Possible security controls that would prevent the loss or breach of user data, while still enabling effective tracking

Home, - Possible security controls that would prevent the loss

Question - You are to recommend that DoH adopt:

a. Possible security controls that would prevent the loss or breach of user data, while still enabling effective tracking for COVID-19, and the reasons these controls will be effective.

Answer - Possible security controls for COVIDsafe

The department of health can adopt and follow some of the security measures as discussed below and thus it will provide the effective security to the user data of the COVIDsafe application (Plachkinova, 2015).

Accessing limitations

As per the privacy amendment act, some of the ways to disclose, use and collect the COVIDsafe app data has been described below (Tajbakhsh, 2018):

  • The person employed by the state/ Territory health authority and the disclosure or usage of the data only to the required purpose.
  • It should be used by the officers, employees and service provider of the health department for enabling the tracing activity.
  • In order to transfer the data between the telecommunication devices to COVIDsafe data store.
  • In order to prosecute the person for conducting contravention of Privacy amendment act.

Usage of authorized API

The API which is not unauthorized and loosely coded can grant the access for the hackers and privileges given will be misused in inappropriate manner. And also usage of those unauthorised API can make the loophole for the attackers. Thus it is recommended to use the authorised API for maximizing the security level (Iglezakis, 2018).

High level authentication

The major security breaches evolve due to weaker authentication and thus it is required to employ the multi factor authentication. In the multi factor authentication, static password and dynamic OTP will be used for carry out the authentication process and thus the COVIDsafe app can be accessed only by the authorised users and health department officers.

Encryption of the data

The data that are shared between the users and health department officers must be in encrypted form and data that are stored in the PC in the health department offices must be protected with stronger encryption mechanisms (Haber, 2019).

b. Possible privacy controls to protect user privacy, particularly of data, location and activity, while still enabling effective tracking of COVID-19, and the reasons these controls will be effective.

Answer - Possible privacy controls for COVIDsafe

Some of the GDPR principles have been given to minimise the privacy risks that may affect the data integrity and confidentiality of the user data and they are:

Data minimisation

The minimum amount of the data should be used during the specific requirements by the app developers. They should not store the data in the exact location point whenever the generic location point is needed for performing their functionalities (Watts, 2020).

Storage limitation

The personal data should not be reserved longer than the necessary and the developers must provide the right to be forgotten for the data subjects. The data must be reserve only for the certain duration of time for the non-users. The storage issues evolve due to the accessing limitations of the users (Balebako, 2014).

Privacy by design

During the application development, the privacy principles needs to be concentrated and should incorporate some standard technologies and frameworks to protect the data privacy. The end to end security must be attained with the developed application so that the privacy concerns associated with the COVID safe application can be completely reduced.

Data collection knowledge

The user must have through knowledge about how the data has been collected and used and also with whom it is sharing should be known to them. It will resolve the security and privacy concerns associated with this application (Golbeck, 2015).

Limiting the data usage

The health department staff members should process and use the data of the patients with certain limitations and thus it can prevent the over usage of the data. The data loss may occur if the data is not disclosed in secured manner.

c. Possible controls to ensure that the CovidSafe data remains under Australian data sovereignty and control, and the reasons these controls will be effective.

Answer - Possible controls to control data sovereignty issues

The following solutions are recommended to reduce the sovereignty issues and they are:

Security standards

The employment of possible security standards can prevent the data loss due to the high transparency intimated by the data sovereignty (Kibaroglu, 2020). Thus compromising some of the effective security standards can provide the significant security to both the data as well as applications.

Data loss prevention monitoring

The data loss prevention software can be deployed that have the full control on the data flow and also monitors the data flow in order to detect the data breaches.

Data aware services

Whenever the services are developed, it is necessary to integrate some of the software components in order to have the proper filtering and authorisation capability. The identity management system can be employed for detecting the user activity and thus the identity can be kept in the secured environment.

Data segmentation

The countries or organisation may require the different data segmentation control that necessitates the data should have some defined location.

Compliance monitoring plan

Whenever the data leaves the certain region then it is necessary to monitor the data and should ensure that the compliancy policy has been followed for the data located in that region (George, 2016).

Leave a comment


Related :-