From: John Boyle 
Newsgroups: comp.databases uk.finance uk.legal
Subject: Re: Storing customer bank/card details
Date: Mon, 5 Jun 2006 00:49:41 +0100

In message <44836d68.53266500@news.individual.net>, Jim Ley 
 writes
>On Mon, 5 Jun 2006 00:14:03 +0100, John Boyle
> wrote:
>
>>In message <44835986.48176546@news.individual.net>, Jim Ley
>> writes
>>> but the topic at hand is credit card details on
>>>internet servers.  These should.
>>
>>I agree, but I was challenging your assertion  - " I would expect all
>>personal data to be encrypted beyond something basic like name/email
>>address."
>>Do you still stand by that in the circs I described?
>
>I would expect it yes, I wouldn't be surprised that most organisations
>don't, but I would expect it, I'm not so sure what the courts or the
>information commisioner would think, it's the sort of thing that is
>only likely to be tested once something embarrassing happens.

That would put a huge overhead on many businesses that are now only 
holding the same data on PC that was previously held in filing cabinets. 
Also, AIUI, the DPA does not differentiate between paper and electronic 
data storage methods. So should hand written details of credit cards and 
the data held in the manner described also above be encrypted? would I 
need to employ Bletchley park to do this by hand for me?

Why would *you* expect encryption? (putting court opinions to one side)
>
>Fortunately whilst most of the personal data you list is highly
>personal, it has very little value so is not really worth anything in
>the general case, so for specific people it's much easier to just pay
>off a bent policeman or council worker etc. to get the individual
>data, rather than bothering to secure the machine.

What input does this have to the point?
-- 
John Boyle