Got the COVID-19 jab? Why you shouldn’t post your vaccination card online

Just got your COVID-19 jab and want to share the news by posting a photo of your vaccination card on social media? Some experts discourage making one’s vaccination card details publicly known, citing risks in data privacy and identity theft. 

“They should not dismiss the risks because their data can be used and resold in many ways and forms,” said Joseph Felix Pacamarra, co-founder and chief executive officer of the computer emergency response team Cybersecurity Philippines CERT. 

Details contained in a vaccination card vary depending on what local government unit or health organization issued it. However, it typically includes one’s name, sex, barangay, phone number, photo, PhilHealth number, vaccination category, the healthcare worker who administered the vaccine, and the QR code, which can be scanned to reveal one’s medical history.

“If you’re speaking to a person with a criminal intent, that is very dangerous data,” Pacamarra said. He added that criminals can resell people’s identities or create a fake vaccination card based on what was posted, physically endangering others amid the COVID-19 threat. 

Pacamarra said that in July, the Baguio local government warned tourists against using fake vaccination cards to enter the city after reports of unauthorized documents being sold online.

The Philippines still does not have a nationwide system for verifying vaccination cards. According to Pacamarra, this makes it challenging to confirm the identity of a person who holds a falsified vaccination card.

Vaccination cards are currently used to allow more mobility, including intrazonal travel for areas under the same set of quarantine rules.

Pacamarra added that posting details contained in the vaccination card could be an opening for identity theft to occur, and can lead to unauthorized bank transactions.

Kim Cantillas, secretary-general of the non-governmental organization Computer Professionals’ Union, further warned that experienced attackers can gain access to their target social media accounts even with little information about them.

“The types of attacks that can be successfully carried out will depend on the type and amount of information made available to the attacker. They may also retain this information and carry out an attack at a later time,” Cantillas said.

What can netizens post instead?

According to the data research website Our World in Data, the Philippines has administered 23.2 million doses of COVID-19 vaccines, with 10.7 million individuals fully vaccinated as of July 7. This is equivalent to 9.9% of the country’s population being fully vaccinated.

The Department of Health is aiming to achieve nationwide population protection or having 50% to 60% of residents in an area fully vaccinated, by the end of the year. Experts are also encouraging vaccinated individuals to share their stories to encourage others to also take the jab.

For netizens who want to encourage friends and families to get vaccinated, Cantillas said that blurring photos of vaccine cards does not guarantee that one’s information is safe. 

“There are tools (available for free) that can be used to guess or restore the original image. While we do want to encourage more people to get vaccinated, we should be careful not to do this at the expense of our privacy and security.”

After getting their COVID-19 vaccine, what can people post instead? Cantillas recommends pictures of the vaccinated arm or some other signifier that people were vaccinated. Some vaccination sites nationwide, for example, have photo booths set up for this purpose.

As the pandemic continuously digitizes aspects of our daily lives, experts warn against developing a culture of oversharing in social media. The key, according to Cantillas, is observing a “good digital hygiene.” (READ: Data breaches are inevitable – here’s how to protect yourself anyway)

“We need to understand and appreciate that our data are extensions of our identity. Our activities, behavior, and identity online are not as separate from our offline lives as we may think. Social media makes it so much easier for malicious persons to exploit our data.”  – Rappler.com

Kristel Ogsimer is a Rappler intern from the University of Santo Tomas taking up a Bachelor of Arts degree in Journalism.