David, My information came for APACS, so I would hope that it is correct,
i.e. that retention of CSC numbers is strictly prohiited. However, whether
or not "retailers" stick to the rules is an entirely different matter!
Chris
davidwyatt <[log in to unmask]>@JISCMAIL.AC.UK> on 10/11/2004
00:15:38
Please respond to davidwyatt <[log in to unmask]>
Sent by: This list is for those interested in Data Protection issues
<[log in to unmask]>
To: [log in to unmask]
Subject: Re: [data-protection] Credit Card security numbers
The British Bankers Association (BBA) may be able to give a few pointers.
This data use is tied in with any mechant services agreements you may have
with your organisations banker.
As a start I would query with your bankers what their contract terms are
regarding the need for your org to produce such data to them in support of
any transaction disputes. This would be a baseline driver to determine an
appropriate retention period.
You will have security obligations and possibly subject access obligations
applying to such data if you keep it.
Whether you have any obligation or need to keep has to be ascertained. DPA
only states personal data must be kept no longer than is necessary for its
purpose. Any such purpose must have been advised to your data subject to
satisfy the Acts first principle..
Hope these thoughts assist.
David Wyatt
----- Original Message -----
From: "Alison" <[log in to unmask]>
To: <[log in to unmask]>
Sent: Tuesday, November 09, 2004 1:42 PM
Subject: [data-protection] Credit Card security numbers
> Does anyone know where I could find any guidance or advice on security /
> retention requirements relating to credit card security numbers, i.e. the
> CVC numbers on the reverse of the card, that are often taken for
> processing
> credit card payments? Thanks!
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> All archives of messages are stored permanently and are
> available to the world wide web community at large at
> http://www.jiscmail.ac.uk/lists/data-protection.html
> If you wish to leave this list please send the command
> leave data-protection to [log in to unmask]
> All user commands can be found at : -
> http://www.jiscmail.ac.uk/help/commandref.htm
> (all commands go to [log in to unmask] not the list please)
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
http://www.rac.co.uk
http://www.racbusiness.co.uk
http://www.bsm.co.uk
Any opinions expressed in this e-mail are those of the individual and not necessarily the company. This e-mail and any attachments are confidential to RAC and/or BSM and are solely for use by the intended recipient.
If you are not the intended recipient you must not disclose, copy or distribute its contents to any other person nor use its contents in any way.
If you have received this e-mail in error please forward a copy of this e-mail to "[log in to unmask]".
RAC Motoring Services: Registered England 1424399
VAT Reg No. GB 238640945
British School of Motoring: Registered England 291902
VAT Reg No. GB 239505847
Registered Office(s): 1 Forest Road, Feltham, TW 13 7RR
This e-mail and any attachments has been scanned for the presence of computer viruses. RAC/BSM accept no responsibility for computer viruses once this e-mail has been transmitted.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|