The UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.

1. Lock it away when not in use.

Keep the customer and visitor details lists locked away in a cabinet or drawer when you’re not using them. This includes paper lists and any laptops or devices if you’re storing the data digitally. This will reduce the risk of things being lost or stolen.

2. Brief staff on their responsibilities

Make sure all your staff are aware of the importance of keeping personal data safe and that they cannot share or use customer and visitor information for any purposes other than the contact tracing programme. You should consider which members of staff need access to the personal data logs and limit access to those staff.

3. Be extra vigilant about opening web links and attachments in emails or other messages.

Don’t click on unfamiliar web links or attachments claiming to give you important COVID-19 updates. We’re seeing a rise in scams so follow the National Cyber Security Centre’s (NCSC) guidance on spotting suspicious emails.

4. Use strong passwords for digital devices.

If you’re using online storage or a laptop to collect records, you should use a strong password. NCSC recommends using three random words together as a password (eg. 'coffeetrainfish' or ‘walltinshirt’). Make sure you use different passwords for different devices.