How to Meet Amazon’s PII Data Retention Requirements

How are the Amazon sellers among us meeting their PII (Personal Identifying Information) data retention requirements?

Data Retention and Recovery. Developers will retain PII only for the purpose of, and as long as is necessary to fulfill orders (no longer than 30 days after order shipment), or to calculate/remit taxes. If a Developer is required by law to retain archival copies of PII for tax or similar regulatory purposes, this archived Amazon Information must be stored as a “cold” or offline (e.g., not available for immediate or interactive use) backup stored in a physically secure facility, and all archived data on backup media must be encrypted. In the event that PII is lost, you must be able to recover all PII lost (i.e., the data is erased or unavailable for processing due to system crash or ransomware).

  • A handful of BPM’s to hide PII (customer name/address/number/email) on any Amazon customer orders, shipments, and invoices?
  • Or somehow purge the data from Epicor after 30 days (not using direct SQL)?
  • How could cold storage help?
  • Best practices?


For what it’s worth, YIKES! I assume most people are using One Time Ship To, but that data really should not be purged in Epicor. This data is on the Orders and the Shipments.


What if you overwrote the OTS fields on the order/pack/and invoice?
A script or UBAQ to find the closed order after X days and just write PII removed to certain fields. Keep the city state and zip for sales tax audit reasons.

What about the backup databases?
This would have to be removed from change logs.

Because of ransomware, I still like tape backups. Maybe Amazon will give you a discount on some S3 storage? :joy:

I think using real ShipTos might be a good way to go. Enter the ship to as normal then have a process to clear out the PII data in the ShipTo. Since no other data is stored except the link to the ship to all the other data (Invoices, order ack, shipment) will be clean. You could even potentially copy the shipto records to cold storage before clearing them.

Don’t forget to remove the records from your test environment too.

Does Amazon store the PII info? If needed can it be retrieved from them? If so maybe as soon as the product is shipped it could be cleared from Epicor and replaced by the Amazon ID. What about UPS WorldShip? Doesn’t that still have all the PII in it?

Thanks, guys. We’ll explore overwriting the ShipTo (both real and OTS) information to see if that will work. Our archived data will is encrypted, so we’re covered there. Good point about the shipping end points too (Manifest, FedEx, UPS…). Good point on Amazon storing the PII - it’s available for 2+ years, so we’ll be able to go back there for information during tax audits.