House of Assembly - Fifty-Fourth Parliament, Second Session (54-2)
2021-10-13 Daily Xml

Contents

COVID-19 QR Codes

Mr PICTON (Kaurna) (14:32): My question is to the Premier. Is the Premier concerned that in spite of his promise that all QR data would be deleted within 28 days, in some instances it is being kept indefinitely and is he concerned it affects public confidence in the scheme? With your leave, sir, and that of the house, I will explain.

Leave granted.

Mr PICTON: In the report tabled yesterday in regard to the COVID-SAfe check-in system, the Auditor-General found that data had been retained by the Department of the Premier and Cabinet indefinitely as a backup for the system but also by the Department for Health indefinitely under its obligations under the Health Care Act.

The Hon. S.S. MARSHALL (Dunstan—Premier) (14:33): I think I answered this in the previous question, but I'm happy to go through it again. We have a situation where we are asking people to use the QR code check-in. That gives us some basic information as to who the person checking in is, where they were and what time. This is encrypted. It goes into the Department of the Premier and Cabinet. It's destroyed after 28 days.

As part of the overall whole-of-government IT management system, there is a backup which is kept, but there are very strict protocols about the restoration of that data; moreover, the Auditor-General identifies in his report that if there is a restoration of that data any data older than 28 days is again automatically destroyed. I don't think that there is any breach with what we have already said to the people of South Australia. Their data is extraordinarily protected, and I think that's borne out in the Auditor-General's Report.

I just remind the house that it was actually the government that asked the Auditor-General to do this review so that we could have assurance, the people of South Australia could have assurance. Those opposite might want to run a scare campaign. They may want to undermine what I think is an excellent system. Let me tell you what Grant Stevens, the police commissioner, the State Coordinator during this major emergency declaration, had to say this morning. He said:

I am absolutely confident that the intent and commitment that was made to destroy data is being honoured and I think DPC have done an amazing job in developing a system that has withstood the tests that are being put to it in terms of the volume of people who are using the system every single day and maintain that commitment to delete the data, I would remind people that we've probably got the best QR…system in Australia…

They are the words of the State Coordinator. We also have extraordinarily complimentary words from the Auditor-General, and I quote from page 2:

Overall, I concluded that reasonable controls were applied by DPC and SA Health to protect people's contact details obtained through the COVID-SAFE Check-In app. I note this is a point in time review and opinion.

He goes into quite a lot of detail, and I would encourage all members of the house to take a look at this report. We thank the Auditor-General for his comprehensive review because it is important that people need to know that when they do use the QR code check-in in South Australia there is not unauthorised use of that data. In other jurisdictions, they didn't have a central QR code check-in mechanism. In fact, in some places it was left up to individual venues. It then begs the question: who is going to use that information?

For example, you go along to a pub. Yes, you are checking in when you go to the pub, but does that pub have the opportunity then to use that information for marketing purposes? That cannot happen with this South Australian system. We respect the fact that we need this information to keep our state safe and our economy strong, and that's why we put in, I think, the very best system in Australia. But don't take my word for it: take the word of the police commissioner, the State Coordinator, Grant Stevens.