Partner and head of the commercial team at regional law firm Napthens, Jon Esner, says the concern is over information being farmed from customers at pubs, bars, restaurant and takeaways under the easing of measures post-lockdown.
Mr Esner says government guidance is still unclear regarding the exact information venues are being asked to collect but expects it to at least include names and email addresses as well as the telephone numbers of each and every customer.
Further detailed guidance has been promised, but he highlights that information can only be collected in accordance with the existing data protection laws.
“Data protection rules are very strict, and businesses must be aware of their responsibilities before they begin collecting information from customers and visitors,” he explained, “everything from legal notices on websites and in venues themselves, to staff training, and having a system in place to properly destroy the data afterwards must all be taken into account. As with so much relating to the pandemic, the situation is likely to change as more guidance is released by the Government, so it is important to seek up-to-date advice and make sure these changes are dealt with as soon as possible.”
Central government’s latest guidance on the re-opening of pubs, bars restaurants, and takeaways from July 4th, states that businesses are instructed to collect a, ‘temporary record’, of all visitors and customers, with this information to be stored for 21 days in an effort to assist the non-existent, NHS Track and Trace programme.
Mr Esner’s advice for making sure that personal information is dealt with properly includes:
- Update your online privacy notices to include a short explanation of why it is being collected
- Train staff to ensure the information collected, is stored securely and confidentially
- Collected data only to be used for Track and Trace compliance unless customers have been told otherwise
- Do not use for marketing purposes, without prior permission
- Ensure that a system is in place to destroy the data (likely to be) after 21 days
Did you find this article interesting? You may also like this: