Does your QR code hide personal data?

I remember the first time I saw a demo of a QR code, and being wowed by the potential uses of encoding much larger amounts of information than a conventional barcode. The audience was impressed when the presenter hovered his reader over a code, and was taken to the company website. The mood was rather ruined when someone pointed out that clicking a hyperlink did much the same, and more quickly and consistently (of course, that doesn’t really tell the whole story, but it was a good bubble-pricker). And that, really, is the story of QR codes – they seemed to have a lot of potential, but ultimately they don’t seem to have fulfilled it: their usage outside the advertising industry is low, and they have numerous competing rivals.

But they do potentially hold a lot of information, and they hold it in an encoded format, which means that the information is not immediately apparent to the human eye (that’s the whole idea, I suppose). This was nicely illustrated today to me, when I was alerted to a submission to a government consultation (since – to their credit, suitably edited), by a utilities company, who had included in their response some letters to customers, redacted – for obvious reasons – of obvious identifying features (names, addresses, etc). What had not been redacted though was a QR code, next to the name and address on the letter (one presumes that the company uses this as part of a CRM system) and, sure enough, when I scanned the code with my nifty QR code reader (which I haven’t used since I downloaded it for that first demo a few years ago) it revealed precise address coordinates, with postcode. This is personal data of the customer, and it was needlessly disclosed by the company, in contravention of their obligations under the Data Protection Act 1998.

No doubt the person tasked with redacting the letters didn’t know what the QR code contained. And thereby hangs a old and broader issue: as more and more information has been compressed and encoded, human capacity to read and understand – without technological assistance – what that information is has inevitably reduced. I suppose, in some ways, this is really the story of computing.

Leave a comment

Filed under Data Protection

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s