The countdown to getting back out for a drink and a meal in Scotland is on, but customers are being reminded that they will need to check into hospitality venues for test and protect purposes.
One of the main ways the Scottish Government is dealing with this is the introduction of Check In Scotland QR codes, which will be displayed in venues for customers to scan with their phones and input their details.
As of early 2021, the government also launched a Check In Scotland app, which will work alongside the test and protect Scotland app and act as a centralised database of user information.
Customers to hospitality have been required to share their details since last summer, when venues reopened.
Data such as customer names and contact telephone numbers need to be shared with the business as well as logging the date and time of their visit as part of Scotland’s test and protect effort.
Anyone that owns a hospitality venue in Scotland must obtain customer details for test and protect.
These details also need to be stored for 21 days.
On the government website it states: "If you own or manage a pub, bar, restaurant or cafe in Scotland, it's the law that you must collect and record the contact details of people who visit your venue.
"You must also keep these details for 21 days from the date the person visited. After 21 days, you must destroy or delete the person's details.
"One way of making sure you collect people's details is by displaying a Check In Scotland QR code poster at your venue, and asking anyone who visits to scan this QR code when they arrive.
"If you already have a way of taking the details of people who visit your business or venue, such as your own QR code method, you can carry on using this method instead of switching to a Check In Scotland QR code poster.
"But, as Check In Scotland is designed to work with Scotland's Test and Protect system, we would encourage you to look at switching, if you can."
In January 2021 the Check In Scotland app launched. It's available for download for free for Apple and Android phones.
It is part of the official NHS Scotland's Test and Protect service, and allows staff and visitors to businesses across Scotland to check in and out of venues, while supporting the national contract tracing services.
The government website adds that: "Both the Check In Scotland online form and the app have been carefully designed to give your visitors a choice in the way they submit contact details.
"As well as providing choice, the app service also allows for offline use if your visitor cannot connect to the internet."
Currently there have only been around 1000 downloads, but as business start to open back up, more people will be out and about and likely to use the app for ease of checking in.
Yes, until Check In Scotland there was no centralised system and businesses were using third party check in options or writing down the names and contact details of visitors.
In July we spoke to Patrick Clover, the founder of Stampede, a Leith-based start-up, that launched a new secure, contactless service to help pubs, bars and restaurants collect customer data.
Speaking at that time, Patrick said: “We’re working with hundreds of Scottish pubs, bars and restaurants to ensure they can open safely, collect data securely and support the Government’s test and protect measures.
"People want a return to normality and the reopening of our hospitality sector plays a big part in this. It’s natural that people want to go out and enjoy themselves, but it’s imperative that venues reopen safely, and that we don’t undermine the sacrifices that people made during lockdown."
Mark Nicholls, CTO at cyber security firm Redscan, explained that businesses must be vigilant with their app developers, saying: “Whether it be via old-fashioned pen and paper or a dedicated smartphone application, pubs, bars and restaurants need to ensure that they give full consideration to the controls and processes that they use to collect, store and dispose of sensitive customer data.
"Even accidental disclosure of personal information, including that of other customers, is considered a data breach and would need to be reported to the ICO.
“The latest data protection legislation mandates that any information captured is relevant to the process it is being collected for.
"Organisations must also make it very clear how the data will be used. Attempts to use customer data for marketing purposes without clear consent could land a venue in hot water.
“Smartphone applications that help organisations with track and trace are being welcomed by the leisure and hospitality sector but it is imperative that these solutions are closely evaluated before they are used.
"The customer data that they process will undoubtedly be highly prized by scammers and even the smallest vulnerabilities are likely to be sought out and exploited.
“To verify that an application is secure and complies with the latest data protection standards, organisations need to ask app developers some fundamental questions.
"These include where data is stored, how it’s encrypted, and whether an application has been independently security tested.”
Ray Walsh, digital privacy expert at ProPrivacy goes further and said: "If the government insists on collecting this information, it is vital for it to also provide transparent sunset clauses for the data collection the program to ensure the data will be deleted once it has served its purpose.
"Failure to do so provides an ongoing threat to citizens' privacy that is out of line with its promise to use the data only to prevent the spread of the virus."
To find out more about Check In Scotland and the app, visit the Scottish government website.
