Contact tracing: advice for secure data storagePosted on 10 August 2020 by Beaming Support
As pubs, cafes, beauty salons and other businesses reopen across the country many find themselves with a new and unexpected challenge: the storage of personal data.
New contact tracing advice means that any business whose service involves visitors spending a longer time in one place and/or coming into close contact with others must endeavour to collect details and maintain records of staff, customers and visitors. Government guidance recommends that this be done electronically.
This data is to include names, telephone numbers and dates and times of visiting or working. It is to be kept for 21 days in a way that is “manageable” for your business, and then should be erased.
This may seem like a daunting task if you’re not used to processing and/ or storing a lot of personal data, but following these simple steps will help you look after this sensitive information responsibly.
1. Check if the is data stored in the cloud
You may be using your existing electronic booking system to collect and store the personal information you collect, or perhaps a spreadsheet. Either way, make sure you’re clear on where this data goes when it is saved. Is it only stored locally on your device or does it go to cloud storage? If the data is kept in cloud storage, are you confident in the cloud provider’s ability to keep data secure? It can be helpful to look out for ISO:27001 certification as a sign that your provider takes data security seriously.
2. Back it up
Although you’d hope not to have to, you may need to access the information you’ve collected. Hopefully you’re in the practice of backing up your data; it’s important in case your usual device(s) should become inaccessible due to a cyber attack, loss, theft or physical damage, but it needs to be stored in a way that means it is not also susceptible to the kinds of events that could compromise the original data.
3. Password protect it
Individual staff members may have their own log ins to the booking system, so make it clear that they must not re-use this password for any other account. Otherwise, you can password protect individual documents if you are saving contact details in this way. However the information is being stored, ensure that it is protected with a strong, secure password.
Extra Tip: By making sure that employees always lock the screens of their work devices (tablets, PCs, etc), you put a barrier between any opportunist looking to take advantage of a busy environment and your data.
4. Limit access to only those that need it
Once the relevant data has been collected, only trusted senior management should need to access it in the event that the NHS Track & Trace service does contact you. Set permissions so that data is available only to those that need it.
5. Erase data when you no longer need it
The data you collect should only be kept for 21 days. Once that time is up, make sure the information is deleted from
- Your device
- Your Recycle Bin (to permanently delete files without sending them to the Recycle Bin, hold down the Shift + Delete buttons simultaneously)
- Your cloud storage (if applicable)
- Your backups
6. Be wary of access requests
We’ve seen that cyber criminals are moving quickly to take advantage of the uncertain atmosphere created by the Coronavirus pandemic, and the personal data you’ve collected could be of great value to them.
NHS Test and Trace outlines exactly how they would contact you and how they would request data on their website, but if anyone claiming to be from Track & Trace contacts you with a request for a payment, that you download software or disclose PINs or log-in details of any sort, alarm bells should ring.
Companies trust us to help keep their data secure
- Tricky Location
The BBQ Project at Hastings Pier
After taking on new premises on Hastings pier, The BBQ Project needed help implementing the right infrastructure to support their new app and ordering system.
- Temporary Lines
John F Hunt Group
How do you connect a temporary construction site to the internet when it is going to be to be demolished or infrastructure needs to be removed at the end of the project?
- Data Security
Kurt J. Lesker Company
For security reasons, all of the Kurt J Lesker Company’s data is held at its US base. This means the speed & security of the data connection between the US & the UK is crucial to the effective operation of KJLC’s business.
Having been at the cutting edge of technology for over 130 years, Astell Scientific knows that the technology they use to support their business also needs to be kept right up to date.
- Data Security
Folkestone St Mary's C of E Primary Academy
A fast and reliable internet connection is a necessity in the modern classroom, but this must be balanced with the very important matter of safeguarding students.
- Remote Working
Double Parking Systems
Moving to a new business location can be disruptive, but Beaming helped Double Parking Systems make a smooth transition.