Security Basics mailing list archives
RE: Data retention Policy
From: "Palmer, Mark" <mpalmer () hoovers com>
Date: Tue, 9 Oct 2007 13:39:59 -0500
What "data" is your company retaining? A goal of a PCI effort should be to get businesses to stop retaining unneeded/unnecessary data like credit card numbers. Consult your company's legal & finance teams on all data retention issues. You will not likely find a definitive "keep x for y number of (days, months, years, etc...)" as it depends on the scope of data, the risk the business is willing/unwilling to take, and what policy and processes the business has in place to deal with data management. Mark Palmer -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of dalmada () sisp cv Sent: Monday, October 08, 2007 11:03 AM To: security-basics () securityfocus com Subject: Data retention Policy Hi, Can you point me some good links on data retention/disposal policies. It is a requirement for PCI compliance. I have googled, SANS, NIST but any luck. Thank you in advance David
Current thread:
- Data retention Policy dalmada (Oct 09)
- RE: Data retention Policy Palmer, Mark (Oct 09)
- RE: Data retention Policy/Data Classification Policy Hall, Spencer D (Oct 09)
- <Possible follow-ups>
- Re: Data retention Policy rohnskii (Oct 10)
- Re: Data retention Policy rohnskii (Oct 10)
- RE: Data retention Policy Palmer, Mark (Oct 09)