Photo credit: Pixabay
A company founded last year to provide digital contact tracing services to businesses has been fined by the information commissioner’s office for violating data laws.
Tested.me Ltd, based in St. Albans, was founded in June 2020. The NHS Covid-19 app wasn’t launched until the end of September. Last summer and fall, the company was one of many outside vendors to enable businesses across the country to display QR codes that customers can scan for contact tracking purposes.
After helping collect personal information from citizens in Hertfordshire, the Hertfordshire company breached data protection laws by sending them around 84,000 marketing emails without proper consent between September and November, according to the ICO.
The regulator fined the company £ 8,000 for this.
The ICO said it worked with a number of other commercial QR code vendors who assisted companies during the pandemic “to make sure they also properly process people’s personal data”.
“The reviews conducted over the past six months have shown that most companies understand the relevant laws and the importance of fair and secure processing of personal data,” added the watchdog. “ICO experts have also met with some of them to improve their practices.”
As the economy opens up and more contact tracing information is gathered, companies unsure of their commitments can turn to ICO guidelines which advise them not to keep data longer than 21 days and not to use it for marketing purposes use.
Companies are also encouraged to “take a privacy-centric approach from the start when developing new products … [and to] Make privacy policies clear and simple so that people understand how their information is being handled. ”