Islington, a council in London, could have breached the Payment Cards Industry (PCI) Security Standards Council’s rules on data security standards. The council sent email requests with Word application forms for payment of local parking permits. The council told the BBC, “We have begun an internal investigation into the process of applying for and paying for parking bay suspensions. In the short term, we have removed that form from our website.”
The Microsoft Word document – the parking pay suspension form – required residents to fill in address details and card payment information. This archaic model was even queried by the Local Government Association who couldn’t identify any other council using such out-dated means of payment collation.
The rules outlined by the PCI state that card payment data shouldn’t be stored on third-party sources – such as email. This is because if the data is leaked then the individual would be held liable by the bank for transmitting their personal financial data via a third party. These rules are set by PCI who represent major financial organisations, like Mastercard, American Express and Visa. The GDPR also enhances individuals’ rights when handling such sensitive information.