COVID contact tracing practices risk contravening South Africa's data protection Act, POPIA. Current 'pen and paper' practices potentially expose consumers' data, which is strongly prohibited by the act's provisions.
Businesses will have to change how they conduct contact tracing or risk being on the wrong side of the law.
The highly infectious nature of COVID has led to the necessity of contact tracing. That is to identify, assess, and manage people exposed to a disease to prevent onward transmission.
Ariel Flax, a spokesperson of ATG Digital, says, "Under normal circumstances collecting and potential sharing of personal information, as done in routine contact tracing, would be prohibited by POPIA. There is a myriad of regulations governing how this information is captured, stored and shared." ATG Digital has created a digital solution for businesses that ensures that they collect data for COVID contact tracing in a POPIA compliant way.
Adding to the complexity of compliance is how contact tracing is done, which is primarily through the use of pen and paper. The greatest danger for a data breach is physical records. According to Flax, "Typically, these logs are left out in the open, where anyone can see the personal information or particular classes of information that the POPI Act seeks to protect.
By using ATG Digital devices, the information is scanned, encrypted and instantly uploaded to a cloud-based platform. Beyond not being visible to third parties, data is never stored on the device, which means that the data is secure if the device is lost, stolen or tampered with.
Contact tracing affects the fundamental right to privacy enshrined by the constitution. At the core, this is the right to keep individuals' private lives out of the public domain.
With lives at stake due to COVID, there is the necessity to balance out the right to privacy with the obligation to protect life.
Therefore, surveillance practices, such as contact tracing, have been rolled out to manage and contain the virus's devastating effect.
The regulations go further and place a duty on various industries, such as hospitality, accommodation, and telecommunication, to provide the state with the necessary information. Therefore, restaurants, retail stores, gyms, and other businesses need to collect their customers' data. Still, these businesses face significant risk with old fashioned, paper-based practices. There will be a massive shift away from paper-based contact tracing once POPIA comes into play.
Written by ATG Digital