Australians are putting themselves at risk of stalking or identity theft when they give their details to a business for coronavirus tracing, experts warn.
Regulations require venues like pubs, cafes, and salons to write at least their names and phone numbers on a ledger in case a patron later tests positive.
These safety plans are being used to trace everyone who could have been exposed to the virus while drinking at the Crossroads Hotel in Sydney’s southwest.
However, experts warn many small businesses are not experienced or equipped to manage, store or destroy personal information.
Rose Lyddon, a postgraduate student at Oxford University, claims a bartender at her local pub sent her a Facebook message to crack onto her
Unscrupulous staff and fellow patrons could also deliberately misuse the information to stalk or harass people – and allegedly already have.
Rose Lyddon, a postgraduate student at Oxford University, claims a bartender at her local pub sent her a Facebook message to crack onto her.
‘I went to the pub the other day (it was empty and I sat outside) and got a free drink from the bartender and… he’s just messaged me on Facebook,’ she said.
The bartender claimed right off the bat that he didn’t use the details she gave to find and contact her.
‘Hi there! I’m sorry for messaging… I definitely didn’t use that track and trace thing to find you,’ the message began.
‘Honestly I saw you on Tinder the day before and then the day after you came up as a suggested friend on Facebook. Have no clue how or why.’
The bartender claimed right off the bat that he didn’t use the details she gave to find and contact her, and went on to say that he always meant to try to talk to her and ask her out for a drink, but always chickened out
Ms Lyddon said his explanation didn’t add up because she hadn’t used Tinder in two years
He went on to say that he always meant to try to talk to her and ask her out for a drink, but always chickened out.
‘I don’t know if it’s just because I’m so intimidated by how beautiful you are, and also the fact that you’re with a guy every time you come in,’ he added.
However, Ms Lyddon said his explanation didn’t add up because she hadn’t used Tinder in two years.
‘Not super keen on handing over my name, email and phone number for contact tracing if men are going to use it for this,’ she said.
Daily Mail Australia has contacted Ms Lyddon for further comment.
In another case in May, a Subway worker was accused of emailing and texting a woman in Auckland, along with sending her messages on Facebook and Instagram, using her registered details.
‘I felt pretty gross, he made me feel really uncomfortable. He’s contacting me, I didn’t ask him to do that, I don’t want that,’ she told MediaWorks.
The employee was suspended pending an investigation.
There have also been reports of data being misused in Australia since businesses were allowed to reopen in-store services in the past two months.
These safety plans are being used to trace everyone who could have been exposed to the virus while drinking at the Crossroads Hotel in Sydney’s southwest
On Monday a long line of cars snaked towards the hotel waiting for testing, with drivers reportedly waiting as long as five hours to get to the front of the queue
Even without the business or other patrons abusing information, experts fear such small businesses are vulnerable to data breaches by organised crime.
Alex Teregonis, chief executive of Australian document disposal service Bag-N-Shred, said the policy was beneficial but data could still fall into the wrong hands.
‘How many of us have been to a cafe or restaurant and have added our details to a list that everyone else is able to see?’ he said.
‘Not only this, the information is being managed by casual workers, many of whom don’t have experience in personal information management.
‘Who is checking to make sure businesses are doing the right thing?’
Mr Teregonis said as the requirement was new, businesses had to deal with a variable they had no experience with and had little help.
‘The Australian Government policy allows contact tracers to quickly communicate with anyone who may have been potentially exposed to coronavirus where a positive case of COVID-19 has been detected at a venue,’ he said.
‘I worry inexperienced businesses may find themselves in legal hot water over the mishandling of information, and vulnerable Australians at-risk of their personal details getting into the wrong hands.
‘I have a great deal of respect for businesses across the country. However, many, such as restaurants, bars, cafes, and other businesses are now being asked to capture and store personal information in an environment where this type of requirement has never been part of their operating model.’
Dozens of others who visited the pub between July 3 and 10 were ordered to self-isolated and get tested
It’s hoped the contact tracing that the testing clinic outside the pub will keep a lid on the NSW outbreak
The Crossroads Hotel in Casula – a popular rest stop with truckies – is linked with 13 cases in total, including a worker, four patrons and three close contacts.
Dozens of others who visited the pub between July 3 and 10 were ordered to self-isolated and get tested.
These people were traced through the pub’s ledger of patrons who gave their name and contact details on the way in.
On Monday a long line of cars snaked towards the hotel waiting for testing, with drivers reportedly waiting as long as five hours to get to the front of the queue.
NSW Health has also been notified by its counterparts in Victoria of five other venues visited by two infected Victorians.
Those venues are located both in southern Sydney in Caringbah and Kurnell and close to the Victorian/ NSW border in Murray Downs and Merimbula.
Anyone who was in the same venue at the same time as the infected patrons are urged to watch for respiratory symptoms and to get tested if they start experiencing them.
Tips to secure customer information
Give responsibility to few people
‘One of the simplest things that businesses can do to minimise risk is to create a small team of workers to manage customers’ records,’ Mr Teregonis said.
‘By involving as few employees as possible in data collection and storage, the process will be the most streamlined. An organised, small team will simplify your business’ handling of this sensitive information.’
Lock away your records every night
‘Keeping your customers’ details safe overnight is a critical step in ensuring your business is not liable if a break-in or any other unforeseen events occur,’ Teregonis said.
‘With each customer’s full name, phone number, time and date they attended the venue, and the table number they sat at recorded – the responsibility to secure these records is in the hands of the business.’
Define a process for managing information during the day
Just like most hospitality venues have clearly outlined standard operating procedures for their staff when opening and closing their facilities, the process for managing COVID-19 records should be just as well-defined for their staff.
‘This could be as simple as employing a staff member to greet all customers at the entrance and single-handedly recording all details on an electronic device, or offering pieces of paper to all customers to complete when they are seated,’ Mr Teregonis said.
‘One, clear practice is all it takes to get your staff and customers on the same page
‘Never leave the information unattended. If you are at a front desk, don’t leave it unless someone else can cover the area.
‘Customer information sitting on a desk unattended can easily be taken or even photographed with a mobile device.’
Destroy all records securely
‘In my experience, I have seen just how dismissive staff and business owners can be when disposing of records,’ Mr Teregonis said.
‘Not only should businesses consider the ethical implications of unsafely disposing their customers’ personal details, there can also be serious legal consequences.’
According to Mr Teregonis, business owners can face serious fines and penalties to breaches of the Privacy Act (1988) and should take all precautions to avoid such.
As a customer, ask questions
‘As a customer, most of us are reserved when offering out our personal information to companies – and this time should be no different,’ Mr Teregonis said.
‘I encourage customers to ask how their information will be managed and destroyed by businesses.
With online scams at an all time high during COVID-19, it is never too prudent to enquire into the storage of your personal details.
‘Businesses need to ensure their information management processes are available for patrons to view.
‘Records only need to be kept for 28 days but at the end of this period, they must be securely destroyed.’