Reply to post: Re: Does there need to be an obligation to "encrypt" ?

TalkTalk attack: 'No legal obligation to encrypt customer bank details', says chief


Re: Does there need to be an obligation to "encrypt" ?

Correct - but I believe that there IS a requirement to encrypt Credit Card details and if it is the case that these were un-salted in file storage, then the PCI sphincter police will be all over them come audit time.

The technicalities in my mind matter little. This is the equivalent of me putting my most valued possessions in the porch of my house and hoping that the very standard Yale lock never gets picked. Talk Talk deserve everything they get from this since 3 times in 1 year IS criminal in the eyes of compliance police.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021