ICO guidance for data protection when collecting customer information
The ICO has issued guidance to assist organisations mandated to collect customer and visitor information. From 18 September it is mandatory for all English businesses in the hospitality sector, leisure and tourism sector and close contact businesses, such as barbers and beauticians, to collect customer information for the test and trace programme.
The guidance issued by the ICO has five steps that should be followed to ensure organisations manage people’s information responsibly. The ICO states that organisations must:
Only ask people for the specific information that has been set out in government guidance;
Be clear, open and honest with people about what is being done with their personal information;
Keep people’s data secure. Organisations should not use open log books, and should ensure their customers’ personal information is kept private;
Not use the personal information collected for contact tracing for other purposes, such as direct marketing, profiling or data analytics; and
Erase or dispose of the personal information collected after 21 days.
Organisations do not have to ask people for their information if individuals are using a contact tracing app to check into venues.
Posted on 7 October, 2020 by Ortolan