Information re PCI DSS compliance for securing credit card data

KSmith made this Freedom of Information request to Chesterfield Borough Council

This request has been closed to new correspondence from the public body. Contact us if you think it ought be re-opened.

The request was successful.

Dear Chesterfield Borough Council,

• Does your organisation store or process any credit card data or other sensitive personal data?
• Are you currently PCI compliant and if so at which level?
• Have you ever failed a PCI assessment test in the last 3 years, if so how many times and why?
• During your last PCI assessment how many areas did your PCI auditor identify as in need of remediation?
• How much budget did you spend in the last 12 months on reaching/maintaining PCI Compliance?
• How much did your organisation spend on refreshments such as tea, coffee and biscuits in the last year?
• Has your organisation suffered any data breaches of personal data in the last 12 months when credit card data was leaked?
• Which of those breaches did you self-detect and how many were you notified of by third parties such as banks, police authorities etc?

Yours faithfully,


Julie Sparks, Chesterfield Borough Council

Dear Mr/Ms. Smith,

Thank you for your Freedom of Information request, received today in
relation to: 'Information re PCI DSS compliance for securing credit card

The request has been logged under Reference FOI 1505 and will now be
assigned to an officer for a response.

The statutory period for response time for these requests is 20 working
days (with some exceptions).

Please quote the above reference in any further correspondence.

Julie Sparks
sent on behalf of Gerard Rogers
Senior Solicitor and Deputy Monitoring Officer
[email address]
01246 345310


Full Request Details

show quoted sections

Dear Julie Sparks,

Can you please provide an update on the FOI request re: PCI DSS compliance for securing credit card data? As required by law the information should have been sent by 30 Jan 2015.

Yours sincerely,


Andy Booker, Chesterfield Borough Council

2 Attachments

  • Attachment

    Picture Device Independent Bitmap 1.jpg

    1K Download

  • Attachment

    Draft FoI number 1505 Information re PCI DSS compliance for securing credit card data.doc.doc

    35K Download View as HTML

Please find details of you FOI Request



Tony Smith


Tony Smith CISSP, iisp Affiliate member
Head of Security for Chesterfield, Derbyshire Dales and Congleton, Public
Sector & Contact Centres, Cyber Security and Resilience.  Chair - East
Midlands Councils WARP.

arvato UK

show quoted sections