Headline partners:

IBM Intel

COVID-19 Action Spotlight: Privacy & Safeguarding

The COVID-19 pandemic has forced society to rely almost exclusively on technology to continue functioning. From remote working to Zoom pub quizzes, people have adapted quickly to the ‘new normal’ thanks to technology – and it shows in the markets

Tech is also at the forefront of the battle to contain the virus. Governments have rapidly introduced unprecedented initiatives to track and trace the COVID-19 virus using big data, mobile applications, and advanced analytics. This has not been without controversy; while governments would normally have to request user permission or a court order to obtain sensitive personal data, the need to protect public health has given the state unheard-of access to the private data of individuals. Public health is thus being pitted against privacy.

Track and trace applications sit at the centre of this controversy. These aim to either facilitate medical treatment for people with coronavirus symptoms; warn those who have been in close proximity to an infected person; or monitor quarantine conditions for those self-isolating. These apps have helped limit the spread of the virus to varying degrees of success, but have provoked major privacy concerns around the opaque use of personal data – and the risk of ‘function creep’, or the information being used for other law enforcement purposes. 

These concerns are not without substance. Research suggests that, even when an individual’s personal data is anonymised, as few as four data points on location or time can be enough to identify 95% of people in a mobile phone database of 1.5 million people. 

There have been several regulatory efforts on the part of governments to allay these fears. On top of the EU’s own GDPR regulations, countries such as Germany, Italy, and France have passed laws limiting how long the data can be held by health authorities, and ensuring it is siloed from other branches of the state. These are just some examples of a huge movement within government and the civil service to take more action on data privacy and security – and it’s laying the groundwork for best practice moving forward.

In many ways, then, data privacy has been the domain of regulators throughout the pandemic, at least where it concerns government-approved contact tracing apps. But these rational fears about privacy and security are being compounded by a huge rise in cyber attacks during the pandemic. May saw more than 192,000 cyber-attacks in the span of three weeks, with phishing scams impersonating the World Health Organisation duping people out of their personal information and even graphic hacking attacks on Zoom conferences

As more and more people log on or work remotely, there’s greater opportunities for scammers and hackers to attack. Conversely, there are huge efforts being made to secure remote working systems. This strategy published by McKinsey encourages enterprises to secure their remote workstations using VPNs and institute best practice regarding procurement and monitoring. However, these are measures that should be in place permanently, particularly as remote work grows. 

While the rise in cyber attacks is worrying, the risks should reiterate that all companies and individuals need to take extra steps to protect themselves – pandemic or not.


June 2020


June 2021