Anyone visiting outdoor establishments from 6 July and indoor eateries from 15 July will be asked to provide data such as their name and contact telephone number to the business as well as logging the date and time of their visit as part of Scotland’s test and protect effort.
But with no centralised system, many potential customers are concerned about their data.
Stampede, a Leith-based start-up, recently announced the launch of a new secure, contactless service to help pubs, bars and restaurants collect customer data – as required to support the government measures.
Stampede’s founder, Patrick Clover, says the service is designed to make the process easy for venue owners when they reopen, while also making spontaneous walk-ins possible again via its automatic registration process.
Patrick says: “We’re working with hundreds of Scottish pubs, bars and restaurants to ensure they can open safely, collect data securely and support the Government’s test and protect measures.
"People want a return to normality and the reopening of our hospitality sector plays a big part in this. It’s natural that people want to go out and enjoy themselves, but it’s imperative that venues reopen safely, and that we don’t undermine the sacrifices that people made during lockdown."
What initially started as a marketing company for businesses, designed to understand and engage better with customers, Stampede has developed its existing platform to help their clients reopen amid the coronavirus crisis, as Patrick explains. “Two weeks ago, there was an announcement that in order to reopen as part of the guidelines, it would be expected that businesses would collect customer details.
"We had a platform that pretty much did that already. One of the things that we realised was that there are going to be lots of different ways that customers are going to come in and interact with businesses, so we adapted our product to offer a track and trace capability, which allows customers to check to a bar by scanning a QR code or connecting to their Wi-Fi.
"Once customers are checked in, they’ll be added to a list and the operator can see who’s currently checked in and either deny or allow service to those people that have done that step.
“Pub owners care about the health and safety of their customers, but most won’t know where to get started with data collection, security and privacy, nor will they want to risk spoiling the experience by making customers jump through hoops.
"Our data collection service means spontaneous pub trips and walk-ins can still happen under the right circumstances. It’s a better, more secure and more private option than digital ledgers, and more hygienic than using pen and paper.
"The outlook for British pubs and bars was extremely bright before the outbreak, pub numbers were up for the first time in a decade, and I expect the industry to get back to its feet asap.”
Due to there being no centralised system, as seen in countries like Korea, Patrick is keen for Stampede to get as many hospitality businesses on board so that their data can help if there are localised Covid-19 outbreaks.
“It works on an aggregate model," he explains. "We have a decentralised audit of everyone that has checked into each venue, so if a customer goes to the pub then their local coffee shop (provided both as signed up with Stampede) those businesses won’t know who has visited each but we will and we will have the timings of each visit.
“Let’s say you get coronavirus; we will know that you were in this business at this time and then you went to this other business at this time, which then means that the other people within your vicinity within the timeframe can be notified.
"That makes the overhead for whoever is running this at the NHS side of things far lower because they don’t need to contact every individual business.”
The question on most customers’ minds will be, how can the data collected for test and protect stay safe? For Stampede, so long as users check a box opting out of marketing, their details will only be kept for 21 days.
For regular or returning customers, the service will automatically register their smartphone on arrival and reset the 21 day counter. This means that they do not need to provide their details each time they arrive at the venue, thereby retaining the spontaneity of a pre-pandemic pub visit.
The service is fully managed by Stampede but can be customised by the venue owner, meaning venues don’t have to maintain complicated records if they don’t want to.
Speaking about other methods, Mark Nicholls, CTO at cyber security firm Redscan, says that businesses must be vigilant with their app developers: “Whether it be via old-fashioned pen and paper or a dedicated smartphone application, pubs, bars and restaurants need to ensure that they give full consideration to the controls and processes that they use to collect, store and dispose of sensitive customer data.
"Even accidental disclosure of personal information, including that of other customers, is considered a data breach and would need to be reported to the ICO.
“The latest data protection legislation mandates that any information captured is relevant to the process it is being collected for.
"Organisations must also make it very clear how the data will be used. Attempts to use customer data for marketing purposes without clear consent could land a venue in hot water.
“Smartphone applications that help organisations with track and trace are being welcomed by the leisure and hospitality sector but it is imperative that these solutions are closely evaluated before they are used.
"The customer data that they process will undoubtedly be highly prized by scammers and even the smallest vulnerabilities are likely to be sought out and exploited.
“To verify that an application is secure and complies with the latest data protection standards, organisations need to ask app developers some fundamental questions.
"These include where data is stored, how it’s encrypted, and whether an application has been independently security tested.”