PDA

View Full Version : Storing Customer Details Securely - Laws - standards



Lord_Webby
08 Oct 2008, 04:22 AM
I am creating a site that will be used to hold information about customers and their credit cards. I will not be storing or processing PAN (Primary account numbers) in any way, so I know PCI-DSS (Payment Card Industry - Data Security Standards) do not apply. But does anyone know of any regulations regarding storing customer data in a database?

The Data Protection Act is a bit vague - I can't seem to find information regarding specifics. For instance, I've been told that if you are holding customer data it needs to be on a seperate server to the website. Is this true?

Does anyone know of any specific documents / standards regarding storing customer information entered through the web?

Any help would be appreciated. Thanks.