Countries around the world are slowly releasing lockdowns and trying to bring a normalcy to everyday life. Businesses are embracing gradual reopening. Imagine this scenario, a family went to a restaurant for dinner following the new norms of social distancing, sanitation & limited contact. They had a good time after weeks of terrible lock down at home. They receive an alert from the restaurant stating that one of the customers who visited the restaurant on the same day tested positive. What would be your reaction to this? Having seen and heard many cases, your first reaction would be a series of thoughts that break you down. After a while you calm yourself and plan to self-quarantine and monitor each of your family’s health, most importantly the vulnerable people in your home i.e. elderly parents and young children.
Data Collection/Sharing: When the pandemic hit the shores of India, multiple measures were taken across the country to identify, trace and track citizens susceptible to COVID-19. Data was collected at airports and at testing centers. This data was made available on government health websites with minimal or no security measures, which meant everyone had access to personal information of millions of Indians. Spread sheets were widely available on the internet with lists of people asked to self-quarantine, including their home addresses and sometimes even geo-locations. Medical reports of many had been circulated on social media and on WhatsApp by random users and by people who had no relation to the person itself. There were few instances of people being harassed despite being in quarantine after returning from abroad. This created a great deal of stress..
Data Privacy is more than a bunch of legal requirements; it’s a fundamental human right.
More than 150 constitutions mention the right to privacy. Many of them are stringent laws to name a few – European GDPR, China’s Cyber Security Law and Russian Privacy law. Violating these laws lead to expensive legal consequences.
Contact tracing apps: Tech giants, governments & NGO’s around the world have come up with many contact tracing apps which identify, track the spread and notify all those who come in contact with carriers. Countries and states have come up with their own apps and are also using social media facial recognition. Furthermore a mobile phones location tracing capability is also addressing the challenge. Some of them are lighter and few of them are very heavy in terms of data collection. China is tracking not only via facial recognition and drones but also traces online payment. In other words if a payment is made at any mall or marketplace, police can easily track and take action if quarantine norms are broken. India launched Aarogya Setu app, while in Singapore an app called Trace was developed. . Israel approved use of tracking apps developed to combat terrorism to trace the virus.This intelligent services can track its citizens by geolocating their mobile phones, while at the same time it can also be used to trace people who live in the vicinity of positive patients at a particular time to establish potential infections. In the United States data is collected from mobile phones via Marketing ads.
Wellbeing Vs Privacy: The only motto for countries is to contain and overcome this pandemic and ensure wellbeing of its citizens. The governments of many countries have launched several apps but have not compelled the citizens to use them. On the other hand, how many citizens will download these apps confidently and use them to fulfill the purpose?
The biggest challenge we all foresee is the amount of data collected and accessed by people in the government and non govt agencies. When will the data be deleted and how will this data be used in the future, will this be erased in due time vs shared or sold or leaked to data brokers? In case this data is compromised, will this lead to privacy breaches with severe consequences. There have been many debates around the topic on social media and other platforms.
It is clear we we must fight this pandemic. But it needs to be done in a systematic manner paying heed to the real concerns of the privacy and security of individual people.. These are my recommendations:
Privacy and Security by Design Strategy:
Transparency & Lawfulness: Onboard technical, legal, government and health officials during the design phase. Involve those who will be using the apps Ex: Residents and health workers.
Purpose limitation: Data collected for Covid-19 should only be used for this purpose and for nothing else.
Data Storage: Store data locally within your boundaries. Make sure data shall not be kept longer than is necessary. ex: for non-risk users delete data after 30-45 days
Data minimization: Minimal data collection can be one of the fundamental principles for building these apps. The more data you collect the more difficult to maintain and protect it from compromises
Data Protection: Encrypt data and define access rules so that only specific people will be able to access it.
Perform Tests: Perform security tests by inviting third parties and try to break the app before releasing for effective use.
The only way forward is to ensure compliance and assure data privacy to citizens. Their health and wellbeing go hand in hand with protecting their privacy. Together we can defeat this pandemic with the use of technology and with the healthy partnership between the government and its citizens.
Saya University is on a global mission to ensure every employee in the world has access to the tools that will heighten cybersecurity knowledge. When a company is serious about protecting its organization against cyber-attacks, it will invest in cybersecurity learning for all its employees. With over 7 billion people on planet earth, we have a lot of work to do. Our multi-language e-Learning platform offers the world’s most cutting edge knowledge in cybersecurity, data privacy and compliance all in one place. Curating and producing relevant content, our learning platform will begin in Los Angeles and Tokyo, expanding into Asia Pacific (APAC), Latin America (LATAM) and Africa. Join the movement. Our 3rd Cybersecurity Awareness & Diversity Summit will take place in Japan in 2020. (The Tokyo Summit)