By Jim Preen (Crisis management director at YUDU Sentinel)
Header Image by Ami Johnson
Pubs are struggling with the government request to keep customer records to help the NHS test-and-trace scheme.
A Norwich Wetherspoon pub, The Queen of Iceni, has been criticised for not collecting any data from customers at all.
Norwich resident Julia Lester said her son had gone to the pub and was concerned nobody was asked for their details. She said: “How would this impact any outbreak of Covid-19 in the city? This is a huge concern for public health.”
Eddie Gershon from Wetherspoons said: “It is not a legal requirement to take the details of customers. However, Wetherspoon has said that it will endeavour to do so in its pubs and to date there has been good compliance.”
The Blunsdon Arms in Swindon has been criticised for leaving customer contact details for all to see. A sheet of paper with names and telephone numbers was spotted on the bar by a customer. He said: “One of the people on the list is a young 22-year-old lady and her telephone number has been on display. Her details were on public display without her knowledge or consent and because of her unique name she’s very easy to trace on Facebook.”
A Sun on Sunday report said drinkers who leave their name at a pub could be ‘sitting ducks’ for criminals. They also reported that Women’s charities are concerned this could leave female customers vulnerable to stalkers.
There are also reports of venues using the data they collect for marketing purposes.
To get first-hand experience YUDU staffer, Emily Byrne, went to the Wheatsheaf in Perry, Cambridgeshire.
She entered the pub, was taken to the side of the bar and asked to scan a QR code which took her to the registration page of the pub’s website. There she filled in a form requesting her name, address, email address and phone number.
The process took a few minutes and she was told her data would be stored for 21 days. Shortly afterwards she received a spam email asking her to follow the pubs various social media accounts and to sign up for their newsletter. The ICO’s guidelines on this are very clear: ‘You cannot use the personal information that you collect for contact tracing for other purposes, such as direct marketing, profiling or data analytics.’
Emily said: ‘It’s a great pub but I was shocked that their first thought was to send me marketing stuff. What else will they do with my contacts, share them with other third parties?’
And it’s not just pubs that are at it. Martin Lewis just tweeted: ‘Slightly shocked to receive a marketing text from a barber. During my haircut I was asked for my number specifically due to Covid track & trace. That’s not acceptable (or legal). It’s wonderful ur open. It’s great ur being Covid secure, but pls ask for permission be4 marketing.’
We should all be doing our bit to beat Covid-19. In normal circumstances no one would dream of giving their contacts to pubs, bars and barbers, but these are not normal times. But there has to be reciprocal trust. Data must be held securely not used improperly and never left visible in a public place.
Beating Covid-19 is priority number one but it won’t be achieved by being careless with data privacy.