CFA submitted a memorandum of support for a New York state law that would create sorely needed protections for sensitive health-related data that is currently unprotected. Last year, a similar bill passed but was unsigned by Governor Hochul.
As the letter explains, “The bill restricts the sale of New Yorkers’ electronic health data, including to out-of-state buyers, and requires affirmative consent for processing unless strictly necessary for specific purposes. It mandates that electronic health data be deleted after sixty days unless the individual requests otherwise and provides individuals with access and deletion rights.
Data that isn’t held or collected cannot be stolen, bought, or leaked. This data can lead to life and death consequences — restrictions on the collection and maintenance of the data is the right way to regulate extremely sensitive data.
The status quo allows location, transaction data, health app data, and more to be bought by anyone – advertisers, scammers, law enforcement from states with restrictive reproductive health laws, and more. Regardless of the political circumstances, health and other sensitive data must be regulated – but it’s clear New Yorkers need this now”