To say times have been tough recently for small business owners is a bit of an understatement.
Currently in the second national lockdown, businesses are finding life harder than ever - and things might be about to get worse for those who have taken test and trace into their own hands.
If this image looks familiar to you, you may have already breached, or been victim to a breach of personal data.
While the UK government would like you to believe otherwise, it is not a legal requirement for patrons to use the NHS app to check in to your premises. This has led to many businesses providing pen and paper as an alternative method.
So why is Pen & Paper an issue?
Many businesses are resorting to pen and paper to collect customer details – leaving a clipboard out for visitors to complete. The table usually has several columns, asking for name, email, phone number and more, and countless rows where person after person provides their personal data. This personal data is then often left out on a counter for any passer-by to see, access and record, until the rows are full and a fresh piece of paper is required.
How have people been impacted?
Social media, and news feeds have been buzzing with reports of peoples data being misused already. Reports have already come in where staff have used the personal data to contact customers, or where other customers have been able to photograph or copy details of customers that have signed in before them.
- Bus worker sends "creepy" messages to woman after copying her phone number from test-and-trace paper form - Read the article on the BBC website
- Women are reporting troubling stories of texts from strangers and even harassment - Read the article on the Daily Mail website
- Infringements could result in a fine of up to €20 million, or 4% of the firm's annual revenue from the preceding financial year, whichever amount is higher
- Data processing must be done in a lawful, fair, and transparent manner. It has to be collected and processed for a specific purpose, and processed in a manner that ensures its security
What can be done?
- Use a secure digital tool to capture data so that previous entries can not be seen by other customers.
- Ensure that the submitted data is only ever handled by business owners / managers and not staff who could access it for other reasons.
Here at RapidReg we have created a tool for small businesses to capture data that can be used for test and trace. For a limited time, we are giving away 500 free registrations for any business affected by Covid. That means you can use the tool completely free for your first 500 registrations, and 33p a day after that.
So, should they be fined?
The ico.org.uk website has responded to queries relating to data breaches during COVID-19 by saying "We won’t penalise organisations that we know need to prioritise other areas or adapt their usual approach during this extraordinary period." - but they are unclear on how long this will last.
Regardless of the intentions of the small business, it is clear that data privacy is indeed being breached. Even though there appears to be a temporary allowance for these breaches, small businesses still have a moral responsibility to protect their customers.
Have your say. Should small businesses be fined for data breaches?