Whether it’s a smartphone app that tracks our movements or the sharing of health records between care providers, ensuring personal privacy is maintained has never been more challenging. The decisions being made now will have widespread ramifications for years.
Privacy by default
As they grapple with this issue, one of the most important steps authorities can take is to adopt a policy of ensuring privacy by default. Rather than requiring people to proactively work to keep themselves and their data private, effective measures and controls need to be in place from the outset.
Once this is done, consumers should then be given the opportunity to maintain control of the settings. Should an individual deem it appropriate that their data be shared with another party, they will be able to grant informed consent.
Having a clear privacy-by-default policy is the best-practice strategy to have in an increasingly digital world. It ensures any information being collected by employers, businesses and public-sector organisations is necessary and being protected in an effective way.
The strategy is particularly important at the moment when so much of daily life is in flux. Citizens need to be able to feel reassured that their personal health data does not fall victim to COVID-19 policy changes.
Cross-border information flows
Another virus-related privacy issue stems from the need to share data across both national and international borders. Medical authorities may need to compare testing results from different regions in Australia while foreign governments may demand access to personal health records before allowing travel.
In all cases, effective protection of the data and its holder’s identity is paramount. Medical records are among a person’s most intimate items and therefore they must remain secure at all times. While existing privacy laws permit information to be shared in a crisis for public health purposes, such sharing should only occur when it is clearly necessary. We need policies in place to ensure this.
The rise of the virus scam
Another privacy-related issue has to do with online scams. While scams are nothing new, cybercriminals are using COVID-19 as a means of tricking people into revealing their personal details.
A scam could arrive in the form of an email that appears to be from a trusted organisation or individual. It might request confirmation of log-in details or direct the recipient to a website from which malicious code is downloaded.
This threat has been exacerbated by the rapid rise in people working remotely and from home. Often, they may not have in place the same level of protection they do when in the office and so could be more open to attack.
In Australia, privacy advocate IDCare has been working hard to support people who have suffered a loss of personal data as a result of criminal activity. Worryingly, demand for the organisation’s services has increased by 26% during the past month as people report virus-related scams.
As well as emails, there are fake websites offering apparent viral remedies and protections for sale. Rather than delivering on promises, many have been set up to obtain personal details for criminal purposes.
Organisations must take the time to ensure their employees are aware of such scams and understand the best-practice steps that can be taken to reduce the likelihood of falling victim.
The potential for reputational damage
Finally, both individuals and organisations need to be mindful of the potential for reputational damage that can arise from the misuse of personal health data. For individuals, the result could be the curtailing of freedoms or the loss of employment opportunities.
For organisations, incidents of mismanagement of personal data could lead to a loss of customer confidence and a hit to the bottom line. Having effective measures in place from the outset that ensure personal data is protected at all times is therefore paramount.
As the world comes to terms with what life looks like after the pandemic, the need for personal privacy has never been stronger. We need to take steps now to ensure it remains available for everyone.