AUDIT QUESTIONAIRE and process
Ryan Carrier
Public
Seen by 26
This thread is designed to delineate the audit questions without opinion or judgment. What do we require answers about? What information do we need to make informed decisions? Many votes will happen here. You are voting for "Is this a piece of information we require for analysis"
Poll Created Mon 11 May 2020 6:20PM
When does personal data expire in your contact tracing system? Closed Fri 22 May 2020 9:02PM
personal data - the information collected by the system by any means
expire - removed from database consistent with local law on data deletion
When - the exact timeframe or time-based procedure
Results
| Results | Option | % of points | Voters | |
|---|---|---|---|---|
|
|
Agree | 100.0% | 1 |
|
| Disagree | 0.0% | 0 | ||
| Undecided | 0% | 1 |
|
1 of 2 people have participated (50%)
Poll Created Mon 11 May 2020 6:24PM
When does the whole contact tracing system terminate? Closed Fri 22 May 2020 9:02PM
When - on what date does the entire system turn off?
Terminate - the system no longer functions. All associated procedures end. All data stored is deleted, unattainable and properly disposed of.
Results
| Results | Option | % of points | Voters | |
|---|---|---|---|---|
|
|
Agree | 33.3% | 1 |
|
| Disagree | 66.7% | 2 |
|
|
| Undecided | 0% | 1 |
|
3 of 4 people have participated (75%)
Shea Brown
Tue 12 May 2020 2:08AM
Good start, but I think think that it includes too much. The data deletion is covered in a separate question (good). In my opinion, this should just include the termination of the collection of data in service of contact tracing. It might be two questions, one binary: "Do you have a well defined and unambiguous procedure for determining when to terminate the contact tracing system (Yes/No)" If No->Fail. If Yes->"What is the procedure". I'd like to hear what other people think?
Aaron Maxwell
Wed 13 May 2020 7:58PM
I think this question is necessary only if a portion of your data needs to be carried between "infection windows". At a minimum, the app will collect usage information - calls to and from the server, crash statistics, and so on. That is still personal data, but not with respect to my health. Also, if this app is mandated, I want to know when I'll be able to delete it off of my phone.
Adam Leon Smith
Fri 22 May 2020 7:22PM
I think this needs to more clearly include the destruction of data distributed to mobile devices in a decentralised system