Flux rss en fonction de votre recherche RESET

Can a website keep clients’ banking information ?

Introduction

X order a cooked meal online from the company Y located in Geneva, without connection to a client’s account.

Trigger

When the meal is delivered, X’s spouse, tempted by the smell, decides to order one as well.

Incident

That personne goes online on the same website with her own computer. When it’s time to pay, she realizes with surprise that the banking information of her spouse are already known in the system.

Resolution

She immediately calls the company and demands to speak with the manager and told him her way of thinking.

Conclusion

The company’s boss was not totally aware of the operation of the order process online. He admits that the data safety is not guaranteed and takes on to intervene by his webmaster.

timbre signification

Recommendations

During orders online, only the essential information can be collected and kept by the company. This scenario shows that data were collected via two different computers, but geographically in the same location, and they were linked thanks to the the public address of the property. The IP address is a private data, unnecessary to a transaction, in cash, the company is not allowed to keep this information.

Basic principles

art. 4 et 7 LPD ; Proportionality, Data safety

Resources

Related scripts