The Payment Card Industry Security Standards Council has only been a recognised entity for three years. In this short time compliance to its 12 step Data Security Standard model (PCI DSS) has helped improve the integrity of data on a global scale.
The PCI DSS is quite clear as to exactly what kinds of data need to be protected and this simplicity is one of its most powerful aspects. Protection of cardholder data, personal health information and personally identifiable information are of course key to proper data security. However, data protection under the PCI DSS regulations is not solely based on knowing which kinds of data to protect. It is also about accurate data tracking within a business network as a whole.
Dave Mortman, writing for Security Search, stipulates that proper data management in the PCI is far from solely the concern of IT departments. The technology can only go so far to prevent data becoming compromised. To properly comply with the PCI DSS it is necessary to factor in the human element. Electronic storage and security solutions will use data in a predictable and consistent way. Employees on the other hand will often handle and use data in unique and unimaginable ways. As such, a healthy dialogue created via meetings and interviews will construct a better understanding of the data integrity within your own business.
Mortman goes on to elaborate further on the intricacies of PCI DSS, as well as suggesting additional guidelines of his own creation. These include the suggestion that businesses within the PCI should not only encrypt data whilst it is in storage or in transit, but should also use a logging and auditing system to track the data throughout its usage. Whilst many businesses will already be familiar with such practises, the PCI still has some work to do in order to ensure the prolonged integrity of data within the industry.
The PCI DSS has been criticised by some for its relatively broad approach to the problem of data integrity within the Payment Card Industry. Others have understood the regulations for what they really are; essential stepping stones towards a wider acceptance of and adherence to appropriate practises in maintaining data integrity.
