National COVIDSafe Data Store Administrator
You're in control of your information
The Digital Transformation Agency (DTA) was appointed as the National COVIDSafe Data Store Administrator under the Privacy Act 1988 to manage the data collected by the COVIDSafe app.
The National COVIDSafe Data Store is the storage for information collected or generated through the use of COVIDSafe.
Information stored in the Data Store
Information stored when you complete registration and use the app includes:
- mobile number
- name or pseudonym
- age range
- diagnostic information
Information on digital handshakes is stored if you test positive and complete voluntary upload of information with assistance from a state or territory health official.
There are special rules about how this information can be handled and used that you can find in the Privacy Amendment (Public Health Contact Information) Act 2020.
Request to delete your information
You can request to have your registration information removed from the National COVIDSafe Data Store.
Requests are actioned by:
- confirming your request via SMS
- providing the list of mobile numbers for deletion to a Data Store officer
- advising when the deletion is complete
Requests are processed within three working days.
The DTA will delete all COVIDSafe app data when the Minister for Health declares that the pandemic has ended.
Assisting health officials
The DTA aims to first address and resolve issues without accessing information from the Data Store.
When needed, the DTA accesses information in the Data Store to:
- assist state and territory with contact tracing
- resolve issues with the health portal or Data Store
The DTA is authorised to do this under 94D(2) of the Privacy Amendment (Public Health Contact Information) Act 2020.
State and territory health officials can share data with the DTA to resolve issues that impede the contact tracing process.
Requirement to report on breach of data
In the event of a breach of requirements as the Data Store Administrator, the DTA must:
- notify the Privacy Commissioner of reasonable grounds to believe that an eligible breach happened
- prepare a statement of the data breach
- take reasonable steps to notify individual users who are at risk from the data breach
Read more on your privacy rights related to the COVIDSafe app.
15 September 2020