Greetings, fellow privacy professionals.
Hope you are safe and well.
It’s hard to escape all the COVID-19 privacy and security news, and I am sure you are probably fatigued from keeping up with all of it. The good news, however, is that the talk is turning into action.
Just last week, the European Data Protection Board adopted guidelines on the processing of health data for scientific purposes in the context of the pandemic. In addition to this, the EDPB also published common toolbox and data protection guidance on tracing apps to fight COVID-19. This is timely as many countries are starting to adopt contact tracing applications. In Australia, more than 2 million users downloaded the COVIDSafe app this week, but not without caution, as the voluntary opt-in application has been challenged in Parliament, and there is a call for state health bodies to ensure they comply with the local Privacy Act. The clear and present danger of rapid development of such applications and/or sharing of COVID-19-related data on social media will continue to challenge local privacy commissioners with more and more cases similar to the one in the Philippines.
I was asked by CNN to comment on China’s COVID-19 fight, as there are mixed views on the effectiveness of using contact tracing apps. In China, the impact that digital QR codes has on citizens is widespread and embedded in their daily lives with the codes acting as a digital passport containing one's health status. I shared a rhetorical point that has not been discussed much yet regarding the mass collection of data — when do we determine the end date for the pandemic? In the information systems world, we would have clear data retention and storage policies and procedures, but it could be argued that citizen tracking data needs to be retained beyond the “end” of the pandemic, as a preventative measure to help stop/contain future such events. Having said that, governments and organizations need to start to think about data retention, storage and deletion of health-related data.
In other news, Hong Kong Privacy Commissioner for Personal Data Stephen Kai-yi Wong launched the “Privacy in Sunlight” initiative to “raise public awareness of protecting and respecting privacy, and engage public and private organizations to embrace privacy protection as part of their corporate governance responsibilities.” The commissioner’s office has also revamped their social media presence, and I encourage you to follow them to keep up with the privacy updates and activities in Hong Kong.
I am also pleased to announce the IAPP Westin Scholar Book Award was granted to one of my Master of Science in Finance (Cybersecurity and Privacy) students. The IAPP sponsored the award for the top student for their individual assignment that was focused on security and privacy awareness of a particular regional regulation. I will share more about this in my next blog post. The HKBU School of Business will be hosting again for the class of 2020–21, along with some new IAPP certification initiatives that are in the works. Very exciting!
Stay at home, and take care of yourselves and your family!
Keep safe; keep secure.
If you want to comment on this post, you need to login.