Reply to post: Re: Does there need to be an obligation to "encrypt" ?

TalkTalk attack: 'No legal obligation to encrypt customer bank details', says chief

Anonymous Coward
Anonymous Coward

Re: Does there need to be an obligation to "encrypt" ?

That in absolutely no way translates to an obligation to "encrypt"? This is much more to do with internal policy on access to data and how the public facing components are designed using industry standard methods to protect from unauthorised access to the data. If they have breached this it would be lack of policy or evidence suggesting they did not apply appropriate methods of protection to their public facing servers. I do believe that the bank details should have been further protected, however I would struggle to agree with any legal conviction based on this. Bank details are not covered by PCI-DSS.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021