We seem to be asked more and more by institutions that they need to clear 'ML or 'AML' regulations on their side. Banks, lawyers, listed businesses like car showrooms and just look on the jobs page and you will see it filled with companies advertising for jobs in these areas. So, once we pass over our intimate details holding personal details such as a bank statement or passport, what obligations are these institutions under to keep this information safe? Of course, there will be laws between the government and institution but do they go far enough to protect the individual. Do you recall reading a satisfying assurance along the lines of ‘we will keep your information safe and away from third parties and securely destroy it after X time', before we hand over these personal details or indeed should they need to? I often wonder what happens to this information, is it sitting on a server ready to be leaked on the deep dark web? Is it there already? I am not sure what the answer is for institutions but perhaps it’s time for the Government to look at consumer cyber laws.