Hacker News new | past | comments | ask | show | jobs | submit login
Show HN: We built a low friction registration service for UK pubs (checkin.pub)
2 points by wsces 9 days ago | hide | past | favorite | 5 comments


UK pubs will reopen on Saturday but government issued guidance recommends that venues require customers to leave contact details in case of a localised Corona outbreak. We designed a simple service to collect the bare minimum data to comply with both the registration guidance and GDPR.

Customers just send a four digit SMS locator to a number (or an email to a special mailbox) and we log either the sender's phone number or email address against the venue and the time of entry. We reply to the message with a confirmation that can be shown to security/service staff. All data is encrypted on the back end and retention periods are enforced. Data export is controlled (and similarly encrypted) in the event that a venue is required to provide by the public health authority.

This approach means data is accurate (non-trivial to forge sender headers) and low friction for the customers. Not asking for personal details to be input makes for a less invasive check in experience for the customer, whilst maintaining compliance for the venue.

It is not clear to me that contact details will be required, the government message last weekend was that "pubs should keep a list ...", not that "pubs must keep a list ...", and there is nothing that I have found that states that this is a legal requirement. Perhaps you have more up-to-date information?

The guidance does state ‘should’ rather than ‘must’ - I have amended my comment to make it clear that it’s a recommendation (alongside lots of other recommendations in the same guidance document)

Enforcement and policing of this is presently unclear (and will likely be delegated to local environmental health and licensing authorities, from what I’ve read - so may be inconsistent across the country).

I suppose if an outbreak is linked to a venue that hasn’t implemented the recommendations it will (at best) reflect badly, and at worst attract attention from the local authority in the same way as if other recommended public health measures were not implemented.

Thanks, they really are leaving it a bit late for definitive rules on this. There is no way that I'll be giving my name and address to Cummings, Serco and co., so I'm anticipating spending Saturday looking for somewhere taking a liberal interpretation on this (fortunately there are a quite a few to try).

Totally agree with you here, not to mention the venues looking at this as an opportunity to boost their direct marketing lists. It's our view that all that is required to contact me is a phone number - so that's all we collect!

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact