Shoddy COVID-19 Contact Tracing Privacy and Data Protection

May 19, 2022 | David Honey MLA, State News

“The Auditor-General’s report into privacy protection surrounding WA’s COVID-19 contact tracing system has laid bare the McGowan Government’s shoddy neglect of Western Australians’ personal data,” said WA Liberal Leader and Shadow Minister for Science, Innovation & ICT, Dr David Honey MLA.

The WA Auditor-General’s report has revealed what everyone already knew to be true, that the Government’s COVID-19 contract tracing system, overseen originally by sacked former Health Minister, Roger Cook and then by his replacement Amber-Jade Sanderson, has not provided the expected robust protection of personal data collected by the Government.

Alarmingly, this audit investigation found a non-clinical external vendor was granted ongoing access to case interviews and other personal and identifiable medical information.

“It is absolutely unacceptable and completely wrong for an external vendor to be provided with such sensitive and private information,” said Dr Honey.

“This really shakes the faith that many have in the State Government. How many people would have stopped using the contract tracing system had they been fully informed about the privacy concerns raised by the Auditor-General? It could have endangered more lives.

“The Labor Government had an obligation to ensure there were proper privacy controls to protect private and medical data before mandating their contact tracing system.”

Health officials had already warned the Government about privacy concerns regarding the SafeWA App and this audit investigation has now revealed that privileged administrator access rights were not revoked more than 12 months after the end of a vendor’s contract.

“Even worse, logs were not kept of user ‘view’ access nor was there proper monitoring – meaning it is not known if there was any unauthorised sharing or other misuse of the private and personal medical information by the many that had access to it.

“Also, normal vendor staff screening, cloud access security checks, cybersecurity incident reports and other standard requirements were not implemented nor even set out in the vendor contracting arrangements.

“This whole debacle has shown the shocking hypocrisy of this Labor Government. While the Premier and his Health Minister almost daily stood and told Western Australians to “do the right thing” and use the contact tracing system, they were not doing “the right thing” themselves and instead put people’s personal data at risk,” said Dr Honey.

Please find the Auditor-General’s report here: