Vaccination passports may facilitate a return to normalcy, but there are also concerns about what kind of personal data they collect and how well they protect it. According to Tony Anscombe, head of public safety information at global cybersecurity company ESET, here's what we need to know.
Throughout the COVID-19 pandemic, technology has been at the forefront, but not without presenting some issues and challenges.
Applications, for example, used to prove vaccinated or to validate medical examinations, are among the latest in a long list of technologies that have been the focus of interest and are raising concerns about the protection of privacy. life and safety.
And while many authorities have avoided applying vaccination requirements to return to normalcy - such as eating out at a restaurant or attending a concert or show - as this could be seen as a human rights violation, the Delta variant forces to review.
As countries, states, and cities slowly return to everyday life and allow mass gatherings and events indoors, they often require proof of either vaccination or a negative COVID-19 (or both) diagnostic test.
The need for vaccination passports is growing and has two distinct elements: the first is the right to privacy and the second is how technology can be utilized to ensure the desired functionality.
Whatever the solution offered by the government, the state or the healthcare provider, it should by definition offer security and protection of our privacy, while at the same time this solution should include so much data that you can be sure that you are the one who did it. the vaccine or test.
According to Tony Anscombe, ESET Chief Security Evangelist, some of the features he suggests to consider when using the Digital Vaccine Passport Application are:
1. To create a Covid passport you only need some basic data: name, date of birth and date of vaccination. This information is sufficient to confirm that the vaccination was given and, if necessary, to cross-check the identification of the holder with another document such as a driver's license.
2. Communication and all stored data must be encrypted.
3. The privacy policy should state the purpose of the application and that no personal information is disclosed to third parties.
4. No attempt to locate or collect unnecessary data other than the data used by the device to improve the user experience is considered acceptable.
5. Apps should only be installed from official sources, such as the Apple App Store or the Google Play Store.
6. In countries that have adopted the General Data Protection Regulation (GDPR) or similar privacy legislation, such as the CCPA, applications should be bound by the relevant privacy regulation to ensure that the subject data, the individual has the necessary privacy and security.