I'm sorry. I didn't make a clear enough connection.
The first step is data minimization. You don't collect it if you don't need it.
This becomes the question in terms of what was collected and how it was used by the Public Health Agency of Canada. I don't know, but, if it was necessary to have that information, then you get into all your basics in terms of storage and who has access, as Matt has mentioned. We have good policies for how to design secure architecture.
I'll keep going back to the first point, which is that you don't want to hold data unless you really have to.