Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Compliance

New Bill Regulates COVID-19 Exposure Notification Services

A newly introduced bipartisan bill seeks to provide individuals with increased control over the sharing of data with services designed to notify them if they have been exposed to the COVID-19 coronavirus.

A newly introduced bipartisan bill seeks to provide individuals with increased control over the sharing of data with services designed to notify them if they have been exposed to the COVID-19 coronavirus.

Proposed by U.S. Senators Maria Cantwell (D-WA), ranking member of the Senate Committee on Commerce, Science and Transportation, and Bill Cassidy (R-LA), and sponsored by U.S. Senator Amy Klobuchar (D-MN), the legislation seeks to both protect consumer privacy and promote public health.

Automated exposure notification services (including websites, online services and applications, mobile apps and platforms) are set to be released in the coming weeks to help track the spread of the COVID-19 virus and deliver notifications to individuals who might have been exposed.

The Exposure Notification Privacy Act makes participation in these exposure notification systems voluntary, based on affirmative, express consent, and also provides consumers with increased control over their data. It also allows individuals to withdraw at any time and to have their data deleted per request, and limits the types of data that can be collected to that which is necessary for the purpose of the system. Commercial use of this data is prohibited.

Furthermore, the bill makes it “unlawful to discriminate against, or otherwise make unavailable to an individual, any place of public accommodation based on data collected or processed through an automated exposure notification service.”

The legislation requires public health officials to be involved in the deployment of exposure notification systems and prohibits services that are not operated by or in collaboration with a public health authority. It also requires that only medically-authorized diagnoses be submitted.

The bill seeks to create strong cybersecurity and breach notification safeguards, empowers federal and state authorities (the Federal Trade Commission and State Attorneys General) to pursue violators and allows the FTC to pursue civil penalties for first-time violations.

“Public health needs to be in charge of any notification system so we protect people’s privacy and help them know when there is a warning that they might have been exposed to COVID-19,” Senator Cantwell said.

Advertisement. Scroll to continue reading.

Related: Surveillance Bill Vote Scrapped After Opposition From Trump, DoJ

Related: Bipartisan Bill Aims to Reform NSA Surveillance of Americans

Related: Proposed Bill Seeks to Protect Researchers Disclosing Classified Government Backdoors

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Learn how the LOtL threat landscape has evolved, why traditional endpoint hardening methods fall short, and how adaptive, user-aware approaches can reduce risk.

Watch Now

Join the summit to explore critical threats to public cloud infrastructure, APIs, and identity systems through discussions, case studies, and insights into emerging technologies like AI and LLMs.

Register

People on the Move

Coro, a provider of cybersecurity solutions for SMBs, has appointed Joe Sykora as CEO.

SonicWall has hired Rajnish Mishra as Senior Vice President and Chief Development Officer.

Kenna Security co-founder Ed Bellis has joined Empirical Security as Chief Executive Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.