This policy outlines procedures for the credit card data purge process, including a purge schedule.
The payment card industry (PCI) data security standard requires that certain procedures are in place for compliance. In order to limit the risk and impact of a security breach, it is highly recommended that card numbers be truncated or purged as soon as they are no longer needed, even if the card numbers are in hashed or encrypted form. This document covers procedures to purge or truncate the card number from databases, as well as associated electronic files on the server. For electronic documents, hard-copy files, and emails on user hard drives or shared drives, separate procedures will govern the purging process.