DPAs Warn Retailers
DATA PROTECTION—UK & CANADAAugust 11, 2011
The Information Commissioner's Office (ICO) has announced that cosmetics retailer Lush will not be fined for a hacker breach that compromised the payment data of approximately 5,000 customers over a four-month period. According to an ICO news release, the company is required to "sign an undertaking" that says it will comply with the Payment Card Industry Data Security Standard (PCI DSS). Some are criticizing the ICO for not fining the company, but the ICO's Sally-Anne Poole said, "This breach should serve as a warning to all retailers that online security must be taken seriously and that the PCI DSS or an equivalent must be followed at all times." Meanwhile, Canada's privacy commissioner has warned Canadians to guard their personal information when shopping at retail stores.