Contact tracing: advice for secure data storagePosted on 10 August 2020 by Beaming Support
As pubs, cafes, beauty salons and other businesses reopen across the country many find themselves with a new and unexpected challenge: the storage of personal data.
New contact tracing advice means that any business whose service involves visitors spending a longer time in one place and/or coming into close contact with others must endeavour to collect details and maintain records of staff, customers and visitors. Government guidance recommends that this be done electronically.
This data is to include names, telephone numbers and dates and times of visiting or working. It is to be kept for 21 days in a way that is “manageable” for your business, and then should be erased.
This may seem like a daunting task if you’re not used to processing and/ or storing a lot of personal data, but following these simple steps will help you look after this sensitive information responsibly.
1. Check if the is data stored in the cloud
You may be using your existing electronic booking system to collect and store the personal information you collect, or perhaps a spreadsheet. Either way, make sure you’re clear on where this data goes when it is saved. Is it only stored locally on your device or does it go to cloud storage? If the data is kept in cloud storage, are you confident in the cloud provider’s ability to keep data secure? It can be helpful to look out for ISO:27001 certification as a sign that your provider takes data security seriously.
2. Back it up
Although you’d hope not to have to, you may need to access the information you’ve collected. Hopefully you’re in the practice of backing up your data; it’s important in case your usual device(s) should become inaccessible due to a cyber attack, loss, theft or physical damage, but it needs to be stored in a way that means it is not also susceptible to the kinds of events that could compromise the original data.
3. Password protect it
Individual staff members may have their own log ins to the booking system, so make it clear that they must not re-use this password for any other account. Otherwise, you can password protect individual documents if you are saving contact details in this way. However the information is being stored, ensure that it is protected with a strong, secure password.
Extra Tip: By making sure that employees always lock the screens of their work devices (tablets, PCs, etc), you put a barrier between any opportunist looking to take advantage of a busy environment and your data.
4. Limit access to only those that need it
Once the relevant data has been collected, only trusted senior management should need to access it in the event that the NHS Track & Trace service does contact you. Set permissions so that data is available only to those that need it.
5. Erase data when you no longer need it
The data you collect should only be kept for 21 days. Once that time is up, make sure the information is deleted from
- Your device
- Your Recycle Bin (to permanently delete files without sending them to the Recycle Bin, hold down the Shift + Delete buttons simultaneously)
- Your cloud storage (if applicable)
- Your backups
6. Be wary of access requests
We’ve seen that cyber criminals are moving quickly to take advantage of the uncertain atmosphere created by the Coronavirus pandemic, and the personal data you’ve collected could be of great value to them.
NHS Test and Trace outlines exactly how they would contact you and how they would request data on their website, but if anyone claiming to be from Track & Trace contacts you with a request for a payment, that you download software or disclose PINs or log-in details of any sort, alarm bells should ring.
Companies trust us to help keep their data secure
With a move to new business premises planned, Innovolo contacted various providers to enquire about connectivity, and was impressed by Beaming’s speedy – and human – response.
Aiming for a paperless system, Artemis’s director, Emma Buggy, needed the right infrastructure to support this new technology.
- Not For Profit
Sandown School aims to form close relationships with families & the community. Until recently, the school’s telephone system was not providing the support the school needed.
- Remote Working
PR Artistry is a PR and content creation company. Since 2017 everyone at PRA has worked remotely therefore a central point for the company’s connectivity & communication is essential.
- Remote Working
The Adastral Group
With one eye always on the future, the Adastral Group knew there was likely to be a move towards the virtual delivery of training, but they couldn’t have predicted quite how quickly this would happen.
- Hosted Voice
An ageing ISDN telephone system and a desire to be prepared for the future prompted the move to cloud voice technology for this innovative printing firm.