5. Enforcement
We have mentioned that the Data Protection Act was enacted to make it obligatory for organisation to keep data confidential. As a follow on to that, there is an official body set up to enforce the legislation, it is called the Information Commissioner's Office or ICO. Here is a typical letter that a company receives when they renew their registration details
Every organisation that keeps personal data has to be registered with the ICO. And it is not free. As of March 2013, if you are a Tier 1 organisation (less than 250 employees or a charity) it costs about £35 per annum to renew. If you are a Tier 2 organisation (public authority or turnover > £25.9 million) then it costs £500
Keeping credit card information confidential
A business that deals with credit card transactions has an obligation to keep the details secure and confidential.
To this end, in 2006 all the main credit and debit card companies came together to form the PCI Security Standards Council. Every merchant has to undertake a 'PCI' security review every year to be able to carry on using card payments, the review is carried out online through the PCI portal. It takes the form of a questionnaire confirming that certain security systems and policies are in place within the organisation.
Again, this is not free. It is about £50 per annum.
Here is a typical letter from a card payment company to a vendor.
So enforcement is certainly in place to help keep information confidential.
challenge see if you can find out one extra fact on this topic that we haven't already told you
Click on this link: PCI council