ICO penalties for not encrypting sensitive personal data
maryhawking at tigers.demon.co.uk
Mon Oct 29 09:30:41 GMT 2012
Is this a criminal offence, and if so under what law? (I'm assuming it isn't
as no-one has suggested the police)
And if it isn't, surely it falls under some regulator?
Do the customers receive the goods/services for which they are paying?
i.e. is this a criminal scam to gather customer card details, or a real
business with deplorably unsafe/illegal on-line procedures (? Trading
Is there any way of discovering whether the customers of this site have a
higher than normal risk of having their card details used illegally?
And above all, how common is this, and is there any way a savvy shopper can
spot it in time?
"thinking - independent thinking - is to humans as swimming is to cats: we
can do it if we really have to." Mark Earles on Radio 4.
don't forget patients like Fred!
From: Ben Liddicott [mailto:ben at liddicott.com]
Sent: 28 October 2012 22:02
To: ukcrypto at chiark.greenend.org.uk
Subject: Re: ICO penalties for not encrypting sensitive personal data
Surely the people to tell are MasterCard and Visa? I would imagine they
would put a stop to it in short order?
Perhaps your experience is otherwise however. Anyone know how they
respond to things like this?
On 28/10/2012 17:55, Gary Mulder wrote:
> That's interesting. I discovered today a website that intentionally
> makes false claims of using SSL, and Visa 3D Secure or Mastercard
> SecureCode, but in fact accepts credit cards online in plain text. How
> do you get the ICO to investigate such blatant misrepresentation and
More information about the ukcrypto