Health passport and data protection

The use of applications to display proof of vaccination and validation of test results have raised concerns regarding the privacy and security of users.

During the COVID-19 pandemic, technology has been at the forefront of the scene, but not without presenting some problems and challenges. As countries, states and cities reactivate tourism, it has become a common requirement to request vaccination certificates that confirm the negative result of health tests.

Against this background, the need to use health passports that demonstrate that a person received the vaccine is growing and presents two challenges. According to ESET, a leading company in proactive threat detection, it analyzes the right to privacy and how technology can be used to safely offer a solution that responds to the needs of the context in which we live.

Due to the Delta variant and the increase in infections of the OVID-19 disease, Bill de Blasio, Mayor of New York, said that workers and staff of restaurants and gyms must necessarily present a vaccination certificate.

“Having to declare that the vaccine has been received can be seen as a possible violation of people’s privacy by having to share personal medical data with the organization that needs to verify that information,” said Tony Anscombe, ESET Chief Security Officer.

NYC offers several options for checking immunization status:
Vaccination Registry from the Centers for Disease Control and Prevention

It is a paper card, slightly larger than a credit card. It has the person’s first and last name, date of birth, and details of the type of vaccine, including the first and second doses. It was reported that in bars and restaurants, false cards were sold for USD $ 20 due to the lack of security measures.

NYC COVID SAFE App

The app takes a picture of the CDC vaccination record or its international equivalent and stores it as an image; this image becomes a digital vaccine record.

Excelsior Passs App

It is a solution developed by IBM that uses blockchain and encryption technology to ensure that personal data is kept private and secure. Users must register using the data provided at the time of vaccination.

How to protect your personal data?
Regardless of the solution the government offers, privacy and security should be provided by default, while also checking vaccination status, personal data, and test responses. The recommendations that ESET suggests before using an application as a digital health credential are the following:

The creation of the health passport must verify the application with the medical records.
Only the minimum data is used to create the passport: name, date of birth and date of vaccination.
Communication and any stored data must be encrypted.
The privacy policy should state the purpose of the application and that no personal information is shared with third parties.
Location tracking and unnecessary data collection is not allowed
Download applications from an official source, such as the App Store or Google Play.
For more information on computer security, enter the following link: https://www.welivesecurity.com