Assembly Privacy and Consumer Protection to hold its first policy committee of 2016

By CMTA Staff

Capitol Update, April 1, 2016 Share this on FacebookTweet thisEmail this to a friend

The Assembly Privacy and Consumer Protection Committee is gearing up for it first policy committee hearing next Tuesday, April 5th. The event welcomes the new committee Chair, Assemblymember Ed Chau (D-Monterey Park). There are 12 bills on the list to be heard, but two in particular that CMTA will be monitoring closely.

AB 1841, by Assemblymember Jackie Irwin (D-Camarillo), requires the Governor’s Office of Emergency Services (OES) to develop a statewide emergency services response plan for cybersecurity threats on critical infrastructure systems and require OES to set standards for state agencies and private entities to prepare to mitigate or resist those threats. The bill also requires state agencies, and authorizes private entities, to report its strategy to comply with those standards upon which OES would make suggestions for purposes of protecting public and private critical infrastructure operations. It is important to recognize the sensitive nature of the information disclosed to OES, and also to understand how the bill attempts to protect critical infrastructure information from public disclosure or use in private litigation. Concerns have been raised with regards to private entities being included in the bill and how their information will be protected if provided and turned over to OES during a cyber based attack.

Another bill being monitored is AB 2688, by Assemblymember Richard Gordon (D-Los Altos). The bill pertains to the collection of medical health data by personal health monitoring devices and the distribution to unauthorized outside entities that can reveal health information that consumers do not want shared. The bill also extends the sharing of information from third party entities to operators of commercial health monitoring programs. The confidentiality of an individual’s health information is private and protected by federal legislation known as the Health Information Portability and Accountability Act (HIPAA) and state law in California, the Confidentiality of Medical Information Act (CMIA). However, authorization is not required where the third party solely provides services to the operators of a commercial health monitoring programs. Due to the fact that CMIA does not allow the sharing of an individual’s personal health information, unless there is voluntary disclosure by the individual, there becomes an issue of confidentiality and liability. If an individual becomes aware or is notified that their information has been provided by a third party to an operator of a commercial health program, based on where the bill is drafted in the current code section, this puts third parties on the hook for providing information without an individual’s primary authorization. For businesses this can create serious legal ramifications.

As outlined above, both bills will need to be followed closely in order to maintain the proper amount of discretion for private businesses and an individual’s personal information. Both bills have potential for future litigation.

Read more Regulatory / Legal articles

Capitol updates archive 989898989