South Africa’s Information Regulator weighs in on covid comms

There’s a justifiable fear that emergency provisions for using citizen data and geolocating smartphones to track coronavirus patients has dark implications for the future of civil liberties and privacy. University of Johannesburg’s Jane Duncan, as ever, outlines the issues and the implications of current policy in South Africa better than anyone over here.

It has been good to see the country’s oft-maligned Information Regulator issue guidance as to how data gathered during the crisis can be used – alt.advisory has the main points (which basically green light the stuff government wants to do). The full document is well worth a read, especially section 4.5 which deals with what happens to data after the crisis.

4.5 Retention and restriction of records

4.5.1.Responsible parties must not retain records of personal information of data subjects for longer than authorised to achieve the purpose of detecting, containing and preventing the spread of COVID-19 unless such information is required for historical, statistical or research purposes and provided that adequate safeguards are in place.

4.5.2.A responsible party must destroy or delete a record of personal information or de-identify it as soon as reasonably practicable after the responsible party is no longer authorised to retain the record.

4.5.3.The destruction or deletion of personal information must be done in a manner that prevents its reconstruction in an intelligible form