Assisting NHS Test and Protect Strategy
Information for churches on the NHS Test and Protect system to help suppress the spread of COVID-19.
- Published: 29 Jan 2021
- Last Updated: 19 July 2021
What is Test & Protect?
The NHS has introduced a system intended to act as a reporting tool to help supress the spread of COVID-19. The idea is that if records are kept concerning where people have been and who else they have been in contact with, that will help identify potential virus transmission points. The UK and Scottish Governments are asking community facing organisations, including churches, to help do their part in keeping records about visitors to their premises.
What do we need to do?
Collect details of people who attend our churches in support of the NHS Scotland Test & Protect strategy. All we need to collect is the name of each individual, together with a means of contacting them, usually a telephone number.
Is this compulsory?
Participation in the Test & Protect strategy is important, both for our Church and for those attending Church but it is not compulsory. In taking part we are joining the national effort to suppress COVID-19 and we will be acting in the best interests of our congregations. However, if people don't want to register their attendance, we cannot force them or deny entry. In this regard, congregations can exercise their own best judgement about the collection of personal data from individuals and remind people that if they choose not to take part it means the NHS cannot contact them and help them to take protective measures.
What data do we need to collect?
- The name of any visitors taking part in congregational activities such as worship, friendship groups or Guild or congregational meetings
- Contact telephone number or email address
- The location of attendance
- The time of attendance
- (If possible) the time of departure or duration of attendance.
Whose data do we need to collect?
Only the personal data of those attending church services or other congregational events on church premises, broad categories as follows:
- Congregation members (names and contact telephone number)
- Visitors (names and contact telephone number or email address)
- Ministers (names only).
Where church halls are used by third parties it will be the responsibility of those hiring the hall to produce Test & Protect records for their event or gathering.
Do we need to collect data for everyone attending our church?
The following information should be collected, where possible:
- The names of individuals who work or volunteer at the place of worship
- A contact phone number for each member of staff/volunteer
- The dates and times that individuals are at work/volunteering
- The name of each worshipper
- A contact phone number for each worshipper
- Date of visit and arrival and, wherever possible, departure time
If data is shared with NHS Scotland on the basis of individuals being identified as at risk of being close contacts by the Test and Protect service, NHS Scotland may need to retain the data for longer than the 21 day period and will hold the data in line with NHS information governance processes.
How will we collect and record the information?
We have developed two methods of recording attendance at congregations:
- The primary method is to use an A4 notebook. This low-tech approach is recommended for all congregations. Full instructions for using the notebooks are included in the appendices for Test & Protect.
- The second is the use of a smartphone application (“app”) combined with printed QR codes displayed at your church premises. The Church of Scotland was, until 30 August 2021, using a proprietary app called “Tap My Data” that has now been discontinued by the provider. As an alternative, if congregations wish to use a smartphone app, the recommended app is “Check In Scotland”. The Check In Scotland app has been developed on behalf of the Scottish Government and is widely used for NHS Test and Protect services. Once installed and set up on a smartphone, all the individual needs to do is point their smartphone camera at the QR code displayed in your church and click; the app will do the rest. Using the app is optional but adds elements of flexibility and ease of use for congregations which choose to use it. Instructions for use of the Check In Scotland smartphone app accompany this document.
We may have more than one activity happening in different parts of our premises, how do we record attendance in these circumstances?
Use a separate notebook for each activity on your premises. For example, Sunday worship, including all related activities such as Sunday School and after-service coffee (as and when it is possible to start this up again) can be recorded in one notebook. A separate notebook can be used for other congregational activities such as Board/Session meetings or other gatherings. Ideally these notebooks will be stored securely in the church but accessible for the purposes of the activity.
The Check In Scotland smartphone app makes use of QR codes which can be printed out and displayed throughout your premises. This provides a more flexible approach to multiple locations which is not reliant on the presence of a member of the congregation holding a notebook.
