Not sure if this is the right forum (please correct me if not)...
I recently registered with my dental insurer to handle insurance claims online, and filled in their online form with personal details, including a login name and password and password reset question and answer.
I then received a confirmation email (also copied to two other people in the insurance company), containing all that information, including the password and password reset question/answer in plain text.
Bearing in mind that email is totally unsecure, i.e. equivalent to posting in public, it clearly defeats the point of having a password, but is this a breach of data protection legislation? Also, is it acceptable that my personal password details can be sent to others?