This appeared last week.
Check-in websites a privacy 'ticking time bomb'
Finbar O'Mallon Reporter
Aug 25, 2020 – 5.43pm
Developers are under pressure to add marketing features to coronavirus check-in websites, prompting privacy concerns.
The sites, which patrons use to fill in contact tracing data at venues, are a privacy "ticking time bomb" due to lax regulations, the operator of one check-in site says.
GuestCheck Australia chief executive Adrian Kinderis wants the government to issue licences for the digital products.
The privacy watchdog has left it to small and medium-sized businesses to ensure the digital contact-tracing products they used met guidelines.
"It's unfair to put the responsibility of all the privacy and everything else, without any guidance, back on the venue operator," Mr Kinderis said.
He said there was little stopping sites from storing data overseas or selling it.
Some products were also open to people putting in fake information which would hurt contact tracing efforts, Mr Kinderis said.
The chief executive of Bepoz, a hospitality point-of-sale software provider, said venues using his company's coronavirus check-in forms could decide to sell the data themselves.
Kris Satish said he had been asked by venues to throw in marketing options to Bepoz's contact tracing forms, signing up people to emails or texts after visiting the venue.
He said he'd refused.
"This product was not built as a moneymaker," Mr Satish said. "For us it's quite a serious thing. We don't use the data. Absolutely not."
Mr Satish felt the government had been clear on the guidelines surrounding the apps.
Mr Kinderis said he had approached state and federal governments to ask them to put in more privacy controls.
'Ticking time bomb'
His suggestions, like issuing certifications for sites so Australians knew their data was safe and useful to contact tracers, had fallen on deaf ears.
"This is a ticking time bomb, it really is. Contact tracing is going to be around for a long, long time," Mr Kinderis said.
"It's time for both state and federal governments to start taking this seriously."
His app works by getting patrons to text a code from the venue to GuestCheck, which then texts them back with a form to fill.
"We [then] know 100 per cent that number is validated. At that point we really don't care what you fill out," he said.
More here:
https://www.afr.com/politics/push-to-add-marketing-features-to-check-in-sites-20200824-p55otn
I would describe this as an accident waiting to happen. All sorts of venues collecting all those details and storing them for who knows how long in how secure database!
What may follow if the data is breached who really knows.
Frankly I suspect there really should be some sort of regulated provision of these tracking services where the credentials and bona fides of the sites is well established and where the public can be sure their data is both safe and will be used appropriately!
Maybe, horror to suggest, it might be a service offered by the various State Departments of Health – who have the most to gain by timely access to accurate data.
How to you think this cat could be best skinned with optimum security and privacy protection?
David.
This is what happens when governments get distracted and conflicted when they build competing software and platforms. More interested in pushing broken digital tools than safe guarding its citizens.
ReplyDelete