According to a privacy notice shared by the Public Health England (PHE), a UK government agency, the NHS will keep the personally identifiable data of people infected with coronavirus for two decades.
As a part of the Test and Trace programme, records of individuals like name, address, date of birth, email ID and phone numbers, along with the symptoms of coronavirus patients, will be collected.
All information apart from the date of birth will be sourced from the individuals identified as contacts of COVID patients, and will be stored for five years.
- Adapting to remote working technology during the Covid-19 crisis
- How Covid-19 is shaping digital transformation
- Covid-19 wristbands trigger surveillance fears in India
While privacy campaigners are worried about the length of time the UK government will keep this data, PHE justified the decision.
The “longer-term impacts” of Covid-19 on public health remain unclear, the agency said, adding that its move to store information about such cases will “help control any future outbreaks or to provide any new treatments”.
In order to assuage concerns around the security and usage of this data, PHC emphasised that the information will be stored on its “secure cloud” that is accessible only to “those who have a specific and legitimate role in the response”.
However, the privacy notice also stated that this data will be kept “for this long as may [sic] be needed to help control the spread of coronavirus, both currently and possibly in the future”.
Information security experts have raised serious concerns over the move. According to the Guardian, one expert questioned the duration the data will be stored for, and also flagged the risk of inadequate control mechanisms to ensure appropriate usage of the data. Earlier, a committee on human rights had sought a right to delete the personally identifiable data gathered under this project.
- The best free privacy software and apps 2020
Via: The Guardian (opens in new tab)