ICO penalties for not encrypting sensitive personal data
flyingkiwiguy at gmail.com
Mon Oct 29 22:27:27 GMT 2012
On 29 October 2012 14:26, Peter Tomlinson <pwt at iosis.co.uk> wrote:
But then came PCI DSS, which I believe means that merchants have to have
> their payment engine certified compliant in order to comply with their
> banking contract. So I don't think that running a non-compliant payment
> site is a criminal offence if the owner doesn't steal money or otherwise
> defraud the visitor, but the bankers will want to shut it down. And Trading
> Standards might be interested, but in which geographical jurisdiction will
> they decide to get involved?
Interestingly, it is a legitimate small UK travel agent. Well legitimate to
the point of providing actual travel services to most of their customers. A
friend of mine used to work there and reported that they re-ticket
customers on functionally equivalent fare codes, and pocket the difference
in ticket price. I believe it could be criminal fraud, but hard to prove.
Of course they use an offshore guy to do the re-ticketing, which is likely
a violation of the DPA, as well.
They also claim to be PCI compliant, which is quite funny, as their net
profits are probably less than the cost of PCI compliance.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the ukcrypto