WA COVID tracing system puts personal data at risk

Western Australia's COVID-19 contact tracing system is plagued with significant privacy and security concerns, putting at risk highly sensitive personal and medical information collected from more than half a million people.

An auditor-general report tabled in parliament last week examined the way the Health Department handled data collected from COVID-positive people and their close and casual contacts.The multitude of issues included the absence of data encryption to protect personal information, inadequate logging of access to sensitive data, a lack of restrictions to stop malicious files being uploaded, and failure to adequately inform the public about information collected.

The department's cloud-based COVID-19 information gathering system, known as Public Health COVID Unified System, or PHOCUS, helps it harvest information for contact tracing.As well as SafeWA check-ins, the data has been collected from SmartRiders, CCTV footage, taxi and ride share services and business records. Personal medical information collected included pathology results, existing medical conditions and medications from people testing positive to COVID-19.

Auditor-general Caroline Spencer said controls within the department need to be strengthened to protect the confidentiality of personal information. She said Western Australia does not have comprehensive privacy laws, and it is therefore especially important that the Health Department adequately protect the data it collects.

It should be noted that this latest problem with privacy in WA and their Covid safe processes, is just the latest.  It was WA police that first were exposed for seeking access and gaining access to Covid Safe and checkin data ages ago, and what has been done about? Not much.

-CyberBeat