Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Compliance

New Bill Regulates COVID-19 Exposure Notification Services

A newly introduced bipartisan bill seeks to provide individuals with increased control over the sharing of data with services designed to notify them if they have been exposed to the COVID-19 coronavirus.

A newly introduced bipartisan bill seeks to provide individuals with increased control over the sharing of data with services designed to notify them if they have been exposed to the COVID-19 coronavirus.

Proposed by U.S. Senators Maria Cantwell (D-WA), ranking member of the Senate Committee on Commerce, Science and Transportation, and Bill Cassidy (R-LA), and sponsored by U.S. Senator Amy Klobuchar (D-MN), the legislation seeks to both protect consumer privacy and promote public health.

Automated exposure notification services (including websites, online services and applications, mobile apps and platforms) are set to be released in the coming weeks to help track the spread of the COVID-19 virus and deliver notifications to individuals who might have been exposed.

The Exposure Notification Privacy Act makes participation in these exposure notification systems voluntary, based on affirmative, express consent, and also provides consumers with increased control over their data. It also allows individuals to withdraw at any time and to have their data deleted per request, and limits the types of data that can be collected to that which is necessary for the purpose of the system. Commercial use of this data is prohibited.

Furthermore, the bill makes it “unlawful to discriminate against, or otherwise make unavailable to an individual, any place of public accommodation based on data collected or processed through an automated exposure notification service.”

The legislation requires public health officials to be involved in the deployment of exposure notification systems and prohibits services that are not operated by or in collaboration with a public health authority. It also requires that only medically-authorized diagnoses be submitted.

The bill seeks to create strong cybersecurity and breach notification safeguards, empowers federal and state authorities (the Federal Trade Commission and State Attorneys General) to pursue violators and allows the FTC to pursue civil penalties for first-time violations.

“Public health needs to be in charge of any notification system so we protect people’s privacy and help them know when there is a warning that they might have been exposed to COVID-19,” Senator Cantwell said.

Advertisement. Scroll to continue reading.

Related: Surveillance Bill Vote Scrapped After Opposition From Trump, DoJ

Related: Bipartisan Bill Aims to Reform NSA Surveillance of Americans

Related: Proposed Bill Seeks to Protect Researchers Disclosing Classified Government Backdoors

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

Cybersecurity Funding

2022 Cybersecurity Year in Review: Top news headlines and trends that impacted the security ecosystem