The Information Commissioner’s Office (ICO) has published data protection guidance for organisations mandated to collect customer and visitor information for test and trace purposes.
Since 18 September, the UK government has made it mandatory for all businesses in the hospitality, leisure and tourism sector, and close contact businesses such as barbers and beauticians, in England to collect customer information for the test and trace programme.
The ICO is advising organisations across the UK to follow five simple steps so they handle people’s information responsibly. Organisations must:
- Only ask people for the specific information that has been set out in government guidance;
- Be clear, open and honest with people about what is being done with their personal information;
- Keep people’s data secure. Organisations should not use open logbooks, and should ensure their customers’ personal information is kept private;
- Not use the personal information collected for contact tracing for other purposes, such as direct marketing, profiling or data analytics; and
- Erase or dispose of the personal information collected after 21 days.
Organisations do not have to ask people for their information if individuals are using a contact tracing app to check into venues. They should not make the use of contact tracing apps mandatory, and should give people options to give their details for contact tracing purposes.
The ICO has developed clear examples and case studies that organisations can use to ensure they are collecting customer information securely and complying with data protection law.
Ian Hulme, ICO’s Director of Assurance, said:
“We appreciate the challenge that many businesses face, particularly those that are handling personal data in this way for the first time. Our aim is to help the thousands of businesses that are doing their best to do the right thing. We want to support and guide them to handle people's data responsibly and keep it safe and secure.”
Kate Nicholls, CEO of UKHospitality, said:
“There is now an even greater need for hospitality businesses to focus on test and trace. It’s critical that data protection is at the heart of all of our efforts. We know organisations have a lot to think about during this time and we are keen that the ICO guidance is well publicised and well understood.”
You may also be interested in
RELATED CONTENT
RELATED COURSES
The Risk Assessment and Method Statement (RAMS) course examines the HSE’s recognised five-step approach to risk assessment.
The world’s best-known health and safety certificate, designed for managers and supervisors in any sector or organisation.
IOSH Safety for Executives and Directors is designed for those who have operational or strategic accountability for a company.
Introduction to health and safety gives learners a basic introduction to managing safety in their workplace.
Data breaches: your best chance of survival
The government has laid a code of practice on data sharing before Parliament, which aims to assist organisations in legally sharing data.
The current economic climate is changing the way many firms operate, causing some to leave the market or merge with other firms. When this happens, th...
The Information Commissioner’s Office (ICO) has issued a £12,700,000 fine to TikTok Information Technologies UK Limited and TikTok Inc (TikTok) for a ...