Infosecurity Group Websites
Latest
News

Regulator Fines QR Code Provider Which Spammed Customers

The UK privacy regulator has fined a QR code provider that abused its access to personal data to spam individuals with direct marketing at the height of the pandemic.

The Information Commissioner’s Office (ICO) explained in a notice yesterday that it fined St Albans firm Tested.me £8000 after it send the marketing email without gaining adequate valid consent from data subjects.

The firm provided clients with contact tracing services by enabling them to offer customers a QR code to scan when arriving at their premises.

However, it used this data to send nearly 84,000 nuisance emails at the height of the COVID-19 pandemic between September and November 2020, the ICO said.

The ICO has also been running checks on other QR code providers to ensure they’re handling people’s data in accordance with the GDPR and its UK equivalent, the Data Protection Act 2018.

It said the checks revealed that most companies understood the laws and the importance of processing personal data fairly and securely.

The regulator’s guidance for firms as the economy starts to reopen following extensive lockdowns, is to make privacy policies clear and simple, follow data protection by design guidance and not to keep any personal data collected for more than 21 days.

Personal data collected for contact tracing is also not to be used for marketing or any other purposes, it said.

QR codes are increasingly used not only to check-in to locations using the NHS Test and Trace app, but by hospitality venues keen to offer customers a hands-free menu experience.

However, the technology doesn’t just represent a privacy risk. Security experts have warned that QR codes could be hijacked by threat actors to download malware and other threats to users’ devices.

Related to This Story

What’s Hot on Infosecurity Magazine?

1
News

Q1 2021 Sees 2.9 Million DDoS Attacks Launched

2
News

Cybercrime Forum Bans Ransomware Activity

3
News

#RSAC: Bruce Schneier Warns of the Coming AI Hackers

4
News

Two-thirds of CISOs Unprepared for Cyber-attack

5
News

AXA Faces DDoS After Ransomware Attack

6
News

Toshiba Business Reportedly Hit by DarkSide Ransomware

1
Blog

The Expanding Scope and Complexity of Credentials Phishing

2
News

Regulator Fines QR Code Provider Which Spammed Customers

3
News

RDP Hijacked for Lateral Movement in 69% of Attacks

4
Opinion

Why is Ransomware Still So Successful?

5
News

Recruiter’s Cloud Snafu Exposes 20,000 CVs and ID Documents

6
News

#RSAC: Solving the Ransomware Scourge Requires a Coordinated Effort

1
Webinar

Data Classification: The Foundation of Effective Cybersecurity

2
Webinar

How Zero Trust Enables Remote Working and Builds to a SASE Vision

3
Webinar

Defining the Zero Trust and SASE Relationship

4
Webinar

Zero Trust in 2021: How to Seamlessly Protect Your Remote and In-Office Users

5
Webinar

Secure Access Management: Modernize your IT Infrastructure by Maximising Productivity and Minimizing Friction

6
Webinar

How to Win Cybersecurity Budget and Buy-in from the C-Suite to Mitigate Increased Level of Threat

1
Online Summit

[On-Demand] Infosecurity Magazine Spring Online Summit - EMEA 2021

2
Webinar

Security Mythbusting: Dismantling the Top Five API Myths

3
Online Summit

[On-Demand] Infosecurity Magazine Spring Online Summit - North America 2021

4
News Feature

Census 2021: How Safe Will Our Data Be Over the Next 100 Years?

5
Opinion

How Behavioral Biometrics is Combating Credential Stuffing Attacks

6
Webinar

Securing the #COVID19 Vaccine & Supply Chain