're: :data on PCI DSS compliance for securing credit card data

The request was successful.

Dear Eden District Council,

• Does your organisation store or process any credit card data or other sensitive personal data?
• Are you currently PCI compliant and if so at which level?
• Have you ever failed a PCI assessment test in the last 3 years, if so how many times and why?
• During your last PCI assessment how many areas did your PCI auditor identify as in need of remediation?
• How much budget did you spend in the last 12 months on reaching/maintaining PCI Compliance?
• How much did your organisation spend on refreshments such as tea, coffee and biscuits in the last year?
• Has your organisation suffered any data breaches of personal data in the last 12 months when credit card data was leaked?
• Which of those breaches did you self-detect and how many were you notified of by third parties such as banks, police authorities etc?

Yours faithfully,

Caroline

foi, Eden District Council

Dear Caroline

Freedom of Information request relating to PCI DSS Compliance

Thank you for your request under the Freedom of Information Act 2000 received on 18 December 2014. I have registered your request under reference number FOI 02965. I would be grateful if you would please use this reference on any future correspondence.

Your request has been forwarded to the relevant department within the Council for consideration.

The request is subject to any exemption which the Authority is entitled to apply to refuse the request, some of which are absolute and some of which only apply where the public interest in maintaining the exemption outweighs that in disclosing the information.

Once the information has been identified the Authority may also ask that a fee be paid for processing and delivering the information to you. Details of any fee to be charged will be notified to you as soon as possible.

Rosalyn Richardson
Freedom of Information
Eden District Council
Town Hall, Penrith, Cumbria, CA11 7QF

Email: [Eden District Council request email]
Tel 01768 212207

show quoted sections

foi, Eden District Council

Dear Caroline

Further to your FOI request below, may I apologise for the delay in returning the information to you. I have now received a response from the second officer involved and the answers to your queries are in capitals below:

• 1. Does your organisation store or process any credit card data or other sensitive personal data? - YES
• 2. Are you currently PCI compliant and if so at which level? - NO
• 3. Have you ever failed a PCI assessment test in the last 3 years, if so how many times and why? - NO
• 4. During your last PCI assessment how many areas did your PCI auditor identify as in need of remediation? - N/A
• 5. How much budget did you spend in the last 12 months on reaching/maintaining PCI Compliance? - N/A
• 6. How much did your organisation spend on refreshments such as tea, coffee and biscuits in the last year? - WE DO NOT KEEP RECORDS AS DETAILED AS TEA, COFFEE ETC. WE DO HAVE A DETAIL CODE TITLED HOPITALITY WHICH SHOWED A SPEND OF £4266 FOR 2013-2014. THIS INCLUDED A CIVIC EVENT AND SOME SPENDING FOR EDEN TOURISM. IF THESE TWO SPENDS ARE REMOVED THE SPEND ON HOSPITALITY IN GENERAL WOULD BE £1348
• 7. Has your organisation suffered any data breaches of personal data in the last 12 months when credit card data was leaked? - NO
• 8. Which of those breaches did you self-detect and how many were you notified of by third parties such as banks, police authorities etc? - N/A

Regards

Rosalyn Richardson
Freedom of Information
Eden District Council
Town Hall, Penrith, Cumbria, CA11 7QF

Email: [Eden District Council request email]
Tel 01768 212207

show quoted sections