Skip to main content

💼 3.1 Keep cardholder data storage to a minimum by implementing data retention and disposal policies.

  • ID: /frameworks/pci-dss-v3.2.1/03/01

Description​

Procedures and processes that include at least the following for all cardholder data (CHD) storage:

  • Limiting data storage amount and retention time to that which is required for legal, regulatory, and/or business requirements
  • Specific retention requirements for cardholder data
  • Processes for secure deletion of data when no longer needed
  • A quarterly process for identifying and securely deleting stored cardholder data that exceeds defined retention.

Similar​

  • Sections
    • /frameworks/pci-dss-v4.0/03/02/01
  • Internal
    • ID: dec-c-6e0d6f02

Similar Sections (Take Policies From)​

SectionSub SectionsInternal RulesPoliciesFlagsCompliance
💼 PCI DSS v4.0 → 💼 3.2.1 Account data storage is kept to a minimum through implementation of data retention and disposal policies, procedures, and processes.no data

Similar Sections (Give Policies To)​

SectionSub SectionsInternal RulesPoliciesFlagsCompliance
💼 PCI DSS v4.0 → 💼 3.2.1 Account data storage is kept to a minimum through implementation of data retention and disposal policies, procedures, and processes.no data

Sub Sections​

SectionSub SectionsInternal RulesPoliciesFlagsCompliance