Lack of PCI DSS awareness is not an excuse
For an organisation like Evans Halshaw, you would expect PCI DSS compliance and data standards that keep your credit card and personal safe. Yet they are part of a hidden problem where people just don’t understand the legal and moral obligations that they represent on behalf of their organisations.
I have a wonderful email from their “sales manager” Mike Spooner and team who state that “PCI DSS will not allow us to store credit card information”. With this gap in PCI DSS knowledge, it is likely that there is also a gap in how to handle general data protection. Therein lies the concern. They are taking credit card, loan, payment and personal plan details and what are they doing with them?