JISCMail - DATA-PROTECTION Archives

The British Bankers Association (BBA) may be able to give a few pointers.

This data use is tied in with any mechant services agreements you may have
with your organisations banker.
As a start I would query with your bankers what their contract terms are
regarding the need for your org to produce such data to them in support of
any transaction disputes. This would be a baseline driver to determine an
appropriate retention period.

You will have security obligations and possibly subject access obligations
applying to such data if you keep it.

Whether you have any obligation or need to keep has to be ascertained. DPA
only states personal data must be kept no longer than is necessary for its
purpose. Any such purpose must have been advised to your data subject to
satisfy the Acts first principle..

Hope these thoughts assist.

David Wyatt


----- Original Message -----
From: "Alison" <[log in to unmask]>
To: <[log in to unmask]>
Sent: Tuesday, November 09, 2004 1:42 PM
Subject: [data-protection] Credit Card security numbers


> Does anyone know where I could find any guidance or advice on security /
> retention requirements relating to credit card security numbers, i.e. the
> CVC numbers on the reverse of the card, that are often taken for
> processing
> credit card payments?  Thanks!
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>       All archives of messages are stored permanently and are
>      available to the world wide web community at large at
>      http://www.jiscmail.ac.uk/lists/data-protection.html
>      If you wish to leave this list please send the command
>       leave data-protection to [log in to unmask]
>            All user commands can be found at : -
>        http://www.jiscmail.ac.uk/help/commandref.htm
>  (all commands go to [log in to unmask] not the list please)
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
       All archives of messages are stored permanently and are
      available to the world wide web community at large at
      http://www.jiscmail.ac.uk/lists/data-protection.html
      If you wish to leave this list please send the command
       leave data-protection to [log in to unmask]
            All user commands can be found at : -
        http://www.jiscmail.ac.uk/help/commandref.htm
  (all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^