Always on SSL so data is encrypted between punter and pres-wannabe. However, that data is then sold on the open market to, well let's be honest, scum and their phone/email scumware.
Why didn't the OTA audit how the data was sold and in what format format, plain text on a USB stick perhaps?
Biting the hand that feeds IT
