Following on from our post about data protection and contact tracing, we’ve been researching ways to capture these details safely and securely. Simply there are two different ways to capture contact details.
Physical Sign-in sheet
A physical sign-in sheet such as a form or diary is probably the simplest and most non-technical method to manage this need but quickly comes with some drawbacks that need to be carefully managed.
|Simple to put in place using a clip board, paper and pen||Possible cross contamination issues from shared use of a pen and clipboard.|
|Easy to manage without technical expertise||Keep in mind that unless you are closely monitoring the sheet, someone could look at other visitors signed in or steal others personal details.|
|If you are a busy establishment managing lots of paper sign in sheets for each day could get difficult very quickly terms of sheer volume and rotation / destruction.|
|The forms need to be kept secure and safe once completed e.g kept in a locked filing cabinet in a back office.|
|You need to keep in mind that details need to be securely destroyed eg. using a paper shredder.|
|Consider the legibility of peoples handwriting. If you know anyone with terrible handwriting consider how you would read their contact details in the event of a local outbreak.|
|Consider the environmental impact of using lots of paper.|
The other and more technical method is to use an electronic form to manage the capture of visitors information. This method, whilst more complicated to initially setup comes with a number of benefits.
|A simple online form created in Microsoft Forms or Google Forms can capture contact details centrally and securely.||Possible cross contamination issues from shared use of a tablet device ** see below for another option!|
|information can be checked and validated whilst being entered.||Requires some technical knowledge and setup.|
|Easy to read once captured in the form (no trying to read someones handwriting).||Requires a tablet or other mobile device to be available to use **see below for another option!|
|The 21 day deletion can be managed automatically.|
|Only the visitors record is visible when entered.|
Tackling cross contamination
Cross-contamination is a problem between both common forms of capture either by using a shared tablet device or paper form, both involve physical contact and potential contamination and infection.
One simple method to avoid this issue is to use a QR code. A QR code is similar to a bar code that once scanned by your smartphone can send you to an app or web page. Give the code above a try and see what happens!
Using a QR code at the entrances of your venues or establishments before ordering allows visitors to enter their contact details using their own device, avoiding the potential risk of cross-contamination!
What else do I need to know about contact tracing?
Our previous blog posts covers the main details about what you need to capture for contact tracing purposes, just remember:
- You only need to capture basic details for contact tracing, you do not need to see ID (unless this is needed for another purpose, such as age verification)
- You only need to keep these details for 21 days after the visit. After this they can be securely destroyed.
- This is a strongly recommended action to take to help the NHS track and trace teams, but it’s not legally required. Someone can refuse to provide their contact details as they have the right to object to the processing of their personal details. Whilst in these circumstances it is best to reassure and encourage someone that you will only use these details for this purpose, you can’t force them to provide contact details.
- You must keep these details safe and secure whilst they’re in your possession, either physically or by using good cyber security practises.
Check out our blog post that covers this in more detail, with links to further resources.
How can Shout Cyber help?
We’re here to help businesses during and through the recovery of the pandemic. We can help your business to:
- Develop and deliver a secure and compliant means of capturing contact details for contact tracing.
- Provide staff training in data protection legislation and requirements specifically suited to this situation, for example how to recognise when someone is requesting their data as part of a Data Subject Access Request
- Help you to document and develop your processes around contact details capture such as data protection notices.
- Provide support and advice on how to improve your businesses security.