Using PCI DSS Criteria for PII Protection
Payment Card Industry Data Security Standard (PCI DSS) is a widely accepted standard that applies internationally to any organization that accepts, captures, stores, transmits or processes credit and debit card data. Many organizations, however, have mandates to protect Personally Identifiable Information (PII). In contrast with PCI, PII directives are often vague and offer wider latitude and less guidance for specific controls. This paper presents how organizations can benefit from using PCI guidelines and solutions for PII data compliance.
You will learn:
- Best practices for applying tools from the PCI to protect other types of sensitive data;
- Data protection methods, including tokenization and format-preserving encryption;
- Examples of PII that may require enhanced protection.