OAIC completes COVIDSafe oversight

The Office of the Australian Information Commissioner (OAIC) has published its final six‑monthly COVIDSafe privacy report and completed its COVIDSafe assessment program, which examined compliance and risk throughout the ‘information lifecycle’ of COVID app data.

The regular reports showed the OAIC did not receive any complaints or data breach notifications with regard to the COVIDSafe system.

The Minister for Health and Aged Care determined on 16 August 2022 that COVIDSafe was no longer required to prevent or control the entry, emergence, establishment or spread of COVID-19 in Australia.

Australian Information Commissioner and Privacy Commissioner Angelene Falk said the strict privacy protections enshrined in law in May 2020 to protect COVID app data had worked effectively.

“As we said at the outset, legislation provides the strongest form of protection to codify privacy safeguards and give Australians confidence in the protection of their personal information within the COVIDSafe system,” she said.

The OAIC’s last two assessments covered:

  • the access controls applied to COVID app data by state and territory health authorities
  • the compliance of the Department of Health and Aged Care as the National COVIDSafe Data Store Administrator with the deletion and notification requirements for the end of the COVIDSafe data period under section 94P of the Privacy Act 1988.

The assessment found the Department of Health and Aged Care had deleted all COVID app data from the National COVIDSafe Data Store in accordance with legislative requirements.

/Public Release. View in full here.