Where church premises are used by third parties, each organisation using the premises should have its own register but it is possible that attendees might use a QR code operated on behalf of the church. If a congregation is contacted by Test and Trace in respect of third-party attendees, the congregational contact will need to refer that on to the organisation in question.
If a third-party organisation has a positive COVID case they should advise the congregation so that appropriate cleaning can be carried out. Test and Protect will determine whether or not it is appropriate to alert others who might have been in contact with the individual who tested positive and the congregational contact should not undertake that function.
How long should we keep the information we collect?
The Government guidance is 21 days. In practice, certainly for the registers using the notebook method, this may be up to 28 days but no longer.
Data is retained on the smartphone app system for 21 days and then securely deleted.
How should we keep and store the information?
The notebooks used to contain the attendance register should be stored in a lockable filing cabinet, drawer or safe. Access should be restricted to specific members of the Kirk Session or Elders tasked with the responsibility to maintain the registers.
When the notebooks are removed from storage, they should remain in the possession of the person responsible for them until they are returned to storage. The register notebooks must not be left unattended at any time as they contain personal data.
Information stored in the smartphone app system is secured separately, which means congregations do not need to worry about the storage, security, retention or management of the personal data processed using the app.
How should we destroy the information?
Pages in the notebooks containing the register of attendance information which is older than 21 days should be removed and securely shredded.
Register of attendance data held in the smartphone app system is automatically deleted.
What are our responsibilities under data privacy regulations?
The ICO has issued guidance to the effect that we should:
- Only ask for what is needed
- Be transparent with parishioners and visitors
- Store the data carefully
- Not use the data for other purposes
- Erase the data in line with government guidance.
The notebook and Check In Scotland smartphone app systems observe the requirements of the Data Protection Act 2018/GDPR.
Each congregation will be defined as a data processor for this specific purpose of processing, with the Assembly Trustees of the Church of Scotland acting as the data controller.
How does the tracing procedure work?
The sharing of tracing process data is carried out under the supervision of the data protection officer for the Church of Scotland (DPO). She is the primary point of contact for NHS Test & Protect officials. All requests made to congregations for register lists will be made by the DPO. Any requests for attendance register data made directly to congregations or presbyteries by anyone else, including NHS Scotland, should be politely declined and referred to the DPO.
- When an individual is identified as being infected with COVID-19, NHS Scotland Test & Protect officials work with them to create a list of their movements and where they have been in the presence of other people
- If one of our congregations appears on that list, NHS Test & Protect will contact the Church of Scotland DPO, confirming the location, date and time involved
- The DPO will then provide NHS Test & Protect with register information available from the smartphone app system if it was used
- The DPO will also contact the congregation involved, asking for a copy of the register list with contact telephone numbers for all those who were in attendance
- NHS Scotland Test & Protect officials will then use this list to contact all those on the register and arrange for them to be tested
- IMPORTANT NOTE: Individuals on the list should NOT be contacted by any church representatives until AFTER it is clear the individual has been contacted by NHS officials. There are no exceptions to this. The guidance from the Scottish Government issued 14 July 2020 is clear:
"There is no circumstance in which establishments should use the data to directly contact visitors, customers or staff, even in the event of a known outbreak within premises. Health protection teams will decide on a case- by-case basis on what follow-up action to take."). We do not want to spread fear and alarm. Of course, the individuals involved may benefit from church support after they have been contacted by NHS Test & Protect, BUT ONLY AFTER. To be clear, to use the personal data to make contact about a possible infection incident would be outside the purpose of processing.
It will be considered a breach of the regulations. It is imperative that all health matters be left to NHS Scotland Test & Protect.
Why is this liaison being run by the Church of Scotland DPO and not by the congregations?
Data protection regulations place certain responsibilities upon our Church. Any system is susceptible to abuse at the hands of "bad actors" and criminals seeking to use Test & Protect as a means to target congregation officials or members.
