ICO penalties for not encrypting sensitive personal data

Gary Mulder flyingkiwiguy at gmail.com
Sun Oct 28 17:55:02 GMT 2012

On 26 October 2012 10:25, Peter Tomlinson <pwt at iosis.co.uk> wrote:

> Smart Card News has today reported:
> Penalty Highlights Need for Encryption of Sensitive Data
> The Information Commissioner's Office (ICO) is reminding organisations
> that sensitive personal information should be encrypted when being stored
> and sent electronically.
> The news comes as Stoke-on-Trent City Council receives a monetary penalty
> of GBP 120,000 following a serious breach of the Data Protection Act that
> led to sensitive information about a child protection legal case being
> emailed to the wrong person.

That's interesting. I discovered today a website that intentionally makes
false claims of using SSL, and Visa 3D Secure or Mastercard SecureCode, but
in fact accepts credit cards online in plain text. How do you get the ICO
to investigate such blatant misrepresentation and violations?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.chiark.greenend.org.uk/pipermail/ukcrypto/attachments/20121028/852ce1a7/attachment.html>

More information about the ukcrypto mailing list