ICO penalties for not encrypting sensitive personal data

Mary Hawking maryhawking at tigers.demon.co.uk
Mon Oct 29 09:30:41 GMT 2012


Is this a criminal offence, and if so under what law? (I'm assuming it isn't
as no-one has suggested the police)
And if it isn't, surely it falls under some regulator?

Do the customers receive the goods/services for which they are paying?
i.e. is this a criminal scam to gather customer card details, or a real
business with deplorably unsafe/illegal on-line procedures (? Trading
Standards?)?

Is there any way of discovering whether the customers of this site have a
higher than normal risk of having their card details used illegally?

And above all, how common is this, and is there any way a savvy shopper can
spot it in time?


Mary Hawking
"thinking - independent thinking - is to humans as swimming is to cats: we
can do it if we really have to."  Mark Earles on Radio 4.  
 don't forget patients like Fred! 
http://primaryhealthinfo.wordpress.com/2012/08/04/will-apps-help-fred/ 


-----Original Message-----
From: Ben Liddicott [mailto:ben at liddicott.com] 
Sent: 28 October 2012 22:02
To: ukcrypto at chiark.greenend.org.uk
Subject: Re: ICO penalties for not encrypting sensitive personal data

Surely the people to tell are MasterCard and Visa? I would imagine they 
would put a stop to it in short order?

Perhaps your experience is otherwise however. Anyone know how they 
respond to things like this?

Cheers, Ben.


On 28/10/2012 17:55, Gary Mulder wrote:
>
> That's interesting. I discovered today a website that intentionally 
> makes false claims of using SSL, and Visa 3D Secure or Mastercard 
> SecureCode, but in fact accepts credit cards online in plain text. How 
> do you get the ICO to investigate such blatant misrepresentation and 
> violations?
>








More information about the ukcrypto mailing list