Question

After your successful engagement to develop privacy and personal data protection strategies for DAS, you have been engaged by the Department of Health (DoH) to advise on the development of privacy and data protection for CovidSafe users. DoH expect up to 16 million Australian mobile users to download and use this app. DoH have announced that they will be using a major U.S. based public cloud provider to host the CovidSafe data, but claim that the data will always be under Australian Government control.

You are to provide a report to DoH that:

1. Discusses the possible threats and risks to the security of user data on mobile phones, and in linked Cloud and financial accounts from the use of the CovidSafe app.
2. Discusses the possible threats to the privacy of a user's data, location and activities from the use of the CovidSafe app.
3. Discusses the issues of data sovereignty that may apply to the storage of CovidSafe data in U.S. based Cloud storage.
4. You are to recommend that DoH adopt:
   1. Possible security controls that would prevent the loss or breach of user data, while still enabling effective tracking for COVID-19, and the reasons these controls will be effective.
   2. Possible privacy controls to protect user privacy, particularly of data, location and activity, while still enabling effective tracking of COVID-19, and the reasons these controls will be effective.
   3. Possible controls to ensure that the CovidSafe data remains under Australian data sovereignty and control, and the reasons these controls will be effective.

Answer 1

Solution 1: As the users over the internet increase, the websites and the data that is present online is becoming more and more vulnerable. This is due to the fact, that as the advent of the information technology and the internet technology rises, the cyber capabilities of the hackers and crackers also increase. Due to this the data of the users over the internet becomes more and more vulnerable. Since all kinds of enterprises are moving towards the cloud-based solutions in which the data is not stored over the on-premises infra, instead it is present over the cloud servers and hence the data becomes even more unsafe as it can be accessed and stolen by the hackers.

Solution 2: The data that is going to be collected by the covid application is actually very crucial from a user's point of view. This is because, it collects the user's medical data which may contain all the information regarding all the activities of the user, the location of the user, etc. If this data gets into the hands of someone that has some malicious intentions then it it might turn out to be the most significant threat for the user as then they can make this data public, and even ask for the ransom from the user.

Solution 3: Since a lot of sensitive data is actually stored in cloud-based servers, hence the hackers can actually instigate some kind of attacks over this infrastructure in order to steal the data from these cloud servers. This is in view of the past hacking incidents that have taken place over the cloud servers and since no determination has been exhibited by the developers towards making the application secure and safe against any cyber attack. The application developers as well as the government of the Australia must form some kind of regulatory body that looks after the well functioning of all the laws associated with the information security as well as the data privacy of the users of the application. Some of the steps that should be taken by the developers and should be enforced by the Government of Australia to secure the user's data are:

1. The user has to be authenticated using the multi-factor authentication technique so that no one without the authority can access the data.
2. There has to be robust security policy in place to secure the data assets within the application.
3. There has to be an emergency response team that is supposed to respond rapidly in case of any security breach or any hacking attack.

Here's the solution to your question, please provide it a 100% rating. Thanks for asking and happy learning!!