The Data Protection Act also applies, as this is personal data. So the credit card data from call centres may only be collected in ways and for purposes that callers have consented to, and must be protected appropriately. It then must be destroyed as soon as that purpose is achieved. In other words, the information may not be stored indefinitely.
Related Q&A from Alan Calder
Expert Alan Calder responds to a reader’s question: Must companies outside the EU change their websites to comply with EU cookie regulations? Continue Reading
Alan Calder discusses PCI credit card compliance and explains the importance of encryption to credit card data protection when primary account ... Continue Reading
In this expert response, learn how to achieve laptop security and prevent laptop data theft with encryption. Continue Reading