DiskShred, a data storage destruction specialist, has warned UK companies that process credit card transactions, which accounts for almost all SMEs and larger businesses, plans to dramatically ramp up the security requirements under Version 3 of the PCI DSS rules due later this year.
Philip McMichael, operations director, DiskShred said: "Under the PCI DSS rules, if you do not comply with the required standard, you may lose you ability to accept credit and debit cards from your customers – which is arguably far worse than a hefty fine from the ICO".
The PCI Data Security Standards (PCI DSS) is developed by the card payments industry in close consultation with the Payment Card Industry (PCI) council, and consists of 12 significant requirements, including multiple sub-requirements, which contain numerous directives.
These directives, which apply to most organisations that process payment card transactions, allow businesses to measure their own payment card security policies, procedures and guidelines.
Most experts agree that revision 3 of the PCI DSS rules will see the scope of the rule’s external audit requirements extended to cover many more companies, as well as impose harsher requirements on all companies who accept credit and debit cards from their customers.
McMichael commented: "We’ve all heard the horror stories of customer data appearing on the hard drives of computers sold on auction Web sites – resulting in fines from the Information Commissioner’s Office (ICO) under the Data Protection Act. Under the PCI DSS rules, if you do not comply with the required standard, you may lose you ability to accept credit and debit cards from your customers – which is arguably far worse than a hefty fine from the ICO.
"Thankfully we can offer an on-site service that provides a hard drive and data storage device destruction facility that conforms to all necessary governance standards – shredding the data storage down to confetti-sized pieces – and providing a complete compliance audit trail, thanks to on-truck CCTV facilities and staff who are CRB checked on their backgrounds."
With the Data Protection Act and the Companies Act imposing increasing levels of data security duty of care on company directors and their senior staff, there is the spectre of the Government introducing custodial sentences for individuals who breach data protection laws to contend with. This is where DiskShred’s fully auditable on-site data storage device destruction service can provide a hassle-free way of avoiding corporate angst over breaking the law or required governance standards.
McMichael added: "Our approach is the only sure-fire way to prove to regulators, the Police and clients, that the data held on your storage devices is gone forever. So whether you have 50 or 5000 disks to destroy, we can move our trucks on to your site and shred your hardware in front of your eyes."
