual orientation and gender identity of people diagnosed with all communicable diseases. The bill, aimed at better understanding the impacts of disease on the LGBTQ community, originally focused solely on people diagnosed with COVID-19.

Assembly Bill 1281, from Assemblymember Ed Chau, D-Arcadia, a member of the California Legislative Technology and Innovation Caucus, further refines the CCPA. It extends to Jan. 1, 2022, exemptions for personal information that reflects written or verbal communications or transactions between a business and a consumer if the consumer “is acting as an employee, owner, director, officer, or contractor of a company,” entity or government agency; and whose communications or transactions happen only “within the context” of the business doing due diligence on a product or service from that company, entity or government agency.

AB 713, from Assemblymember Kevin Mullin, D-South San Francisco, also tunes up the CCPA. It will “harmonize” the act’s definition of de-identified data with the venerable Health Insurance Portability and Accountability Act (HIPAA) standard to avoid possible “widespread disruption to healthcare and biomedical research.” Among the stipulations, it exempts from the CCPA information that has been de-identified per federal law, or derived from “medical information, protected health information, individually identifiable health information, or identifiable private information,” also consistent with federal policy.

AB 499, from Assemblymember Chad Mayes, I-Rancho Mirage, bars state agencies from sending outgoing mail with residents’ Social Security numbers — unless those numbers are represented by only the last four digits or, in “specified circumstances” such as when federal law mandates the entire number be included. The bill also requires those same agencies to report to the Legislature by Sept. 1, 2021, on when and why they mail out those numbers and requires those that are unable to comply to submit annual corrective plans until they’re in compliance. The bill also makes those action plans, reports and related correspondence confidential and prohibits their disclosure.

Not every tech or innovation bill cleared the governor’s desk, however. Here are a few that Newsom vetoed:

AB 1845 from Assemblymember Luz Rivas, D-Arleta, would have created an Office to End Homelessness in Newsom’s office and a secretary on homelessness appointed by the governor. It would also have formally named the Homeless Data Integration System, still in procurement but reportedly close to a contract, and would have mandated that local Continuums of Care populate it with data and protect the privacy of that data.

“Separating policy development on homelessness from that on health care or housing will lead to more fragmentation, not less. Looking at homeless spending through a separate lens, divorced from our health care and housing budgets, will lead to more duplication and inefficiency,” Newsom wrote in his veto message, committing to working with Rivas and the Legislature next year on homelessness.

In an email to Techwire, Rivas pointed out that the veto means “locals will not be required to share the data,” but she praised the administration’s work on combatting homelessness and Newsom’s commitment to work with her.

AB 2004 from Assemblymember Ian Calderon, D-Whittier, co-chair of the Tech Caucus, would have required the California Government Operations Agency to appoint a working group from the public and private sectors before July 1 to look at the use of “verifiable health credentials for communication of COVID-19 test results or other medical test results” and make recommendations to the Legislature by July 1, 2022. In his veto message, Newsom pointed out that the COVID-19 Testing Task Force can already convene stakeholders and experts to discuss innovation in testing and reporting — and the state has “multiple ongoing efforts” on COVID-19 testing.

SB 980 from Sen. Thomas Umberg, D-Santa Ana, would have created the “Genetic Information Privacy Act,” barring “a direct-to-consumer genetic or illness testing services company from disclosing a person’s genetic information to a third party without obtaining the person’s prior written consent.” It would also have kept COVID-19 testing companies not covered by HIPAA from sharing consumers’ biometric data without explicit consent. In his veto message, Newsom said he agreed with the bill’s primary goal and is directing the California Health and Human Services Agency and CDPH to work with the statehouse on a solution that achieves the bill’s privacy goals and prevents “inadvertent impacts” on testing efforts.

Theo Douglas is Assistant Managing Editor of Industry Insider — California.