If you read the Bruce Schneier article instead of the linked blog post you get this:
EDITED TO ADD (4/12): Seems that the BBC article misstated the law. Companies have to retain information they already collect for a year after it is no longer required. So if they're not already storing plaintext passwords, they don't have to start.
3 comments
[ 2.5 ms ] story [ 23.3 ms ] threadEDITED TO ADD (4/12): Seems that the BBC article misstated the law. Companies have to retain information they already collect for a year after it is no longer required. So if they're not already storing plaintext passwords, they don't have to start.
Eventually deleted because it's completely wrong.