Personal information in Payment Feature Services

Depending on the standard you need to comply with, some of your data might be considered personally identifiable information (PII) or sensitive personal information (SPI).

Most financial transactions probably contain some PII data. Some of the configuration information that controls how data is processed might also be considered PII data. Retention of PII or SPI data is determined by how you configure the processes that are used to purge data.

Locations where potential PII or SPI data can be found are shown in the following list:
  • File system
    • Financial transmissions that are either being processed or being generated are stored as files on the file system.
    • Business Rules Server uses rule sets that apply to the data content that is being processed. These rule sets are distributed as files on the file system.
    • Error and trace log files might contain personal information.
  • Database
    • As financial data is processed, the contents of the data are extracted and stored in the database.
    • Configuration information to enable processing the financial data is stored in the database.
    • The audit log and system log database tables might contain PII, depending on the log entry.
  • Messaging queues
    • PII or SPI data can be found in messaging queues when the queues are used to send financial data files to IBM® Integration Bus workflows.

Access to this information can be by:

  • People that use the Control Center.
  • Operations people with access to the file system, database, or messaging queues.

For more information about protecting PII and SPI data, see the rest of the topics in Payment Feature Services security.