Threats, Harassment, and Contact Tracing: Why Privacy Programs are Expanding to Protect Health Care WorkersBack in March we wrote about Address Confidentiality Programs (ACPs) as the “high stakes compliance risk you probably haven’t heard of.” These state-sponsored programs were traditionally designed to protect victims of crimes such as domestic abuse, sexual assault, stalking, or human trafficking from perpetrators who seek to find and harm their victims. Since that first post a lot has changed, namely COVID-19, the nation’s divisive stance on masks, and attitudes toward public health officials.

Nationwide, at least 61 state or local health leaders in 27 states have resigned, retired, or been fired since April 2020, according to U.S. News. The same report noted that 13 of those departures were in California, including 11 county health officials and California’s top two public health officials. A contributing factor to this exodus of leaders is that health officials are facing an increasing amount of harassment, and even threats of violence, for their work on issues such as contact tracing and COVID-19 containment strategies.

It is in the midst of this volatile healthcare environment that, on Wednesday, September 23, 2020, California expanded its ACP to include not just victims of domestic abuse, but also local health officers and other public health officials. This new expansion of the law allows these frontline workers to hide their addresses from the public in order to protect them from possible threats or violence.

Gov. Gavin Newsom’s Executive Order noted that “local health officers and other public health officials protecting public health during the COVID-19 pandemic have been subject to threats and other harassment including threats and harassment target at their places of residence, which threatens to chill the performance of their critical duties.” The Executive Order directs California Secretary of State Alex Padialla to establish a procedure to allow public health officials to participate in the California Safe at Home Confidential Address Program.

This shift is a significant milestone in expanding privacy rights of vulnerable populations, particularly when that vulnerability is a product of evolving public sentiment toward a particular group of people. ACPs shield home, work, and school addresses from public record searches and FOIA. Nationwide, about 41 states have some form of ACP. Most states restrict disclosure from public records, but seven states actually prohibit private companies from disclosing location information as well.

ACPs operate by providing alternate addresses for participants to use in place of their actual address. These designated addresses divert participants’ mail to a confidential third-party location (often a P.O. Box and/or a “lot number”), after which a state agency forwards the mail to the participant’s actual address.

As healthcare workers continue to battle on the front lines of the pandemic, it will be interesting to see if other states follow California’s lead. In the meantime, it is important to pay close attention to often-missed state privacy laws, such as ACPs. As the privacy landscape continues to evolve, these laws will continue to create a patchwork of regulations in the absence of sweeping federal privacy legislation. For now, California healthcare workers are now on the list of individuals whose privacy – and safety – often remain dependent on policy implementation at the state level.

Continue to look for further updates and alerts from Bradley on state privacy rights and obligations.

Print:
EmailTweetLikeLinkedIn
Photo of Rachel M. LaBruyere Rachel M. LaBruyere

Rachel LaBruyere is a privacy and litigation associate in Bradley’s Charlotte office. She regularly advises clients on CCPA and GDPR compliance issues. Before joining Bradley, Rachel served as a Legal Intern in the United States Attorneys’ Office and an Appellate Litigation Intern in…

Rachel LaBruyere is a privacy and litigation associate in Bradley’s Charlotte office. She regularly advises clients on CCPA and GDPR compliance issues. Before joining Bradley, Rachel served as a Legal Intern in the United States Attorneys’ Office and an Appellate Litigation Intern in the Office of the General Counsel at the Equal Employment Opportunity Commission. Prior to law school, Rachel spent more than five years managing digital strategy for technology companies.

While in law school, Rachel gained a breadth of litigation experience working for the ACLU of North Carolina, the U.S. Attorney for the Eastern District of North Carolina, and the Equal Employment Opportunity Commission’s trial and appellate practices. View articles by Rachel.

Photo of Erin Jane Illman Erin Jane Illman

Recognized as a Board Certified Specialist in Privacy and Data Security Law by the State of North Carolina, Erin Illman is an experienced thought leader in privacy, security, and the integration of technology into business practices. Erin is co-chair of Bradley’s Cybersecurity and…

Recognized as a Board Certified Specialist in Privacy and Data Security Law by the State of North Carolina, Erin Illman is an experienced thought leader in privacy, security, and the integration of technology into business practices. Erin is co-chair of Bradley’s Cybersecurity and Privacy Practice Group and leads the Firm’s Fintech team. After practicing in Silicon Valley and the San Francisco Bay Area for over a decade, Erin uses her deep experience with California state regulations to help clients navigate privacy and security concerns, consumer protection laws, as well other challenging legal matters that arise in the privacy space. She regularly advises clients on CCPA, GLBA, GDPR, HIPAA, COPPA, CAN-SPAM, FCRA, security breach notification laws, and other U.S. state and federal privacy and data security requirements, and global data protection laws.

Photo of Leah M. Campbell Leah M. Campbell

Leah Campbell has significant experience representing clients in both federal and state courts, as well as before state regulators. Prior to joining Bradley, Leah served as senior counsel in the Cyber/Intellectual Property/Information Technology group for Deutsche Bank AG in New York. In that…

Leah Campbell has significant experience representing clients in both federal and state courts, as well as before state regulators. Prior to joining Bradley, Leah served as senior counsel in the Cyber/Intellectual Property/Information Technology group for Deutsche Bank AG in New York. In that capacity, Leah was responsible for negotiating outsourcings, software license agreements, SaaS agreements, consulting services agreements, commercial leases and construction agreements.