All organisations holding customer or user data (e.g. addresses, payment details, passwords etc.) must be aware of their responsibilities for ensuring it is not misused or stolen. NBAs holding such data should take account of the relevant local data protection legislation in their countries when designing and operating online services in order to comply with accepted best practice