Contact tracing: advice for secure data storagePosted on 10 August 2020 by Beaming Support
As pubs, cafes, beauty salons and other businesses reopen across the country many find themselves with a new and unexpected challenge: the storage of personal data.
New contact tracing advice means that any business whose service involves visitors spending a longer time in one place and/or coming into close contact with others must endeavour to collect details and maintain records of staff, customers and visitors. Government guidance recommends that this be done electronically.
This data is to include names, telephone numbers and dates and times of visiting or working. It is to be kept for 21 days in a way that is “manageable” for your business, and then should be erased.
This may seem like a daunting task if you’re not used to processing and/ or storing a lot of personal data, but following these simple steps will help you look after this sensitive information responsibly.
1. Check if the is data stored in the cloud
You may be using your existing electronic booking system to collect and store the personal information you collect, or perhaps a spreadsheet. Either way, make sure you’re clear on where this data goes when it is saved. Is it only stored locally on your device or does it go to cloud storage? If the data is kept in cloud storage, are you confident in the cloud provider’s ability to keep data secure? It can be helpful to look out for ISO:27001 certification as a sign that your provider takes data security seriously.
2. Back it up
Although you’d hope not to have to, you may need to access the information you’ve collected. Hopefully you’re in the practice of backing up your data; it’s important in case your usual device(s) should become inaccessible due to a cyber attack, loss, theft or physical damage, but it needs to be stored in a way that means it is not also susceptible to the kinds of events that could compromise the original data.
3. Password protect it
Individual staff members may have their own log ins to the booking system, so make it clear that they must not re-use this password for any other account. Otherwise, you can password protect individual documents if you are saving contact details in this way. However the information is being stored, ensure that it is protected with a strong, secure password.
Extra Tip: By making sure that employees always lock the screens of their work devices (tablets, PCs, etc), you put a barrier between any opportunist looking to take advantage of a busy environment and your data.
4. Limit access to only those that need it
Once the relevant data has been collected, only trusted senior management should need to access it in the event that the NHS Track & Trace service does contact you. Set permissions so that data is available only to those that need it.
5. Erase data when you no longer need it
The data you collect should only be kept for 21 days. Once that time is up, make sure the information is deleted from
- Your device
- Your Recycle Bin (to permanently delete files without sending them to the Recycle Bin, hold down the Shift + Delete buttons simultaneously)
- Your cloud storage (if applicable)
- Your backups
6. Be wary of access requests
We’ve seen that cyber criminals are moving quickly to take advantage of the uncertain atmosphere created by the Coronavirus pandemic, and the personal data you’ve collected could be of great value to them.
NHS Test and Trace outlines exactly how they would contact you and how they would request data on their website, but if anyone claiming to be from Track & Trace contacts you with a request for a payment, that you download software or disclose PINs or log-in details of any sort, alarm bells should ring.
Companies trust us to help keep their data secure
- Office 365
- Managed Services
Eclipse was already using cloud services to allow them to operate flexibly. However, they weren’t sure if they had the best solution, had adequate data security or were getting value for money. Find out how Beaming helped.
- Fibre Leased Line
- Office 365
Royal Literary Fund
The RLF needed to change some systems to support the effective running of the organisation. They had suffered from poor service, and looked for who would understand what they needed.
- Cloud Voice
With the ISDN switch off looming, Roselands knew they needed to upgrade to a VoIP system in order to keep providing excellent service to their customers – but they didn’t have time for any hassle.
- Temporary Lines
- Tricky Location
With multiple housing developments on the go simultaneously, Troy Homes need their sites to be well connected and capable of supporting a busy work force.
- Managed Networks
Iliffe Media Group
Modern media companies are bandwidth-hungry environments. Iliffe Media needed an upgrade to their network and required rapid, resilient connectivity between newsrooms and office locations across the UK.
Plastipack, world leading manufacturers of energy and resource saving products, weren’t satisfied with their current VoIP system. They wanted a solution that could do more.
More data security advice
What to expect in a data centre
Visiting a data for the first time? Here’s everything you can expect to see.