Members Area News Sign in registers and the Privacy Act 2020

Sign in registers and the Privacy Act 2020

21 October 2021

Many of you will have seen the guidance from the Office of the Privacy Commissioner in regards to alternative contact tracing registers and the need to ensure that they comply with the Privacy Act 2020.  

Using an open sheet or register left in a public-facing position where personal information is visible to others is a leading cause of COVID-19-related privacy breaches. It’s important that businesses provide other methods of collecting and storing contact tracing records, but in ways which also protect the privacy of those whose details are being collected.” Says Privacy Commissioner John Edwards.

This same concern can be applied to club sign in books/registers.  As sign in books/registers ask for personal information you must take care to ensure they are safe and secure and that they comply with the principals of the Privacy Act 2020.

We recommend that clubs that are still using sign-in books or registers take the time to review how they are managed to ensure that they comply with the Privacy Act 2020, this will include ensuring your privacy policy and any privacy statements are up to date and relevant.

Below we have compiled a few things to think about:

Do you have a Privacy Policy or Privacy Statement?

If you have answered no to the above question you need to introduce one.  Your privacy policy will help you to make decisions about the information you are collecting, where you collect it from (i.e. applications for membership, sign in sheets etc.), how you will use the information and how you will ensure compliance with the Privacy Act 2020.

Clubs New Zealand has a template privacy policy that can be downloaded from the resource room.

What are some practical alternatives to public-facing sign in books/registers?

  • Have individual sign in slips or cards for people to fill in that are then handed to staff.
  • Have an employee manually record visitor details – this ensures that staff maintain control over the records and do not leave contact information visible to others. 
  • Do not keep a sign in register at all and instead have staff confirm whether a person is an authorised customer or authorised visitor at the bar (recommended).  
  • Use an electronic system, like a tablet sign-in app, or an existing booking system.

Only record as much information as you need

A general rule of the Privacy Act is to collect only as much information as you need and no more.

This can be a little bit tricky when it comes to club sign in registers/books as they are not required by law, rather you are using them as a tool to establish that someone is an authorised customer or an authorised visitor under the Sale and Supply of Alcohol Act 2012.

Logically in order to establish that they are an authorised customer or authorised visitor you would only need to collect the persons name, details of their membership and the time and date of their visit.

Whatever information you are collecting should be consistent with your Privacy Policy.

Consent and Access

When you collect personal information, you must take reasonable steps to make sure that the person knows why it’s being collected, who will receive it, whether giving it is compulsory or voluntary and what will happen if they don’t give you the information.

It may be that you have a small statement on the back of the sign in slip, display a privacy statement at the bar if you have staff manually signing people in or if you are using an electronic system you may use a statement or pop up built into the system.

People have a right to access the information you keep about them, so be sure to have a process for facilitating that if required.

Security and Storage

Once collected, you will need to keep the information safe. This means storing it safely and securely, for instance if it is a physical record it could be stored where other valuables are kept such as a locked cabinet with other important documents.  If it is a digital record it needs to be stored on a secure information system. If you are using a work cellphone to store texts this cellphone will need to be kept safe and secure.

It will also be important to ensure that access to this stored information is provided to a limited number of key people.  You should know who has access and why.

More information

We recommend that clubs visit the Office of the Privacy Commissioner for more information https://www.privacy.org.nz/ the website is pack full of guidance, resources and training.

Get your hands on the future

With the Clubs New Zealand App

Get your hands on the future with Clubs New Zealand's App which can be downloaded on both Apple and Android.  The Clubs New Zealand App is all about helping you get more out of your membership. As a member of a club you can access any of our network of 300 member clubs as a reciprocal visitor and visiting a club is a breeze with the new digital membership card.

 

Find out more