“A vaccination passport may well keep the pandemic in check but it will require a truly collaborative approach to the governance of data”…

Terence Stamp, Identity and Access Management Expert, CapGemini continues:

“One of my friends recently drew my attention to an article in Time magazine, where the IOC President Thomas Bach has said that COVID-19 vaccinations could be required for athletes and fans to attend the postponed Tokyo Olympics.  This is set against a backdrop where vaccines to inoculate against Covid-19 are being rolled out around the world.  In order to limit the spread of the disease where vast numbers of people are expected to attend (approximately 500,000 attended Rio in 2016), drastic measures are being considered in order to mitigate against another massive increase in cases worldwide.

If vaccination passports are seen as an answer to a number of global events still planned for this year, how could they be implemented appropriately? What regulations should be complied with in order to protect personal information and reduce the likelihood of the infringement of human rights? There are many questions to be answered, some of which focus on the governance of personal data.

Reasoning

IATA recently announced that it was creating a digital platform to facilitate the sharing of vaccination information called the IATA Travel Pass.  The reasoning for this is: “to re-open borders without quarantine and restart aviation governments need to be confident that they are effectively mitigating the risk of importing COVID-19. This means having accurate information on passengers’ COVID-19 health status.

It seems prudent that a collective definition of why the data is being gathered across the world should be adopted.  If the reason is simply to present proof of having had a vaccination, that in itself is quite different to requiring presentable proof of immunity.  Such a requirement should, at the minimum, include a follow-up test to prove that the individual has produced the required protective antibodies.

Compliance

The concept of data sovereignty means that personal information (including health data) is usually governed by regulations that afford some protection to the citizens of the region where the data is held.  Examples of this include HIPAA (USA), PIPEDA (Canada), GDPR (EU) and Data Privacy Act of 2012 (Philippines).

However, how do you apply the principles of health data governance internationally?  What standards should be used to protect the data?  How should it be stored and what should happen to it when it is no longer needed?  The standard requirements of asset management and data governance must be observed when processing personal data, even in a global context.

Integrity and Administration?

In order to have a trusted worldwide system that can prove that an individual has had a vaccination, it would seem logical that such a system should have traceability built-in.  This would imply that an assertion that an individual has had a vaccination can be traced back to a point in time where the injection was administered (and potentially which type of vaccination was given, especially given that different vaccines have different efficacy rates). 

But how should such a system be administered?  Should it be a country-by-country basis, given that each nation could claim ownership of said data and how it should be used?  If the aviation industry (IATA) is setting up its own system, should this be a process that is extended to travel across land borders?  How would such a system be applied consistently in different countries, with varying levels of social and technical infrastructure, so that travellers around the world have equal access to transport?

Global Collaboration

Over the next 12 months, the world has an expectation (or hope) to return to business as usual, including international travel.  That includes the following sporting events postponed from 2020: Football European Championships (Europe), Copa América (Argentina and Colombia), Ryder Cup (USA), and Olympic Games (Japan).

If we are going to reduce the likelihood of a return to the levels of infection seen throughout 2020, a number of measures will have to be implemented.  Ideally, these should enable equal access to travel, irrespective of the economic background of one’s country.  A vaccination passport may well be one of these, but to keep the pandemic in check it will require a truly collaborative approach to the governance of data that matches that seen by the global medical community to make a real difference”.

Terence Stamp is an Identity and Access Management Expert at CapGemini, and a former athlete.

https://www.iata.org/en/publications/travel-pass/

http://www.bbc.com/travel/story/20200831-coronavirus-will-you-need-an-immunity-passport-to-travel