May credit card information be stored in files or documents on my computer?

 
  1. No, the UNC Charlotte Standard for Handling Cardholder Data states, "Customer CHD [Cardholder data] must never be entered or captured on University devices or network resources."
  2. The Payment Card Industry Data Security Standards (PCI DSS) place strict requirements for the storage of cardholder data.  
  3. Entering or storing cardholder data on University computers or devices or within files or documents violates those Standards.
  4. Additionally, please reference the Office of OneIT's Guideline for Data Handling for guidance on the proper protection of data.
  5. Private, sensitive data cannot reside on the University servers, related devices, equipment and software.

    Important:  If you enter cardholder data on any University device, you should:

    • Permanently delete the cardholder data from your computer and associated files. 
      • To permanently remove the file/document:
        • Delete the file/document from your computer
        • Locate the "Recycle Bin" on your operating system
          • Select "Empty Recycle Bin" OR
          • Right-click on the Recycle Bin and click "Open" 
        • Find the particular file/document you would like to delete
        • Right-click on it
        • Select "Delete"
    • Notify Merchant Services immediately and send them:
      • A statement that sensitive cardholder data was entered into a University device by you
      • Confirmation that the original cardholder data was permanently deleted from your computer and related systems 
      • Date and time that the data was permanently deleted
Print Article