Odia Kagan of Fox Rothschild writes:
Two bills dealing with processing COVID-19 data in California were referred to the Senate Appropriations Committee.
Assembly Bill 660 prohibits data collected, received or prepared for purposes of contact tracing from being used or disclosed for any purpose other than facilitating contact tracing efforts. It also requires the data collected to be deleted within 60 days, unless that data is in the possession of a state or local health department.
Assembly Bill 1782 regulates public health entities and businesses that provide technology-assisted contact tracing. It requires data collected and maintained in the course of fulfilling the duties of a TACT contract to be encrypted to the extent practicable. It also requires a business or public health entity offering technology-assisted contact tracing to provide a simple mechanism for a user to revoke consent for the collection, use, maintenance or disclosure of data and requires consent given to be revocable at any time.