My Lords, these regulations underpin the Government’s intent to ensure that transmission of the virus is halted by maintaining fully up-to-date information for the track and trace system on who has come into contact with a person who has tested positive for Covid-19. This is an admirable aim, but some questions remain over the robustness of the overall system for tracking people and with regard to privacy.
First, on the catastrophic failure of the IT system that transfers the positive test result data over to the track and trace system, as case numbers began to rise far more than it could cope with, the system failed at the first hurdle due to the larger volumes. If this part of the track and trace system is also predicated on the same legacy Excel software as that of the positive-case data, it is entirely possible for that to fail too, causing many people not to be contacted early enough, or even at all, if a glitch goes unnoticed. Is this part of the tracing system underpinned by software in the same way as the positive-case data software? Are there any in-built warning signals to alert authorities if this system fails to deliver?
My second point is on the validity of any data stored, given the reports that some people are not leaving their correct details with venues. What is happening to follow this through in order to ensure that people are properly traced? Also, given that some venues are not asking for information directly but leaving it up to customers to comply, the system does not appear robust enough. If a venue does not store that data, there is no way in which the Government are going to know that a person has been there, unless they are a positive case, in order to find the business guilty of failing in its legal duty.
My third point is on privacy. While the Government require venues to keep information only for 21 days, what measures are in place to protect citizens from data loss and breaches of privacy, so that they can have faith in using the system?
1.54 pm