Whilst the personal data being collected is straightforward enough, the wide distribution of the collection locations and the context of the data involved means we need to be able to demonstrate our accountability and deploy appropriate technical and organisational measures with regard to the security and integrity of the data.
For the purposes of Test and Protect, the DPO will, where possible, act as a liaison with the NHS on behalf of congregations. This means that Test and Protect may contact the DPO if a positive COVID case is traced back to a congregation. In that event, Test & Protect may request contact information for people attending the church on any given day. The DPO will liaise with the congregation’s nominated point of contact or the Session Clerk in order to securely pass that information on.
The Test and Protect service may also potentially contact congregations directly. In that event, it is essential that the contact is referred on to the Law Department (LawDept@churchofscotland.org.uk) in order to ensure that personal data is handled as securely as possible.
How will the DPO contact our congregation?
As part of the preparation for assisting the Test & Protect strategy, each congregation should register a point of contact with the DPO using the Church's online registration form. This person (it could be more than one person, of course) will be responsible for providing the contact list to the DPO.
How will I know I am really dealing with the DPO?
If you are at all uncertain that you are really dealing with a call or message from the DPO you should hang up and contact the Church of Scotland Law Department.
How do we create the contact list for NHS Test & Protect to use?
How each congregation official creates the list will depend on how congregation contact information lists are administered, so each Kirk session can decide for themselves how to construct the list required. The list should be headed with location, date and time and contain only the names and contact telephone numbers of those in attendance. If a contact telephone number is not available, an address or email address can be used.
How should we send the list to the DPO?
The DPO will advise the best way to send the list when she contacts the registered point of contact for your congregation. She will NEVER ask for the list to be sent in an unprotected format.
How does the smartphone app work?
The Check In Scotland smartphone app uses QR codes to identify each location where the app is used.
Congregations who want to use the smartphone app should create QR codes that can be displayed in the church. People can use the QR code to download the app and then register their attendance. If the app is already installed on their smartphone, people simply need to point their smartphone camera at the QR code and “click”.
QR codes can be created by visiting the Scottish Government website.
What your visitors need to do
Any visitors over the age of 12 can use the Check In Scotland service.
To use Check In Scotland, your visitors need to use their mobile phones to scan a Check In Scotland QR code, displayed on a poster inside your church together with the Check In Scotland privacy notice available from Check In Scotland.
Once a visitor has scanned the QR code, their phone will take them either to the Check In Scotland app or the Check In Scotland web page. They can use either of these to check in at your venue.
When they leave, they can use the app or web page to check out.
If a visitor to your venue does not want to use the Check In Scotland app or web service, or are not able to use the Check In Scotland service on their phone, you must take their contact details using a pen and paper. You must keep these details for 21 days, destroying them as soon as the 21 days have passed.
If someone tests positive for COVID-19 after visiting your venue, Check In Scotland works with NHS Scotland's Test and Protect to alert anyone who may have been a close contact of the person.
Where to display your Check In Scotland QR code poster
You should display your Check In Scotland QR code poster and privacy notice at your church and/or halls and request any visitors scan the QR code as soon as they arrive. This includes anyone who visits your venue.
The data collected by the app will not be accessible by any congregation and access and deletion will be handled by Check In Scotland.
You can register your attendance at the church by simply scanning the QR code with a smartphone on which the Check In Scotland app has been installed. If the app is not yet installed, scanning a relevant QR code displayed in your church will start the app installation process.
Using the smartphone app with QR codes at entrance points in your church gives additional flexibility when it comes to registering attendance of those who visit the church outside regular services.
If you have any questions concerning this guidance, please send an email to the Church of Scotland Law Department inbox: email@example.com.
Information on Privacy Policies, using the smartphone app and collecting data using a notebook can all be found in our appendix.
First published: 29 Jan 2021
Updated: 15 July 2021
See All Updates
19 July 2021
Updated to reflect move from TapMyData to Check In Scotland as official electronic check-in process, along with updated appendices with new privacy policies and information on data collection