ICO penalties for not encrypting sensitive personal data
Gary Mulder
flyingkiwiguy at gmail.com
Mon Oct 29 22:27:27 GMT 2012
On 29 October 2012 14:26, Peter Tomlinson <pwt at iosis.co.uk> wrote:
But then came PCI DSS, which I believe means that merchants have to have
> their payment engine certified compliant in order to comply with their
> banking contract. So I don't think that running a non-compliant payment
> site is a criminal offence if the owner doesn't steal money or otherwise
> defraud the visitor, but the bankers will want to shut it down. And Trading
> Standards might be interested, but in which geographical jurisdiction will
> they decide to get involved?
>
> Peter
>
Interestingly, it is a legitimate small UK travel agent. Well legitimate to
the point of providing actual travel services to most of their customers. A
friend of mine used to work there and reported that they re-ticket
customers on functionally equivalent fare codes, and pocket the difference
in ticket price. I believe it could be criminal fraud, but hard to prove.
Of course they use an offshore guy to do the re-ticketing, which is likely
a violation of the DPA, as well.
They also claim to be PCI compliant, which is quite funny, as their net
profits are probably less than the cost of PCI compliance.
Gary
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.chiark.greenend.org.uk/pipermail/ukcrypto/attachments/20121029/a95886fd/attachment.html>
More information about the ukcrypto
mailing list