ICO penalties for not encrypting sensitive personal data

JJ Gray jj.gray at shc.qinetiq-tim.com
Mon Oct 29 08:39:56 GMT 2012

On 28/10/2012 22:02, Ben Liddicott wrote:
> Surely the people to tell are MasterCard and Visa? I would imagine they
> would put a stop to it in short order?

You would think so wouldn't you. The reality I have found to be
different, certainly on a "personal" level ie not a Pen Test. There was
a particular hotel that thought it was a Good Idea (TM) to record my CC
details and CV2 number in their little hotel application. I queried this
in my usual tactful style and they removed the details. I then called
the CC company and tried to explain the situation, assuming that they
would have much more effect than myself but that all went Helpdesk Loop
pretty quickly. As I was not reporting a stolen card or fraud conducted
against my card, they really didn't seem to care about anything else. In
the absence of a "Bubble the Merchant" hotline, I don't think they will.


More information about the ukcrypto mailing list