Court Balks at Unencrypted Collection-Letter Barcodes

PHILADELPHIA (CN) — Collection letters stamped with barcodes that pull up account numbers when scanned are just as illegal as printing the account numbers on the envelopes, the Third Circuit ruled Monday.

“There is no material difference between disclosing an account number directly on the envelope and doing so via QR code –– the harm is the same, especially given the ubiquity of smartphones,” U.S. Circuit Judge Michael Chagares wrote for a three-judge panel, using the common abbreviation for quick-response code. 

Donna DiNaples brought the underlying lawsuit last year after MRS BPO used a code-stamped envelope to send her a collection letter for credit card debt. The code reveals an MRS account number when scanned with a smartphone, and DiNaples alleged violations of the Fair Debt Collection Practices Act.

Tossing BPO’s appeal two months after oral arguments in Philadelphia, Chagares noted that barcodes can still trigger a privacy intrusion, even if they do not display debt-collection information on their face. 

The legality of scanning another person’s mail is also irrelevant, Chagares said, because unencrypted personal information is still stamped on the envelope. 

“Whether it is illegal to scan someone’s mail, as MRS argues, is beside the point,” the ruling states. “The debt collector has still exposed private information to the world in violation of the FDCPA.”  

Yitzchak Zelman, an attorney for DiNaples, praised the decision. 

“We are gratified that the Third Circuit has agreed with the district court that debt collectors cannot embed private information in easily scannable QR Codes displayed on the outside of collection mailings,” Zelman, with the law firm Marcus & Zelman, said in a Monday email. 

Chief U.S. Circuit Judge Brooks Smith and U.S. Circuit Judge Joseph Greenaway Jr. concurred. 

Session Fishman attorney Michael Alltmont, representing MRS, did not immediately respond to email seeking comment.

%d bloggers like this: