TraceTogether Token: How to protect against physical data breaches

In a bid to stop the spread of the coronavirus, Singapore has utilised intensive contact tracing efforts to identify close contacts of persons who have contracted the virus. However, one obstacle that seemed to undermine the government’s efforts was the patient was not being able to remember their whereabouts. In response, the Government Technology Agency developed the TraceTogether app in collaboration with the Ministry of Health, releasing it in late March 2020 to aid tracing which made Singapore the first country in the world to deploy a national coronavirus tracing app¹.
 
The government spared no effort in educating the public on how the application worked. This included explanations on how it operated using Bluetooth signals, while highlighting the many privacy safeguards built into the app’s design to prevent excessive data collection and unwanted disclosures.

Introduction of Wearable Tags

It was announced in June that the government would be introducing wearable contact tracing bands, which had the same functionality as the smartphone application². This was in response to a number of gaps that had surfaced in the mobile app, such as to facilitate contact tracing for Singaporeans who lacked smartphones. Issues faced on a number of phone models were also cited as factors hampering its uptake.
 
On the ground the announcement of the wearable bands sparked a privacy debate, with citizens being concerned about the specifics of the data collected and what they would be used for. In Shred-it’s view, this represents an increased awareness about the need to secure personal data amongst the general community. By extension, this could also be a result of the historically poor track records of devices when it comes to data security.

The Often-Overlooked Importance of Physical Data Mediums

Indeed, physical devices can hold and transmit significant amounts of data. In a situation like COVID-19, where contact tracing remains key to slowing its spread, contact tracing devices and apps can assist the process.
 
The debate around the TraceTogether token is a good reminder that physical media holds a wealth of information. However physical media is often overlooked due to the threats and breaches on the cybersecurity front; however, a data protection plan is only as strong as its “weakest” link. In addition to limiting physical access to the media, the data should also be encrypted, and the media destroyed in a way that data cannot be recovered, if no longer required.

Start Protecting Your Data

The consequences of a physical data breach can be just as severe as a cyber data breach. The easiest and safest way to reduce the risk of a physical data breach is to adopt best practices of information security such as a Shred-it All Policy and a Clean Desk Policy to ensure the secure disposal of any physical materials containing data.
 
Shred-it can help you safeguard your data through destroying physical media, including paper, hard disks, and more. Contact us today for a free assessment of your current data protection plans and a quote.

Disclaimer
This article is provided for your convenience and does not constitute legal advice. Readers should not take, or refrain from taking, actions based upon the content of this article. Prior results do not guarantee similar outcomes. Please seek professional legal advice.
 
 
¹BBC (2020). Coronavirus: Why Singapore turned to wearable contact-tracing tech. [ONLINE] Available at: https://www.bbc.com/news/technology-53146360 [Accessed 20 July 2020]
 
²The Straits Times (2020). Wearable device for Covid-19 contact tracing to be rolled out soon, may be issued to everyone in Singapore. [ONLINE]
Available at: https://www.straitstimes.com/politics/parliament-wearable-device-for-contact-tracing-set-to-be-issued-tracetogether-does-not-work [Accessed 20 July 2020]