News report source: International Commissioners Office.
According to the International Commissioners Office, Lush, the cosmetic retailer suffered a data breach on their website in January 2011. During this, payment details of 5000 costumers were accessed.
According to Acting Head of Enforcement, Sally Anne Poole
“Lush took some steps to protect their customers’ data but failed to do regular security checks and did not fully meet industry standards relating to card payment security. Had they done this, it may have prevented the fraud taking place and could have saved the victims a great deal of worry and time invested in claiming their money back. ”
With reference to the above mentioned ‘Industry Standards’ The ICO has produced a guidance on the security measures that businesses should have in place when storing personal information electronically. It is a handy resource to access and provides simple steps that companies, especially young start ups can use to make their websites more secure.
++ None of this information is legal advice. Please consult a professional as per your needs.