Security Basics mailing list archives
RE: Data retention Policy/Data Classification Policy
From: "Hall, Spencer D" <shall () stvincentshealth com>
Date: Tue, 9 Oct 2007 16:24:06 -0400
Any data retention policy goes hand in hand with a good data classification policy. I would be interested in seeing a data classification policy geared to healthcare that takes into account the recent e-retention/e-discovery statue. Spencer D. Hall Sr. Technology Engineer/Information Security Officer Ascension Health - Jacksonville - Southeast Region St. Vincent's Health Care - Jacksonville Spencer.hall () jaxhealth com -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Palmer, Mark Sent: Tuesday, October 09, 2007 2:40 PM To: Hall, Spencer D; security-basics () securityfocus com; dalmada () sisp cv Subject: RE: Data retention Policy What "data" is your company retaining? A goal of a PCI effort should be to get businesses to stop retaining unneeded/unnecessary data like credit card numbers. Consult your company's legal & finance teams on all data retention issues. You will not likely find a definitive "keep x for y number of (days, months, years, etc...)" as it depends on the scope of data, the risk the business is willing/unwilling to take, and what policy and processes the business has in place to deal with data management. Mark Palmer -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of dalmada () sisp cv Sent: Monday, October 08, 2007 11:03 AM To: security-basics () securityfocus com Subject: Data retention Policy Hi, Can you point me some good links on data retention/disposal policies. It is a requirement for PCI compliance. I have googled, SANS, NIST but any luck. Thank you in advance David CONFIDENTIALITY NOTICE: This email message and any accompanying data or files is confidential and may contain privileged information intended only for the named recipient(s). If you are not the intended recipient(s), you are hereby notified that the dissemination, distribution, and or copying of this message is strictly prohibited. If you receive this message in error, or are not the named recipient(s), please notify the sender at the email address above, delete this email from your computer, and destroy any copies in any form immediately. Receipt by anyone other than the named recipient(s) is not a waiver of any attorney-client, work product, or other applicable privilege.
Current thread:
- Data retention Policy dalmada (Oct 09)
- RE: Data retention Policy Palmer, Mark (Oct 09)
- RE: Data retention Policy/Data Classification Policy Hall, Spencer D (Oct 09)
- <Possible follow-ups>
- Re: Data retention Policy rohnskii (Oct 10)
- Re: Data retention Policy rohnskii (Oct 10)
- RE: Data retention Policy Palmer, Mark (Oct 09)