The government is asking consumers, the general public and hospitality and tourism businesses to help it in the efforts to stamp out further infections and localised outbreaks by providing basic information to be used as part of its COVID-19 contact tracing scheme.
Whilst the government has not made this mandatory as yet, we have seen various retail businesses, bars & restaurants collecting customer details in a bid to remain compliant in their respective industries. You may have been asked for some or all of your personal information such as your name, number, email address, postcode etc. when visiting a retail or hospitality business.
What happens to the data collected via the COVID-19 contact tracing scheme?
The government has requested businesses assist by keeping temporary records of their customers and visitors for 21 days, in a way that is manageable for their organisation, and assist NHS Test and Trace with requests for that data if needed.
After 21 days, this information should be securely disposed of or deleted. When deleting or disposing of data, you must do so in a way that does not risk unintended access (e.g. shredding paper documents and ensuring permanent deletion of electronic files).
More information can be found via the GOV.UK website here.
This throws another obstacle into the mix for businesses to face. GDPR! The data you are requesting is of a personal nature, therefore it must be handled in accordance with GDPR to protect the privacy of your staff, customers and visitors.
General Data Protection Regulation (GDPR)
Appropriate technical and security measures must be in place to protect customer contact information, ensuring a procedure is adhered to will ensure no breaches occur. The information commissioner’s office (ICO) has published some guidelines you can refer to here.
Not handling personal data properly means businesses and staff risk breaching the Data Protection Act with severe consequences for both. Headlines over the past few years include LinkedIn, Morrisons, Vision Direct & Wonga and served to teach us a lot about the importance of having an effective data security strategy.
Businesses appreciate the issues data breaches can cause and many seek to protect themselves against such an event. We all know prevention is better than cure, so we’ve put together a handy checklist for businesses so they can ensure they have all bases covered.
Ensure You Are Fully Protected
Whether it’s an accidental breach or not, the resulting fine from the Government won’t change! And chances are your company doesn’t have funds saved to pay for data breach remediation.
There are insurance options available to make recovery easier. Cyber liability insurance policies can cover the cost of notifying customers and replace lost income as a result of a data breach. In addition, policies can cover legal expenses a business may be required to pay as a result of the breach.
A cyber liability policy could get your business back up and running with little delay! Premiums start from as little as £130 a year and interest-free instalments available with certain insurers. Find out more about our Cyber Insurance here.
Insurance Brokers Who Work In Your Best Interest
We are an independent cyber and data risk insurance broker. This means we have full access to the majority of the insurance market and the insurance products they offer. Whilst we work alongside insurers to provide cover for you, your business & your assets – we work in your best interests. As standard, we rebroke your policy every year to ensure you have the most competitive premiums & handle all claims in-house at our UK based office in Clanfield.
For a free, no-obligation quote for cyber insurance contact the Glowsure team on 01730 239387 (during working hours you will always speak to a person!) or you can send us an enquiry.