Re: As I observed elsewhere in this illustrious mag
> "I am not legally required to close and lock my door; but if I'm burgled, then
> I'm at least partly responsible."
> No you're not. Not legally, nor morally.
Your analogy of blaming the victim doesn't apply here; in this case the victim is the customers who trusted talktalk with their payment details, and regardless of specific law about encryption, talktalk had a duty of care to these customers which it neglected.
Falling back on the absence of a specific law requiring encryption is both pathetic and contrary to the concept of common law ( or as the merkins would call it, case law ). I suspect that if this ended up in court in the UK, or the US, that there would very soon be a law requiring such data to be encrypted. The law is whatever the judge says it is, and this kind of bullshit is why.