mailing list archives
RE: Data retention Policy
From: "Palmer, Mark" <mpalmer () hoovers com>
Date: Tue, 9 Oct 2007 13:39:59 -0500
What "data" is your company retaining?
A goal of a PCI effort should be to get businesses to stop retaining
unneeded/unnecessary data like credit card numbers.
Consult your company's legal & finance teams on all data retention
issues. You will not likely find a definitive "keep x for y number of
(days, months, years, etc...)" as it depends on the scope of data, the
risk the business is willing/unwilling to take, and what policy and
processes the business has in place to deal with data management.
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of dalmada () sisp cv
Sent: Monday, October 08, 2007 11:03 AM
To: security-basics () securityfocus com
Subject: Data retention Policy
Can you point me some good links on data retention/disposal policies. It
is a requirement for PCI compliance.
I have googled, SANS, NIST but any luck.
Thank you in advance