House of Assembly: Wednesday, October 13, 2021

Contents

COVID-19 QR Codes

Mr MALINAUSKAS (Croydon—Leader of the Opposition) (14:27): My question is to the Premier. Has the Premier undermined public confidence in the vital QR record system due to incorrect statements about all the data being deleted, and what will he do to restore confidence? With your leave, sir, that of the house, I will explain.

Leave granted.

Mr MALINAUSKAS: On 25 August, the Premier told the parliament, in relation to QR code data, 'The information is encrypted. It is kept for 28 days, after which it is destroyed.' Yet, in a report tabled in the parliament yesterday, entitled COVID-SAfe Check-In Review, the Auditor-General found evidence that the QR code data was retained beyond the 28-day time line committed to by the Premier.

The Hon. S.S. MARSHALL (Dunstan—Premier) (14:28): That's certainly not my interpretation of the Auditor-General's Report, which was delivered and tabled in the parliament yesterday. We did, as a government, ask the Auditor-General to look at this process because, the Leader of the Opposition is quite right, we have an expectation that that data is kept for 28 days and then it is destroyed.

We are very pleased and proud that we have had now hundreds of millions of check-ins, using the QR code check-in, and this provides our Communicable Disease Control Branch with the information that they need to access 24 hours a day, seven days a week, to be able to inform those whom they need to get in contact with who may have come into contact with the coronavirus. It has worked extremely well and it's now, I think, universally accepted as the very best system in the country.

It is very important that we do make sure that that data is protected. It comes into the Department of the Premier and Cabinet. It is encrypted. After 28 days, it is destroyed. What the Leader of the Opposition seems to be referring to is that overall in government we do have a recovery process. I think it is called a backup. The Auditor-General has also identified that, in accordance with responsible and vital practices for recovering critical systems, in the event of a system failure regular backups occur and that some data is restored to the secure backup system.

This information has not been accessed. There are procedures in place for restoring that data but, as the Auditor-General identifies in his report, if that data does need to be restored all information regarding the QR codes is again immediately destroyed or rejected.