Five Ways To Protect Your Identity In The Era Of Vaccine Verification
August 20, 2021
Glenn Larson is the Vice President of Engineering at Acuant and a member of the Forbes Technology Council, an invitation-only community for world-class CIOs, CTOs and technology executives. Read his article for the Forbes Technology Council below, or find the original here.
While vaccine passports are continuing to make headlines, the process is far from perfect. There’s no gold standard that’s being universally enforced or adopted, with some U.S. states even going as far as to ban vaccine passports. What’s more,are being sold on the darknet.
Following the, we saw U.S. state governments take vaccine verification programs into their own hands, with New York and California announcing a local, digital vaccine verification system. The United Nations agency International Civil Aviation Organization (ICAO) is also paving the way for the international community with a to verify one’s vaccination status during travel.
Whether or not governments or agencies across the globe implement vaccine verification platforms, reentering the workplace, traveling to new destinations, enjoying entertainment or sporting events and more may soon require proof of vaccination. However, not every platform can be trusted to care for your data.
Who can you trust?
Not all vaccine passports are created equal. Our digital identity may still be up for grabs by fraudsters, even while privacy laws across the globe emerge to protect consumer data. It’s important we protect our personal information by only entrusting our identity and vaccination status with responsible vendors.
Whether traveling for business or going to an event, here are five ways individuals can protect their digital identity — and privacy — when using vaccine verification platforms.
1. Always check privacy standards.
While privacy policies can be lengthy, it’s extremely important to read them — especially when sharing your health data. If you’re required to sign up for a specific vaccine passport or are selecting an app based on preference, look for whether the company is collecting your information and if you’re able to adjust your privacy settings.
Trustworthy apps will outline how they securely store your data and won’t sell your information to third parties. Companies that place the power over one’s data back in the hands of the consumer should have this information in the “about” section of their website. Overall, look for a provider that has a mature stance on privacy and requires explicit consent to share your vaccination status with other organizations.
2. Make sure the provider takes security seriously.
Similar to privacy standards, reputable providers will share how they’re safeguarding your data from the bad guys. Before entrusting your data with a vaccine passport solution, identify the provider’s security standards to make sure your information is protected from the outset. Double-check your data is being stored at rest and in transit using end-to-end encryption, that only the data necessary to verify your vaccination status and identity is stored and that your data can’t be shared without explicit consent.
For example, while providers will need to store a limited amount of data in order to verify and share your vaccination status, the best solutions will use end-to-end encryption and store anonymized data. If breached, this data will be useless to the hacker.
3. Look for an organization that’s privacy-minded.
Another sign the organization’s leadership prioritizes privacy is having a designated Data Protection Officer, also known as a DPO. A DPO, which was created following the General Data Protection Regulation (GDPR), is a data protection expert who ensures compliance with GDPR and other data protection laws and supervises data protection operations.
If an organization can be trusted with your digital identity and aligns with federal regulations, it should only take a few minutes of online research to locate this information.
4. Confirm your vaccine passport verifies you’re who you say you are.
Since a vaccine passport handles your data, the solution should require you to set up secure authentication. The most trusted solutions will require robust identity verification when you enroll in the health passport to make sure you’re who you claim to be, not someone trying to use your identity.
These steps include authenticating government-issued documents like a driver’s license or passport and then adding facial recognition, verifying personal data such as location, phone number or address and/or verifying your phone via SMS.
5. Protect your data with multifactor authentication.
Following identity verification, your identity is now tied to your vaccine passport. That’s why it’s vital to set up multifactor authentication.
Many platforms use automated digital identity solutions that allow you to efficiently verify your identity in-app in seconds. And when logging in to use your vaccine passport in the future, remember that passwords are an easy target for hackers. As the first line of defense against hackers, it’s important to set up multifactor authentication, like a password followed by another token code or biometric check, to protect your data stored on the app.
We’ll likely continue to hear more about vaccine passports and experience these apps firsthand. Vaccine passports can support people in returning to normalcy and may have positive impacts on economies across the globe, but it’s important to remember we’re the protectors of our own data. While we’ll be expected to share our personal information more often online, following these five steps can ensure an organization prioritizes data privacy.