several countries.34 The COVID-19 contact tracing applications carried a wide range of health-related data driven capabilities information sharing; selftesting; patients experiencing sharing; symptoms monitoring and contact tracing. Zimbabwe adopted a ZimCOVID safe application for screening tool; general information on vaccination and testing centres information; and the short message service (SMS) based solution. The ZimCOVID application privacy policy stated that 'all data collected or shared (with you) is completely managed and stored by the ministry of health'. However, the actual type of information collected by the health ministry was not disclosed. On user registration, the application requested a mobile number.35 For Zimbabwe, databases in the custody of public authorities are easily accessible.36 And mobile network operators indiscriminately disseminated COVID-19 information. 37 The ZimCOVID application was able access to personal data on devices, and capable of modifying, deleting and reading the stored contents on device. The application was capable of preventing a mobile device from sleeping; can view network connections; and full network access.38 The collection of COVID-19 related medical data occurred before the passage of the CDPA, however other laws requiring the protection of personal data such as the Constitution, and the Public Health Act were in force. Due to the disaster declaration, public and private facilities were allowed to conduct tests in order to bolster government public health measures. As of 20 September 2021, Zimbabwe had officially approved 136 private testing facilities; 26 government laboratories; and 3 research, non-governmental facilities.39 Retrospectively, the DPA, POTRAZ should consider procedures to address this, including asking data controllers to implement data destruction or data storage measures that safeguard privacy. In most countries Zimbabwe included, all public facilities such as Foreign Affairs COVID Isn t the Only Threat to Privacy https://www.foreignaffairs.com/articles/ /covid isnt only threat privacy last accessed April Reference to collection of personal data including but not limited to phone number is purportedly for better application user experience, and that information is retained by the health ministry. https://dencroft.com/zimcovid safe app policy last accessed April News Day https://www.newsday.co.zw/ / /zanu pf breaks into zec database/. An urgent application was brought by Sikhumbuzo Mpofu against Econet Wireless network for unsolicited public notices on COVID , which Mr. Mpofu alleged were violating his rights including right to privacy. ZimCovidSafe Mobile Application Security Assessment Report. The assessment was conducted by a certified digital security expert on September . Health Professions Authority https://w w w.hpa.co.z w/admin/downloads/ REVISED LIST SEPTEMBER SARS CoV .pdf last accessed November PAGE