Friday 14 August 2020 5:03 am

Covid-19 threatens to set UK data protection back a generation

Steve Higgon is the founder and CEO of TAAP, the technology company behind TAAP Visitor Book.

There’s another crisis brewing. 

Millions of businesses across the UK have quickly adapted to the Covid-19 environment. While some companies have adopted technology to handle customer data collection, many have turned to more tried-and-tested track and trace systems — namely, good old-fashioned pen and paper. 

The hospitality industry, and especially pubs and bars, have had to become data protection experts overnight. For the most part, they’ve done a great job, and the industry at-large should be applauded for its efforts. However, without data compliance training or better data management systems, many venues are not only putting customers at risk but also themselves in line for possible fines and legal action.

Read more: A data arms race has begun — it’s not a game, it’s a national security imperative

Cases of data misuse and abuse continue to emerge from the hospitality sector. There is the example of Rose Lyddon, a postgraduate student at Oxford University, who claimed that a bartender at her local pub sent her a Facebook message after she visited the establishment. The heaps of data being collected could also be used by rogue employees to sell mobile numbers and other personal details into the black market or the dark web. 

Granted, the UK government has provided some advice to employers, and major companies have invested millions in Covid-19 protective equipment and training, but it can only take one major case to undermine the reputation of a business and leave it on the brink. 

Boris Johnson’s Conservative administration therefore needs to do more to make the risks and solutions better known around handling data. As to what’s at stake, the UK has come a long way over the last few years, and companies have gone to great lengths to meet the EU’s General Data Protection Regulation (GDPR). However, if they get it wrong, they could face hefty fines from the Information Commissioner’s Office. The average penalty from the ICO cost £216,000 last year, and that doesn’t even take into account a potential legal case brought about by disgruntled customers. This is the bread and butter of certain “no win, no fee” law firms focused on looking for data protection breachers. 

The proposed data awareness initiative from the government should go hand-in-hand with the successful “Eat Out to Help Out” campaign, which has seen 10.5m meals purchased under the scheme, generating savings of £53.7m for patrons, according to HMRC. Some 83,000 restaurants have signed up to the programme, showing that there could be a great appetite for more advice and guidance from the government on data protection. Ultimately, weaning outlets off pen and paper and encouraging them to look at easy-to-implement technology should be a priority.

Part of this is mindset. We should now all be thinking that safeguarding people’s personal information is part of the Covid-19 environment. There are clearly great advantages to collecting this data, but that harvesting also comes with great responsibilities — responsibilities that aren’t yet properly understood across the UK.

Read more: DEBATE: Is the Eat Out To Help Out scheme the solution our struggling restaurant sector needs?

Main image credit: Getty

City A.M.'s opinion pages are a place for thought-provoking views and debate. These views are not necessarily shared by City A.M.