It's not clear if this rule for bank information is from the legislation, or simply a matter of best practice. If the latter, it may well be that the practice should really be extended to cover all confidential information (including passport details), but the issue simply hasn't come up before.Capaill said:If one of the requests was for bank details then the information would have to be encrypted or inputted to a secure site.
The Data Protection Acts, 1988 and 2003 do not detail specific security measures that a Data Controller or Data Processor must have in place. Rather section 2(1)(d) of the 1988 Act places an obligation on persons to have appropriate measures in place to prevent "unauthorised access to, or alteration, disclosure or destruction of, the data and against their accidental loss or destruction."
We use cookies and similar technologies for the following purposes:
Do you accept cookies and these technologies?
We use cookies and similar technologies for the following purposes:
Do you accept cookies and these technologies?