πΌ 3.1 Keep cardholder data storage to a minimum by implementing data retention and disposal policies.
-
Contextual name: πΌ 3.1 Keep cardholder data storage to a minimum by implementing data retention and disposal policies.
-
ID:
/frameworks/pci-dss-v3.2.1/03/01 -
Located in: πΌ 3 Protect stored cardholder data
Descriptionβ
Procedures and processes that include at least the following for all cardholder data (CHD) storage:
- Limiting data storage amount and retention time to that which is required for legal, regulatory, and/or business requirements
- Specific retention requirements for cardholder data
- Processes for secure deletion of data when no longer needed
- A quarterly process for identifying and securely deleting stored cardholder data that exceeds defined retention.
Similarβ
- Sections
/frameworks/pci-dss-v4.0/03/02/01
- Internal
- ID:
dec-c-6e0d6f02
- ID:
Similar Sections (Take Policies From)β
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|---|---|---|---|
| πΌ PCI DSS v4.0 β πΌ 3.2.1 Account data storage is kept to a minimum through implementation of data retention and disposal policies, procedures, and processes. |
Similar Sections (Give Policies To)β
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|---|---|---|---|
| πΌ PCI DSS v4.0 β πΌ 3.2.1 Account data storage is kept to a minimum through implementation of data retention and disposal policies, procedures, and processes. |
Sub Sectionsβ
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|