Comment from Guardum: Data collection at pubs - a potential nightmare?
Following the news that pubs can ask customers to provide their contact details for contact tracing purposes - Darren Wray, CTO at data privacy experts Guardum offers the following comment:
“2 pints, a packet of crisps and a DSAR please, could this be what people start to order when they visit their local?
We all understand that COVID-19 has and is changing the world and that the hospitality industry has a responsibility to help NHS track and trace staff contact people should a customer develop symptoms shortly after visiting their local, the danger is that there has been little or no guidance issues from the Government or the ICO about how these new processes should be performed and in many cases those collecting this personal information have had little prior experience of data privacy requirements and have in the best cases only received very limited training.
All of this has the potential to place the hospitality under a further burden if they don’t get their processes in place quickly. It will only take a naive member of staff to copy down a phone number or email address and make contact with a customer to cause a heap of work for the venue. The question also has to be asked about how and when the data is going to be deleted once the retention period has passed, just throwing paper records in a dumpster could easily lead to an unwitting data breach.
Pubs, in particular, have faced many pressures and a decline in numbers over the last 20 years, data privacy requirements is another thing that they are going to have to adapt to and embrace to survive.”