As a result of the Covid-19 pandemic, pubs, cafes and similar businesses were forced to capture personal and contact details of those that visited their premises. But it appears much of that data was not stored in a secure way.
This is according to a new report from DSA Connect, an IT asset disposal company specializing in the permanent deletion and destruction of electronic data.
Polling 1,029 people for the report, the company found that only half of respondents were aware of restrictions in place around data access, while a third, although aware of the restrictions, didn't know who actually had access to the data.
Only 17 percent said the data they gathered was stored very securely, while almost half (42 percent) said it only met the minimum requirements for security.
The data needs to be deleted within three weeks, the report explains, but less than a quarter believe this actually happens. Instead, according to almost half of the respondents, it gets used for marketing – something that should not be happening at all.
“These findings are alarming and there have been some high profile cases where people claim that data collected by shops and retailers they have visited for example, have misused this information,” said Harry Benham, Chairman of DSA Connect.
“Employers also need to make sure they have deleted the data held correctly because if they don’t they could face fines. Legislation around how personal data is stored and used in the UK has never been more robust.”