COVID-19: A data governance challenge
The Government of Jersey’s original plan would combine three types of data into a single dataset:
But the GOJ quickly realised that using the healthcare systems to store and manage the flow of all this intermingled data of varying sensitivities would be a challenge. Plus, it was not a suitable platform for near-simultaneously booking hundreds of traceable test appointments for citizens and inbound visitors at a time
The original plan was unfeasible, and created a serious likelihood of personal data breaches.
Instead, the GoJ would adopt a policy they named ‘Disowning for Privacy’, effectively a practical manifestation of the principles of Privacy by Design.
The three separate data sources would be kept distinct but integrated, and query-able between them using unique identifiers such as Jersey social security numbers (‘JY numbers’), but the extent of the sensitivity of the data revealed would be role-based and limited according to the need.