The Data Protection Act also applies, as this is personal data. So the credit card data from call centres may only be collected in ways and for purposes that callers have consented to, and must be protected appropriately. It then must be destroyed as soon as that purpose is achieved. In other words, the information may not be stored indefinitely.
Related Q&A from Alan Calder
Expert Alan Calder responds to a reader’s question: Must companies outside the EU change their websites to comply with EU cookie regulations? Continue Reading
Alan Calder discusses PCI credit card compliance and explains the importance of encryption to credit card data protection when primary account ... Continue Reading
Alan Calder explains the basic requirements of the U.K. Data Protection Act of 1998. He highlights how to comply with the Data Protecting Act and ... Continue Reading