Contact tracing: advice for secure data storagePosted on 10 August 2020 by Beaming Support
As pubs, cafes, beauty salons and other businesses reopen across the country many find themselves with a new and unexpected challenge: the storage of personal data.
New contact tracing advice means that any business whose service involves visitors spending a longer time in one place and/or coming into close contact with others must endeavour to collect details and maintain records of staff, customers and visitors. Government guidance recommends that this be done electronically.
This data is to include names, telephone numbers and dates and times of visiting or working. It is to be kept for 21 days in a way that is “manageable” for your business, and then should be erased.
This may seem like a daunting task if you’re not used to processing and/ or storing a lot of personal data, but following these simple steps will help you look after this sensitive information responsibly.
1. Check if the is data stored in the cloud
You may be using your existing electronic booking system to collect and store the personal information you collect, or perhaps a spreadsheet. Either way, make sure you’re clear on where this data goes when it is saved. Is it only stored locally on your device or does it go to cloud storage? If the data is kept in cloud storage, are you confident in the cloud provider’s ability to keep data secure? It can be helpful to look out for ISO:27001 certification as a sign that your provider takes data security seriously.
2. Back it up
Although you’d hope not to have to, you may need to access the information you’ve collected. Hopefully you’re in the practice of backing up your data; it’s important in case your usual device(s) should become inaccessible due to a cyber attack, loss, theft or physical damage, but it needs to be stored in a way that means it is not also susceptible to the kinds of events that could compromise the original data.
3. Password protect it
Individual staff members may have their own log ins to the booking system, so make it clear that they must not re-use this password for any other account. Otherwise, you can password protect individual documents if you are saving contact details in this way. However the information is being stored, ensure that it is protected with a strong, secure password.
Extra Tip: By making sure that employees always lock the screens of their work devices (tablets, PCs, etc), you put a barrier between any opportunist looking to take advantage of a busy environment and your data.
4. Limit access to only those that need it
Once the relevant data has been collected, only trusted senior management should need to access it in the event that the NHS Track & Trace service does contact you. Set permissions so that data is available only to those that need it.
5. Erase data when you no longer need it
The data you collect should only be kept for 21 days. Once that time is up, make sure the information is deleted from
- Your device
- Your Recycle Bin (to permanently delete files without sending them to the Recycle Bin, hold down the Shift + Delete buttons simultaneously)
- Your cloud storage (if applicable)
- Your backups
6. Be wary of access requests
We’ve seen that cyber criminals are moving quickly to take advantage of the uncertain atmosphere created by the Coronavirus pandemic, and the personal data you’ve collected could be of great value to them.
NHS Test and Trace outlines exactly how they would contact you and how they would request data on their website, but if anyone claiming to be from Track & Trace contacts you with a request for a payment, that you download software or disclose PINs or log-in details of any sort, alarm bells should ring.
Companies trust us to help keep their data secure
- Remote Working
Double Parking Systems
Moving to a new business location can be disruptive, but Beaming helped Double Parking Systems make a smooth transition.
Andrew M Wells Accountancy
Strengthening IT infrastructure & finding freliable support was a priority for this accountancy firm. Then, the Coronavirus pandemic sent everyone home to work.
- Tricky Location
Fineturf supplies high performance sports pitch construction solutions to the likes of Manchester United. But pre-Beaming, their telephone and broadband supplier didn’t match that high performance
With a move to new business premises planned, Innovolo contacted various providers to enquire about connectivity, and was impressed by Beaming’s speedy – and human – response.
Aiming for a paperless system, Artemis’s director, Emma Buggy, needed the right infrastructure to support this new technology.
- Not For Profit
Sandown School aims to form close relationships with families & the community. Until recently, the school’s telephone system was not providing the support the school needed.