After coping for three months without customers or revenue, the hospitality sector was finally allowed to welcome punters back through its doors on the 4th of July
Upon reopening, businesses have largely done a good job of putting protective measures in place to protect customers’ physical health. However, there’s another underlying threat that could cause these organisations real issues if not handled properly – that of data privacy. This should be a cause for serious concern, not only because poor privacy practices leave them susceptible to fines, but also because protecting people’s data is simply the right thing to do.
Why pub guest lists could be catastrophic for the sector
Since pubs, restaurants, hotels and bars were given the “go-ahead” to re-open, they have had to collect personal information from guests, such as email addresses and phone numbers, to comply with track and trace rules. These ’guest registers’ were developed with the right intention – protecting the health of customers. However, they have fast become a controversial topic because customers are concerned about how their data is being handled. Data privacy is a fundamental right, just the same as health and safety, and consumers are more aware of this than ever. According to research by IDEX Biometrics, 75% of UK consumers are concerned about the security of personal data they share with organisations.
Worryingly, the government has overlooked the data privacy part of the equation. With only two weeks notice the hospitality sector had to move fast to deploy guest registers. Most businesses have turned to pen and paper, or free apps to collect the information. However, many lack the necessary experience to keep this data safe.
The volume of sensitive data pubs are collecting increases on a daily basis, as does the probability of them breaching privacy laws. Holding personal information makes businesses susceptible to third-party data breaches and internal misuse (even if accidental). For example, a female customer of a Subway sandwich franchise in New Zealand was harassed by an employee who stole her contact details from a track and trace register. Just as importantly, the widespread collection of sensitive data also puts hospitality companies at risk of violating privacy regulations like GDPR. For a small business like a pub, a fine for a GDPR breach can be significant enough to force closure, especially given how badly the sector has already been shaken.
How technology could help mitigate the risks (and keep pubs open)
To mitigate the risk and protect their future, hospitality businesses will need to put privacy first when facilitating track and trace. And there are ways to do this without it being too expensive or time-consuming. There are simple, cost-effective tools that help businesses mask email addresses, alleviating the stress and strain of data protection. The process, known as cryptographically pseudonymising, will mean the data isn’t recognisable should a website or app be hacked. It also lets restaurants email customers without being able to view their addresses – avoiding misuse by workers accessing the check-in list. A simple solution like this will not only help build much-needed customer trust as they are following regulatory requirements like GDPR, but also will help pub owners sleep at night.
Track and trace: not just hospitality’s problem
Ultimately, businesses themselves shouldn’t bear the full weight of these privacy commitments. Boris Johnson pledged to support the hospitality sector when the crisis hit; this should also include acknowledging and addressing this data privacy threat. The government needs to support pubs and restaurants with technology assistance for app development so that they don’t have to resort to unsafe means such as free apps or paper sheets.
To put it simply, temporary financial support this year won’t be enough if pubs and restaurants find themselves with a crippling data regulation fine next year. If the government wants the boost in the economy that the hospitality sector can provide, it needs to truly invest in it, without making privacy an afterthought.
About the Author
Rich Vibert, Co-founder and CEO at Metomic. Metomic is building the Privacy-by-Design infrastructure of the internet. We are giving developers the APIs, SDKs and the plug-n-play UX tools needed to transform websites and apps into the next generation of consumer data transparency.