The British Bankers Association (BBA) may be able to give a few pointers. This data use is tied in with any mechant services agreements you may have with your organisations banker. As a start I would query with your bankers what their contract terms are regarding the need for your org to produce such data to them in support of any transaction disputes. This would be a baseline driver to determine an appropriate retention period. You will have security obligations and possibly subject access obligations applying to such data if you keep it. Whether you have any obligation or need to keep has to be ascertained. DPA only states personal data must be kept no longer than is necessary for its purpose. Any such purpose must have been advised to your data subject to satisfy the Acts first principle.. Hope these thoughts assist. David Wyatt ----- Original Message ----- From: "Alison" <[log in to unmask]> To: <[log in to unmask]> Sent: Tuesday, November 09, 2004 1:42 PM Subject: [data-protection] Credit Card security numbers > Does anyone know where I could find any guidance or advice on security / > retention requirements relating to credit card security numbers, i.e. the > CVC numbers on the reverse of the card, that are often taken for > processing > credit card payments? Thanks! > > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > All archives of messages are stored permanently and are > available to the world wide web community at large at > http://www.jiscmail.ac.uk/lists/data-protection.html > If you wish to leave this list please send the command > leave data-protection to [log in to unmask] > All user commands can be found at : - > http://www.jiscmail.ac.uk/help/commandref.htm > (all commands go to [log in to unmask] not the list please) > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ All archives of messages are stored permanently and are available to the world wide web community at large at http://www.jiscmail.ac.uk/lists/data-protection.html If you wish to leave this list please send the command leave data-protection to [log in to unmask] All user commands can be found at : - http://www.jiscmail.ac.uk/help/commandref.htm (all commands go to [log in to unmask] not the list please) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^