πΌ 3.2.1 Account data storage is kept to a minimum through implementation of data retention and disposal policies, procedures, and processes.
-
Contextual name: πΌ 3.2.1 Account data storage is kept to a minimum through implementation of data retention and disposal policies, procedures, and processes.
-
ID:
/frameworks/pci-dss-v4.0/03/02/01 -
Located in: πΌ 3.2 Storage of account data is kept to a minimum.
Descriptionβ
Include at least the following:
- Coverage for all locations of stored account data.
- Coverage for any sensitive authentication data (SAD) stored prior to completion of authorization. This bullet is a best practice until its effective date; refer to Applicability Notes below for details.
- Limiting data storage amount and retention time to that which is required for legal or regulatory, and/or business requirements.
- Specific retention requirements for stored account data that defines length of retention period and includes a documented business justification.
- Processes for secure deletion or rendering account data unrecoverable when no longer needed per the retention policy.
- A process for verifying, at least once every three months, that stored account data exceeding the defined retention period has been securely deleted or rendered unrecoverable.
Similarβ
- Sections
/frameworks/pci-dss-v3.2.1/03/01/frameworks/pci-dss-v4.0.1/03/02/01
Similar Sections (Take Policies From)β
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|---|---|---|---|
| πΌ PCI DSS v3.2.1 β πΌ 3.1 Keep cardholder data storage to a minimum by implementing data retention and disposal policies. | ||||
| πΌ PCI DSS v4.0.1 β πΌ 3.2.1 Account data storage is kept to a minimum through implementation of data retention and disposal policies, procedures, and processes. |
Similar Sections (Give Policies To)β
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|---|---|---|---|
| πΌ PCI DSS v3.2.1 β πΌ 3.1 Keep cardholder data storage to a minimum by implementing data retention and disposal policies. | ||||
| πΌ PCI DSS v4.0.1 β πΌ 3.2.1 Account data storage is kept to a minimum through implementation of data retention and disposal policies, procedures, and processes. |
Sub Sectionsβ
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|