The Associated Press has done some digging into a question that we addressed here previously regarding the mountains of data that state and municipal governments are collecting on people based on their COVID-19 status and their various contacts if they are infected. Where is all of this data being stored and how and when is it being shared? It would be logical to assume that the various hospitals, doctors’ offices and university medical centers might need it to help monitor the spread of the novel coronavirus and determine it’s lethality. But those aren’t the only agencies who are requesting and receiving it. It turns out that law enforcement agencies around much of the country have taken an interest and are receiving these reams of data as well.

Public health officials in at least two-thirds of U.S. states are sharing the addresses of people who have the coronavirus with first responders. Supporters say the measure is designed to protect those on the front line, but it’s sparked concerns of profiling in minority communities already mistrustful of law enforcement.

An Associated Press review of those states found that at least 10 states also share the names of everyone who tests positive.

Sharing the information does not violate medical privacy laws, under guidance issued by the U.S. Department of Health and Human Services. Law enforcement officials say the information helps them take extra precautions to avoid contracting and spreading the coronavirus.

Saying that the information is being provided to “first responders” seems a bit misleading. That could easily refer to ambulance drivers and paramedics. I don’t think anyone would have a problem with them being alerted if a victim they were rushing to rescue was infected so they could be sure to take extra precautions to protect themselves. But when various law enforcement agencies are getting the information, the situation shifts a bit.

To be clear, if the people needing the information are cops who are out on the streets responding to calls, the same idea would apply. Arresting a suspect who has contracted COVID-19 would require more precautions to keep the police safe. But the information seems to be going further up the chain than that. The addresses of patients are provided to state and municipal law enforcement agencies in 35 states. In ten of those states, the names are also provided.

While some of the usual civil rights groups are warning of this data being used in racial profiling, that’s really not my chief concern. The bigger issue is how far and wide these growing databases are being shared on the fly. When I wrote about this last week, I noted how incredibly useful a mountain of data like that could be to any number of groups and individuals. Hackers and stalkers could have a field day with such a treasure trove. And in the corporate world, advertisers would no doubt pay a pretty penny for a list of that many Americans and who they came in contact with and how often. And as we’ve already learned, if there’s a market for a massive collection of data, somebody generally finds a way to sell it.

Getting back to the racial profiling issue, there is a unique concern in the case of this particular data that we should keep an eye on. It doesn’t matter if the police actually are tracking people based on their medical data and applying their findings in a racially imbalanced way. All that’s needed in minority communities is the perception that they might be. That could lead to people refusing to go get tested when they might otherwise have done so.

In any event, as I’ve said here before, we’re rushing into this brave new world of data compilation at lightning speed when we probably needed a lot more oversight and planning. The government is rather poor at data security on the best of days as has been repeatedly demonstrated. And building this system on the fly in a few weeks time just makes it sound like it’s ripe for the picking.