Research suggests poor storage, use and erasure of customer data collected

New research from DSA Connect reveals that 15% of people who work for businesses such as pubs and restaurants that have had to capture personal contact details of customers and other people who have visited their premises during the COVID-19 crisis, believe this data is not stored in a secure way.

Only 17% said they think it is stored very securely, and a further 42% said its storage is secure enough.

Our findings also reveal that only half of those interviewed said they were aware of restrictions around accessing this data, and which of their colleagues are permitted to do this.  Some 31% said they are aware of restrictions but have not been informed on who can access the data, and even more alarming is the fact that 16% said they are not aware of any restrictions, or don’t believe there are any.

Legally, the data collected needs to be deleted within 21 days of collecting it, but only 22% of those people interviewed who work for employers that collect this information are ‘very confident’ this happens.

In addition to this, the data must not be used for marketing purposes but only 48% of those interviewed say they are ‘very confident’ this does not happen.  Some 11% said they were not confident the data would not be used for this purpose.

Harry Benham, Chairman of DSA Connect said: “These findings are alarming and there have been some high profile cases where people claim that data collected by shops and retailers they have visited for example, have misused this information.

“Employers also need to make sure they have deleted the data held correctly because if they don’t they could face fines.  Legislation around how personal data is stored and used in the UK has never been more robust.”