Cape Town - Fears about privacy and cybersecurity have been expressed following the announcement that the government was setting up a database to track anyone who might be carrying the coronavirus or who has been in contact with a carrier.
Cellphone companies have agreed to give the government subscribers’ location data. The data will be used to determine the estimated number of people with whom an infected individual has been in contact.
The director and head of the data privacy practice group at Werksmans Attorneys, Ahmore Burger-Smidt, said: “Who will be, and remain, in control of the information and records? Also, once the Covid-19 crisis has dissipated, will the personal information be destroyed, aggregated or de-identified? There are certain fundamental principles that should be adhered to when processing personal information, even if processing of personal information is taking place amid the Covid-19 pandemic.”
Cybersecurity expert at T-Systems SA, Lukas van der Merwe, said: “Under the act, the regulations can only be limited to the extent of the disaster; beyond that period it would be illegal.”
The general manager of cybersecurity at Atvance Intellect, Jayson O’Reilly, said: “Gathering data for achieving well-meaning perspectives is always supported, as long it is to do just that. One of the global challenges is protecting highly sensitive data and the privacy rights of individuals. Covid-19 has given the hacker community a way into organisations’ and individuals’ systems through social engineering, phishing or the downloading of malware, leaving the very people the government was wanting to protect more vulnerable.”
Independent privacy specialist Russell Nel said: “Privacy is not an absolute right and needs to be balanced against other rights. “In light of the national disaster which has been declared around the Covid-19 pandemic, the government can absolutely make changes to legislation or approve new legislation to limit privacy rights. This would be done, and rightly so, for the purposes of health and safety in order to protect its citizens - the right to life being a higher order than the right to privacy. Most citizens could reasonably be expected to make this trade-off,” said Nel.
Meanwhile, the Information Regulator, established in terms of the Protection of Personal Information Act, on Friday issued a Guidance Note on the processing of personal information in the management of Covid-19.
The chairperson of the Information Regulator, Advocate Pansy Tlakula, said: “The purpose of the Guidance Note is to guide public and private bodies and their operators on the reasonable limitation of the right to privacy when they process personal information of data subjects for the purpose of managing the spread of Covid-19.”