National COVIDSafe Data Store Administrator
You're in control of your information
The National COVIDSafe Data Store is the storage for information collected or generated through the use of COVIDSafe.
As of 5 October 2021, the Department of Health is the National COVIDSafe Data Store Administrator under the Privacy Act 1988 to manage the data collected by the COVIDSafe app.
From 16 May 2020 to 26 September 2021, the Digital Transformation Agency was the sole National COVIDSafe Data Store Administrator. Between 27 September and 4 October 2021, the function of the National COVIDSafe Data Store Administrator transitioned to the Department of Health.
Information stored in the Data Store
Information stored when you complete registration and use the app includes:
- mobile number
- name or pseudonym
- age range
- diagnostic information.
Information on digital handshakes is stored if you test positive and complete voluntary upload of information with assistance from a state or territory health official.
There are special rules about how this information can be handled and used that you can find in the Privacy Amendment (Public Health Contact Information) Act 2020.
Request to delete your information
You can request to have your registration information removed from the National COVIDSafe Data Store.
Requests are actioned by:
- confirming your request via SMS
- providing the list of mobile numbers for deletion to a Data Store officer
- advising when the deletion is complete.
Requests are processed within 3 working days.
The Department of Health will delete all COVIDSafe app data when the Minister for Health declares that the pandemic has ended.
Assisting health officials
The Department of Health aims to first address and resolve issues without accessing information from the Data Store.
When needed, the Department of Health accesses information in the Data Store to:
- assist state and territory with contact tracing
- resolve issues with the health portal or Data Store.
The Department of Health is authorised to do this under 94D(2) of the Privacy Amendment (Public Health Contact Information) Act 2020.
State and territory health officials can share data with the Department of Health to resolve issues that impede the contact tracing process.
Requirement to report on breach of data
In the event of a breach of requirements as the Data Store Administrator, the Department of Health must:
- notify the Privacy Commissioner of reasonable grounds to believe that an eligible breach happened
- prepare a statement of the data breach
- take reasonable steps to notify individual users who are at risk from the data breach.
Read more on your privacy rights related to the COVIDSafe app.
26 October 2021