Servertastic

UK £ US $ Euro

  • Home
    • About Servertastic
    • Servertastic Blog
  • Cyber Security
    • SiteLock Website Security
    • Vulnerability Scanning
  • SSL/TLS Certificates
    • SSL Certificate Comparison Chart
    • Sectigo Certificates
      • PositiveSSL DV
      • PositiveSSL DV Multi-Domain
      • PositiveSSL DV Wildcard
      • PositiveSSL EV
      • PositiveSSL EV Multi-Domain
      • Sectigo DV SSL
      • Sectigo SSL DV Multi-Domain
      • Sectigo DV SSL Wildcard
      • Sectigo OV SSL
      • Sectigo SSL OV Multi-Domain
      • Sectigo OV SSL Wildcard
      • Sectigo EV SSL
      • Sectigo SSL EV Multi-Domain
    • RapidSSL DV
      • RapidSSL Wildcard DV
    • Geotrust Certificates
      • QuickSSL Premium DV
      • True BusinessID EV
      • True BusinessID OV
    • DigiCert Products
      • Secure Site OV
      • Secure Site EV
      • Secure Site Pro OV
      • Secure Site Pro EV
      • Secure Site Wildcard OV
      • Norton Seal
    • Microsoft Exchange certificate
    • EV Certificates
    • Wildcard Certificates
    • DV Certificates
    • Validated Certificates
    • Multi Domain Certificates
      • True BusinessID OV Multi Domain
      • Sectigo SSL EV Multi-Domain
      • Sectigo SSL OV Multi-Domain
      • Sectigo SSL DV Multi-Domain
      • PositiveSSL EV Multi-Domain
      • PositiveSSL DV Multi-Domain
      • QuickSSL Premium DV
      • True BusinessID OV
      • True BusinessID EV
  • SmarterTools
    • SmarterMail
      • SmarterMail Upgrades
      • SmarterMail Maintenance and Support
      • SmarterMail Message Sniffer
      • SmarterMail ActiveSync
      • SmarterMail Exchange Web Services
    • SmarterStats
      • SmarterStats Upgrades
      • SmarterStats Maintenance and Support
    • SmarterTrack
      • SmarterTrack Upgrades
      • SmarterTrack Maintenance and Support
      • SmarterTrack Communicator
  • Account Login
  • Help
    • Read the Docs
    • FAQS
  • Contact
  • LOG OUT

Test and Trace privacy – your new obligations

8th July 2020

Cafe with social distancing

A whole heap of businesses have just been upgraded – in data terms – from collecting and holding only limited amounts of data, probably about staff and suppliers, to holding information about members of the public. 

With this upgrade comes a levelling-up of risk and additional scrutiny. If small businesses such as hairdressers and pubs hadn’t thought of themselves as Data Controllers before, they very much need to now. 

How have data-handling obligations changed due to Test and Trace?

The Government has asked that businesses like barbers, hairdressers, pubs and other venues keep data about customers to help with its Test and Trace efforts. 

This means that these businesses are now Data Controllers and need to be registered with the Information Commissioner’s Office - ICO (if they weren’t already). Any business collecting data will also need to have a privacy policy and to explain to customers how and why it is collecting data, and what it will do with it. 

The Government requires only a lead name, contact phone number and the time of arrival to be collected. No other information should be collected for the purposes of assisting the Test and Trace system. The information needs holding for 21 days, after which it’s pretty certain that the risk of needing it is over and it needs appropriately destroying. 

How can businesses use the Test and Trace data?

If you’re only collecting the data for the purposes of tracing anyone potentially exposed to the virus you cannot use it for any other purpose. You can’t subscribe people to your marketing emails or use their contact details for any other reason. The ICO could fine your business if it is used for any other purpose. 

How you intend to use the data should be explained when it is collected. 

How should Test and Trace information be collected?

As with all data it’s important that it is collected and stored securely. 

Booking systems are an acceptable way of holding data, so if you already collect people’s information to make appointments then you could use this to report if you needed to. 

Using an online system is likely to be the quickest and most secure way to collect data if you don’t already have a booking system. An app or system created by a company holding a Cyber Essentials Certification – is most likely to be dependable and able to keep your customers’ data safe. 

Record Customer is an app built by our sister company, Askew Brook, specifically for collecting only the necessary data quickly and easily, and keeping it safe until it’s needed, then destroying it if it isn’t. Try it free for seven days, then pay just £40+VAT/month to keep your customers’ data safe and secure. This is a 20% discount for 3 months using the coupon code SERVERTASTIC.

You could use pen and paper, but you’d need robust systems to ensure the data was always stored securely, accessible by only people who need to see it, and that it was properly destroyed after 21 days. 

Creating all of these data-secure systems is something many small businesses will never have had to deal with before

When might you need to hand over the data?

If someone who has been to your business tests positive for Covid-19 you might get a request from the Government’s Test and Trace team to release the data to them. They will only ask for data for customers who could have come into contact with the person who has tested positive, so you won’t need to release all of the data you hold. 

The system has already been used. In the first week after reopening at least three pubs had already closed after customers or people closely related to staff members reported testing positive for coronavirus. 

Filed Under: Cyber Security, Privacy Tagged With: coronavirus

  • Blog Home
  • Cyber Security Services
  • Contact Us

Recent Posts

  • Test and Trace privacy – your new obligations
  • Data and cyber security risks with the new Track & Trace system
  • Staying safe from fraud – Covid19
  • Is your desk photo giving away important data?
  • Cyber security when working from home – stay safe online

Cyber Security Services

  • Cyber Security
  • Cyber Essentials Certification
  • Cyber Security Awareness Training

Sectigo Products

  • PositiveSSL DV
  • PositiveSSL with EV
  • PositiveSSL DV Wildcard
  • Sectigo DV SSL
  • Sectigo DV SSL Wildcard
  • Sectigo OV SSL
  • Sectigo OV SSL Wildcard
  • Sectigo EV SSL
  • Sectigo SSL DV Multi-Domain
  • PositiveSSL DV Multi-Domain
  • Sectigo SSL OV Multi-Domain
  • PositiveSSL EV Multi-Domain

DigiCert Products

  • DigiCert Features
  • Secure Site OV
  • Secure Site EV
  • Secure Site Pro OV
  • Secure Site Pro EV
  • Secure Site OV Wildcard
  • Secure Site Pro Wildcard OV
  • Norton Seal

Geotrust Products

  • QuickSSL Premium DV
  • QuickSSL Premium Multi Domain
  • QuickSSL Premium Wildcard DV
  • True BusinessID OV
  • True BusinessID OV Multi Domain
  • True BusinessID EV
  • True BusinessID EV Multi Domain
  • True BusinessID OV Wildcard

RapidSSL Products

  • RapidSSL DV
  • RapidSSL Wildcard DV

SmarterTools Products

  • SmarterMail
  • SmarterStats
  • SmarterTrack

Support

  • Knowledge Base Home
  • Current System Status

Resellers

  • Reseller Program
  • Reseller Login
  • Reseller Sign-Up
  • Reseller Terms and Conditions

Social Media

  • Twitter
  • Facebook
  • Medium
  • LinkedIn

Legal

  • Terms and Conditions
  • Refund Policy
  • Privacy Policy
  • Reseller Terms and Conditions
  • VAT On Purchases

Servertastic Limited is registered in England and Wales.
Registered Company Number: 04982077
VAT Number: GB125485804

Hosted by LayerShift

 Mastercard Maestro Visa American Express
Diners Club JCB Discover Paypal
Sectigo Trust Seal
Reviews
Cyber Essentials