California Attorney General Rob Bonta has issued statement about protecting health data in mobile apps in view of the upcoming SCOTUS decision in Dobbs. In the process, he also signaled continued enforcement.

“Apps collecting medical information, particularly reproductive health information, need to comply with our state laws and protect such information from risks like improper disclosure or a data breach,” he said. “Sensitive health data must remain secure and never be used against individuals seeking critical healthcare and exercising their right to abortion.”

Apps should:

  • Develop and maintain an information security program designed to protect the security, integrity, availability and confidentiality of reproductive health information against unauthorized access and disclosure. Not doing so may be a violation of Unfair Competition Law.
  • Protect the information it stores by using strong authentication protocols, and, at a minimum, require two-factor authentication
  • Obtain affirmative consent from users prior to sharing or disclosing personal, medical, reproductive or otherwise sensitive information, and allow users to revoke previously granted consent; (eg under CMIA)
  • Provide internal employee training on online threats and privacy issues related to reproductive rights.
  • Comply with the disclosure and consumer rights provisions (eg under CCPA and CPRA)