A number of types of businesses are required to collect customer contact details to support contact tracing during COVID-19. But strict privacy rules apply. Here’s what you need to know about handling your customers’ personal information.
As COVID-19 restrictions are relaxed, some states and territories are asking businesses to gather their customer’s personal contact details to facilitate contact tracing in the event of a community outbreak. It is important to remember that these details are private. Simply asking customers who enter your business premises to write their phone number in a book left at the front counter brings risks of privacy breaches. Here’s what you need to know about collecting customer data.
Provide an explanation
First up, your business is required to explain to customers why their details need to be collected. This can be done with a simple sign in the window backed up by a quick conversation with the customer.
Only collect information that’s needed
Only collect those personal details mandated by your state or territory (see below). These details are typically the name and mobile number or email address for all staff, customers and contractors who come into your workplace. The information provided can only be used for contract tracing – you cannot use it for other purposes such as marketing[1].
Keep private details private
The names and phone numbers of your customers should not be recorded where other customers and staff can see them. Rather than record contact details in, say, your booking system, aim to maintain a separate record. This also lets you destroy the records after the appropriate timeframe.
Store the data for a set period
The period of time you need to maintain customer contact details varies between locations. In NSW for instance, you need to keep contact records for at least 28 days[2].
To know if your business is required to collect contact details, and for the requirements that apply in your location, jump onto the sites listed below:
____________
[1] https://www.oaic.gov.au/privacy/guidance-and-advice/guidance-for-businesses-collecting-personal-information-for-contact-tracing/?fbclid=IwAR3b68Bj-w04MTStMjA5ONKhIh4l2pbH43o_9p0bPkyaHhw8Vztwmaipvcg
[2] https://www.nsw.gov.au/covid-19/industry-guidelines/pubs-and-clubs-including-small-bars-cellar-doors-breweries-and-casinos
____________
Prepared by OnDeck Capital Australia Pty Ltd ABN 28 603 753 215 (“OnDeck”) for general information purposes only. Content may belong to or have originated from third parties and OnDeck takes no responsibility for the accuracy, validity, reliability or completeness of any information. You should not rely upon the material or information as a basis for making any business, financial or any other decisions. Loans issued in Australia are subject to the terms of a loan agreement issued by OnDeck. Loans are subject to lender approval. OnDeck® is a Registered Trademark. All rights reserved.
