Fiona
Some of the retention periods for data items will be defined in your
contract (merchant agreement) with the credit card issuing companies. There
are likely to be accounting standards also defining retention of
transacational data in support of auditing requirements, not that familiar
with the standards driving public sector bodies in this areas..
Linked to protection of this data and audit trails on transactions is the
payment card industry security standards.
The target date for implementation was June 2005. (Wonder how many merchants
have managed to implement the required controls from these standards which
are subject to audit)
See these links to the standards and various agreements and self
certification
http://www.visaeurope.com/acceptingvisa/downloads.html
http://www.visaeurope.com/acceptingvisa/pdf/merchant_best_practice.pdf
Hope this assists
David Wyatt
----- Original Message -----
From: "Fiona Musgrave" <[log in to unmask]>
To: <[log in to unmask]>
Sent: Wednesday, July 20, 2005 5:18 PM
Subject: [data-protection] Credit card details
> Hi all
>
> Any advice would be gratefully received. How long should credit card
> details
> be retained once the payment has been completed?
>
> Thanks.
>
> Fiona.
>
> Fiona Musgrave
> Information Officer - Strategic and Performance Services
> Carlisle City Council
> 0122 881 7258
> Did you know that under the Freedom of Information Act 2000, an e-mail
> could
> form part of a response to a request for information?
>
> ________________________________________________________________________
> This e-mail and its attachments have been created in the knowledge that
> e-mail is not a 100% secure communications medium. Please be aware of this
> when replying.
>
> The views and opinions expressed by the author are not necessarily those
> of Carlisle City Council.
>
> This e-mail and its attachments may include confidential information and
> is solely for use by the intended recipient(s). If you have received this
> e-mail and its attachments in error please notify the sender immediately
> delete them and do not disclose, copy, distribute or retain any part of
> them.
>
> Carlisle City Council has scanned this e-mail and its attachments to
> ensure that they are virus free. The Council can take no responsibility if
> a virus is actually present and you are advised to make the appropriate
> checks to confirm that they are virus free.
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> All archives of messages are stored permanently and are
> available to the world wide web community at large at
> http://www.jiscmail.ac.uk/lists/data-protection.html
> If you wish to leave this list please send the command
> leave data-protection to [log in to unmask]
> All user commands can be found at : -
> http://www.jiscmail.ac.uk/help/commandref.htm
> Any queries about sending or receiving message please send to the list
> owner
> [log in to unmask]
> (all commands go to [log in to unmask] not the list please)
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving message please send to the list owner
[log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|