Proposed COVID-19 Relief Bills Include Privacy, Security Funding
The COVID-19 relief package proposed by Senate Republicans would allocate $53 million to DHS CISA to protect research data, while Senate Democrats are urging for the inclusion of privacy protections.
By - The Senate Committee on Appropriations unveiled COVID-19 relief legislation this week, which would allocate $53 million in funds to the Department of Homeland Security Cybersecurity and Infrastructure Security Agency to protect coronavirus research data and related data.
Meanwhile, a group of Senate Democrats sent a letter to the committee as they work on the stimulus package, urging them to include basic, commonsense privacy protections for COVID-19 health data in the upcoming bill. Those privacy provisions were included in a Democratic proposal in May.
The additional emergency appropriations' legislation for the coronavirus health response and agency operations was proposed by Senate Appropriations Committee Chairman Richard Shelby, R-Alabama and would include a total of $306 billion in overall funds with carve-outs for DHS CISA.
The proposal comes in response to multiple CISA alerts regarding nation-state hackers from China and Russia, who have been targeting US healthcare, pharmaceutical, and academic research sectors to gain access to COVID-19 research, including coronavirus vaccine development.
The Department of Justice recently indicted two cybercriminals for working with the Chinese government to target and steal data from hundreds of US companies and the government. The hackers have been accused of stealing more than a terabyte of data through a prolific, sophisticated campaign.
READ MORE: Majority of COVID-19 Contact Tracing Apps Lack Adequate Security
The $53 million in funding would support CISA in remediating the targeted vulnerabilities and enhancing the overall security of the Federal network, in direct response to those attacks.
The proposed bill would also allocate $307.3 million to the Department of Energy Office of Science to further fund COVID-19-related research and development activities, as well as related cybersecurity and information technology needs.
On the other side of the aisle, a group of 13 Senators, including Kamala Harris, D-California, Elizabeth Warren, D-Massachusetts, and Mark Warner, D-Virginia, who founded the Senate Cybersecurity Caucus, sent a letter to Senate and Congressional leaders, in an effort to include needed privacy protections for COVID-19 health data in the proposed stimulus package.
Referencing a survey that found the majority of Americans are fearful of government efforts to collect coronavirus data, the Senators stressed that public trust will be essential to ensuring individuals will participate in efforts to contain the spread of the virus.
As those privacy concerns will hinder the adoption of COVID-19 screening and tracing efforts, Congressional leaders must be transparent and ensure privacy is at the forefront of any proposed bill.
READ MORE: AGS Urge Apple, Google to Ensure Privacy of COVID-19 Contact Tracing
“Health data is among the most sensitive data imaginable and even before this public health emergency, there has been increasing bipartisan concern with gaps in our nation’s health privacy laws,” the Senators wrote.
“While a comprehensive update of health privacy protections is unrealistic at this time, targeted reforms to protect health data – particularly with clear evidence that a lack of privacy protections has inhibited public participation in screening activities – is both appropriate and necessary,” they added.
Current laws do not prohibit or prevent employers, service providers, or other related entities from introducing COVID-19 screening tools, the Senators explained. There are guidelines around the need to keep the collected data secure, while stipulating companies not use collected COVID-19 data for other purposes.
But as noted in recent years, a host of companies like Facebook and many health apps often collect data without transparency into the practice. As a result, many consumers are wary of sharing data with third-party apps.
Those privacy provisions were included in proposed Public Health Emergency Act in May, which the Senators explained should be included in any forthcoming COVID-19 stimulus package.
READ MORE: Sens. Propose Bill to Regulate Privacy of COVID-19 Contact Tracing Apps
“The legislation would allow for the collection, use, and sharing of data for public health research purposes and makes clear that it does not restrict use of health information for public health or other scientific research associated with a public health emergency,” the Senators explained.
“Our urgent and forceful response to COVID-19 can coexist with protecting and even bolstering our health privacy,” they added. “If not appropriately addressed, these issues could lead to a breakdown in public trust that could ultimately thwart successful public health surveillance initiatives.”
Throughout the pandemic as tech giants worked to create a COVID-19 contact tracing app, industry stakeholders warned about the need for privacy protections on COVID-19 data to assuage consumer fears and encourage participation.
In lieu of a Federal privacy framework, the Senators are urging Congressional leaders to address issues raised by privacy and public health communities, while “providing Americans with assurance that their sensitive health data will not be misused” and perhaps fuel greater participation in these contact tracing efforts."
