Using PCI DSS Criteria for PII Protection


PCI DSS (Payment Card Industry Data Security Standard) is a widely accepted data security standard that applies internationally to any organization that accepts, captures, stores, transmits or processes credit and debit card data. Many organizations, however, have mandates to protect Personally Identifiable Information (PII). In contrast with PCI, PII directives are often vague and offer wider latitude and less guidance for specific controls. This paper presents how organizations can benefit from using PCI guidelines and solutions for PII data compliance.