COVIDSafe data 'incidentally' collected by intelligence agencies in first six months

By on
COVIDSafe data 'incidentally' collected by intelligence agencies in first six months

But not decrypted, access or used, IGIS says.

One or more of Australia’s key intelligence and security agencies “incidentally” collected data relating to the COVIDSafe contact tracing app in its first six months of operation.

But there is no evidence to suggest that any of the data was decrypted, accessed or used, the Inspector-General of Intelligence and Security (IGIS) has found.

The finding is contained in IGIS’s first report to the Office of the Australian Information Commissioner on Covid app data [pdf], released on Monday.

The report, which looks at agencies like ASIO and ASD, said the collection occurred “in the course of lawful collection of other data”, which is permissible under the Privacy Act.

A spokesperson for the IGIS told iTnews that the “execution of warrants” was one such instance in which the incidental collection of Covid app data could occur.

“Collection is considered 'incidental' if it is not possible or not practicable to collect the data covered by the warrant without also inadvertently collecting COVIDSafe app data,” the spokesperson said.

The IGIS would not indicate which of the six agencies within its jurisdiction had "incidentally" collected the data.

The report also said that agencies are taking “active steps to minimise the risks that they may collect Covid app data”, as well as ensure data “is not access, used or disclosed” or decrypted.

It also found agencies were “taking steps to ensure any Covid app data is deleted as soon as practicable”.

Under the Privacy Act, agencies that incidentally collect COVIDSafe app data during a “lawful collection of information” are required to delete it “as soon as practicable”.

Stict penalities of up to five years jail are in place for the collection, use, disclosure or decryption of COVIDSafe data for any purpose other than contact tracing.

IGIS is now planning to independently verify that COVIDSafe app data has been “deleted as soon as practicable after an agency becomes aware that it has been collected” over the next six months.

“IGIS anticipates those inspections being completed prior to the next report to the Information Commissioner,” the spokesperson added.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
appasdasiocovidsafedatafederal governmentgovernmentigissecurity

Sponsored Whitepapers

Responding To Industry Trends And Our 5m+ Users
Responding To Industry Trends And Our 5m+ Users
The Future of Digital Identity in Government
The Future of Digital Identity in Government
Secure Public Services for Every Australian
Secure Public Services for Every Australian
7½ Questions for Aged Care's Digital Decisions
7½ Questions for Aged Care's Digital Decisions
Creating the Sustainable IT Department
Creating the Sustainable IT Department

Most Read Articles

Australia appoints first cyber security coordinator

Australia appoints first cyber security coordinator
Apple rushes out patches for exploited zero day bugs

Apple rushes out patches for exploited zero day bugs
Perpetual 'extended outage' caused by security incident at third-party

Perpetual 'extended outage' caused by security incident at third-party
Exploit emerges for Cisco VPN client vulnerability

Exploit emerges for Cisco VPN client vulnerability

Digital Nation

More than half of loyalty members concerned about their data
More than half of loyalty members concerned about their data
How eBay uses interaction analytics to improve CX
How eBay uses interaction analytics to improve CX
DeepAI founder on the risks of artificial intelligence
DeepAI founder on the risks of artificial intelligence
COVER STORY: The opportunities and risks of cybersecurity insurance in Australia
COVER STORY: The opportunities and risks of cybersecurity insurance in Australia
Health tech startup Kismet raises $4m in pre-seed funding
Health tech startup Kismet raises $4m in pre-seed funding

Log In

  |  Forgot your password?