Last weekend, I went shopping for the first time in months. As I went from shop to shop, I of course had to provide my personal details upon entering each store. What I noticed is that there’s no clear-cut guidance for local businesses on collecting customer info.
How would my local butcher know about effectively managing sensitive customer data? Why would a family-run bakery know about privacy statements? And how would these small businesses inform me on how they’re using my personal data?
Maybe your business is in much the same boat, and who could blame you? None of us expected to be living through a pandemic. We’re all trying to quickly adapt to preserve the health of the community and keep business viable. Obviously, these measures were rapidly implemented to track the spread of COVID-19 among communities.
Unfortunately, these practices also defy everything we’ve been told about data security and as this goes on, we need to do something about it. You’ve already got a million other things to worry about, but you need to ensure your customer’s sensitive, personal information doesn’t fall into the wrong hands. Otherwise, the risk to your business and your customers could be massive.
The Current Pitfalls
Many businesses currently have two clear ways of collecting customer information for COVID-19. The first one is QR codes. A customer simply scans the code with a smartphone and they’re directed to an online form. Often, there’s no mention on these forms about where the information goes, how long it’s stored for and who in the business can access it.
Unless you’re a large business with a big budget, you’re likely to rely on free servers to host these forms. These are servers anyone can hack into.
The second, and more troubling method of collecting customer info, is by writing your details down on a piece of paper. This method has become particularly common among local cafes, restaurants and pubs.
In a time where we’re conscious of social distancing, sharing pens seems counter-intuitive to slowing the spread of COVID-19. Most importantly, no one or nothing is stopping this information from becoming publicly available. We we’re all so sceptical about the government’s COVID Safe app, but clearly, we trust anyone who can access a pub more than our elected officials.
I could hypothetically walk into my local watering hole, take a photo of the sign in sheet with my phone and no one would know.
While some sign in sheets as for your address or even your email, most ask for your mobile number. Many businesses don’t realise that your customers’ number is sensitive info, as their bank accounts tend to be linked to it. If the wrong person gets their phone number, they could be spammed for months, even years.
What Your Business Should Be Doing
For many smaller businesses, collecting customer info via a sign in sheet is the only viable, affordable option. At the end of each day, you should enter the information on the sheet into a secure online database, or even a spreadsheet.
There haven’t been any guidelines on how long you should keep this data on file for. With most government messaging around contact tracing and self-isolation specifically listing a 14-day time period, it’s recommended you don’t hold onto this customer data for longer than 28 days. This allows 14 days for symptoms to present themselves, and another 14 days for contact tracing.
At the end of the four-week period, the customer data should be completely wiped. Delete any spreadsheets from your computer and securely throw out your old sign in sheets.
The most important thing you can do during this time is be as transparent as possible with your audience. Something such as Three Beans’ online form offers customer confidence. Firstly, it’s the form itself is https, meaning it’s secure. More importantly, they’ve included a disclaimer tell customers exactly how their data will be used, for how long it will be stored.
For those with more budget behind them, directing customers to an online form via QR codes is the safest, most efficient method of collecting data. However, your form should be hosted on a private server, and your form should mention how this data will be used. If there’s anything we’ve learned from previous data management pitfalls, transparency between brands and consumers is essential.
All local businesses can currently apply to be a government-certified, ‘COVID SAFE’ business. Demonstrate how your store is currently looking after customer’s safety, and the NSW government will provide your business with its own unique, free QR code. Customers scan the code via the Services NSW app, allowing for faster contact tracing and ensuring all customer data is correct.
The Future of Contact Tracing
Despite numbers of community transmissions slowly declining, it looks like you’ll be required to log customer details for a while to come.
This doesn’t mean your business should become complacent in the coming months. Advanced technologies are creating new, more effective ways of safely gathering data.
Near field communication, or NFC, involves two systems interacting with each other without physical contact. While many people already use NFC to complete payments with their smartphone, this also creates a swift new method of checking into a specific store location.
Mobile wallet technology can also be leveraged to offer your customers seamless shopping experiences in a COVID world. Mobile wallets store all personal data. There’s no need to re-enter your details every time you visit a location.
When combined with geofencing, mobile wallet technology lets your customers safely check into your stores, without unlocking their phones. You can even send push notifications to users, alerting them of a recent COVID outbreak in-store or nearby.
Contact tracing is one of our best hopes of eradicating COVID-19 from Australian communities. While current methods could lead to private info falling into the hands of criminals, its important you keep the best data security practices in mind. The last thing you need in a time like this is a whopping fine for mismanaging sensitive customer information.
If more small businesses embrace new technologies, we could see a watershed moment for data collection in Australia.