Legislation passed to protect COVIDSafe app data
New legislation has been passed to protect the privacy of the 5.68 million Australians that have so far downloaded the COVIDSafe contact tracing app.
The Privacy Amendment (Public Health Contact Information) Act 2020 prescribes weighty civil and criminal penalties for misuse, including a maximum gaol term of five years and fines of up to $63,000 per offence.
Under the legislation, data can only be accessed after a user who has tested positive to the virus consents to their encrypted data being uploaded. After that, data can only be used by authorised state and territory health officials, and only for contact tracing purposes.
Attorney-General Christian Porter said the legislation should give citizens full confidence in using the technology.
“This legislation clearly defines the very limited circumstances in which COVIDSafe data can be collected, used or disclosed […],” he said.
“It is also a criminal offence under the legislation for anyone to coerce a person to use the app, to store or transfer COVIDSafe data to a country outside Australia, and to decrypt app data.”
The legislation is a welcome move by officials who say that more than 40% of the national population will need to download the app for it to be effective. Until now, many citizens have hesitated given concerns over data privacy.
“The COVIDSafe app will […] enable public health officials to quickly notify individuals who have been in contact with a person who has tested positive [and] give the government the confidence it needs to continue easing restrictions, and reopen our economy,” said Minister for Health Greg Hunt.
The operation of the legislation will be subject to independent oversight by the Office of the Australian Information Commissioner (OAIC).
Complementing these efforts, the OAIC has also recently released new guidance to help government agencies meet their privacy obligations during COVID-19, under the Privacy Act 1988.
This includes answers to frequently asked questions and a step-by-step tool that walks agencies through the Privacy Impact Assessment Process.
Commvault arranges to buy Appranix
Cyber resilience provider Commvault plans to leverage its acquisition of Appranix to help...
Fujitsu establishes security consulting division
Fujitsu's new digital security consulting division will help organisations prepare for and...
Unstoppable Domains joins GlobalBlock initiative
Web3 domain name service provider Unstoppable Domains has joined the GlobalBlock initiative to...
