How are the Amazon sellers among us meeting their PII (Personal Identifying Information) data retention requirements?
Data Retention and Recovery. Developers will retain PII only for the purpose of, and as long as is necessary to fulfill orders (no longer than 30 days after order shipment), or to calculate/remit taxes. If a Developer is required by law to retain archival copies of PII for tax or similar regulatory purposes, this archived Amazon Information must be stored as a “cold” or offline (e.g., not available for immediate or interactive use) backup stored in a physically secure facility, and all archived data on backup media must be encrypted. In the event that PII is lost, you must be able to recover all PII lost (i.e., the data is erased or unavailable for processing due to system crash or ransomware).
- A handful of BPM’s to hide PII (customer name/address/number/email) on any Amazon customer orders, shipments, and invoices?
- Or somehow purge the data from Epicor after 30 days (not using direct SQL)?
- How could cold storage help?
- Best practices?