OAIC issues first 6-month COVIDSafe privacy report

Australian Information Commissioner and Privacy Commissioner Angelene Falk today released the first six-month report on the privacy protections in the COVIDSafe app.

Commissioner Falk said the report highlights the proactive work by the Office of the Australian Information Commissioner (OAIC) to ensure the system’s strict privacy measures are upheld.

“My office has worked to increase awareness and understanding of privacy protections and obligations related to COVIDSafe by developing guidance and providing advice to government, regulated entities and the community,” Commissioner Falk said

“We have also established a robust assessment program to audit the handling of personal information in the COVIDSafe system for compliance with the strict privacy protections the Australian Government put in place.”

The OAIC’s COVIDSafe Assessment Program follows the ‘information lifecycle’ of personal information collected by COVIDSafe.

During the reporting period (16 May to 15 November 2020), the OAIC commenced four assessments:

  • Assessment 1 – Access controls applied to the National COVIDSafe Data Store by the data store administrator, the Digital Transformation Agency
  • Assessment 2 – Access controls applied to the use of COVID app data by state and territory health authorities
  • Assessment 3 – Functionality of COVIDSafe against specified privacy protections set out under the COVIDSafe privacy policy and collection notices and against the requirements of the Privacy Act 1988
  • Assessment 4 – Compliance of the data store administrator with data handling, retention and deletion requirements under the Privacy Act 1988.

The OAIC received 11 enquiries about COVIDSafe during the reporting period. Seven enquiries raised general issues or concerns, and four related to a request to download or use the app.

Commissioner Falk said oversight of the operation of the privacy aspects of COVIDSafe is a key priority for the OAIC.

“The privacy protections that accompany COVIDSafe are important outcomes for privacy in Australia,” Ms Falk said.

“My office will continue to work to ensure that the protections are being applied so that Australians can be confident in the protection of their personal information within the COVIDSafe system.”

The COVIDSafe Report May-November 2020 can be found at oaic.gov.au/covidsafe-report-may-nov-2020

About the report

On 16 May 2020, the OAIC was granted additional functions and powers in relation to COVIDSafe under Part VIIIA of the Privacy Act 1988.

The Australian Information Commissioner and Privacy Commissioner must report on the performance of her functions and the exercise of her powers under or in relation to Part VIIIA every six months.

/Public Release. This material comes from the originating organization and may be of a point-in-time nature, edited for clarity, style and length. View in full here.