Track & Trace App Data Breach 2020
The Covid’19 tracing app has been introduced to log social interactions based on user’s assessments, of their current infection risk status; which they would upload onto the app itself.
According to Tech Crunch the app already lacks robust legal safeguards against data misuse. There are concerns surrounding the apps data collation, with emphasis on the protections and guarantees of safety the app will envisage usage of, via the data the public will input.
Legal Futures states that the Covid’19 app used in the Netherlands, recently suffered a Data Breach in April 2020. The rushed action of the app creation resulted in approximately 200 names, email addresses and hashed user passwords to be exposed, due to the source code being published online.
Another breach has recently been exposed by the BBC where outsourcing firm Serco, apologised after accidentally sharing the email addresses of almost 300 contact tracers. Training staff to trace cases of Covid-19 for the UK government.
On 14th September 2020, the BBC highlighted that the details over over 18,000 people who tested positive for corona virus were published online by mistake; which was conducted by the Public Health Wales. The breach in question exposed details such as:
- Date of birth
- Geographical area
Although the data exposed is classed as reasonably low in terms of identification, there is still a chance that this could have been saved within the 20 hours of it being live, to analyse such data. The breach was considered to be a higher risk however still of a low rating, where those who live in communal settings had their supported house named in full, which would lead to a higher chance of identifying persons from the exposed list.
This is the second time a part of the Welsh NHS has had to refer itself to the ICO over a data breach during the pandemic. The rush to implement such app is causing lots of scrutiny with regards to data protection necessities the app should withhold and should discard of once no longer in use. GDPR/DPA regulations is a progressing area of the law, which is continuing to develop the same way in which technology does. The continued requirement to better technology, will always pose risks to data privacy along the way. Ensuring the safeguarding of such sensitive data is a key part of the legal industry to navigate past; to avoid misuse of personal data which could result in many law breaking avenues and mental strains.
If you have been a victim of a data breach or a breach of privacy, please do not hesitate to contact us to pursue a claim.