Payment Card Industry (PCI) Data Security Standards Practice Test

What meets PCI DSS requirements for secure destruction of media containing cardholder data?

• A. Electronic media stored securely when no longer needed
• B. Hard copy materials copied before destruction
• C. Electronic media is physically destroyed to prevent data reconstruction
• D. Physical storage containers located outside the CDE

The correct answer is: Electronic media is physically destroyed to prevent data reconstruction

The choice of physical destruction of electronic media to prevent data reconstruction precisely meets PCI DSS requirements for secure destruction of media containing cardholder data. This process aligns with the standards set forth by PCI DSS, which emphasize the need for complete data destruction when the data is no longer required. PCI DSS guidelines insist that organizations must ensure that cardholder data is rendered unrecoverable when the media is discarded or repurposed. By physically destroying electronic media, such as hard drives or solid-state drives, organizations preclude any possibility of data reconstruction, thus safeguarding sensitive payment card information from unauthorized access or potential breaches. Securely destroying electronic media through methods such as shredding, crushing, or incineration ensures that the data cannot be retrieved, a vital step for maintaining compliance with PCI DSS. This practice is critical since the ramifications of compromised cardholder data can lead to severe financial and reputational damage for businesses. In contrast, keeping electronic media securely stored, copying hard copy materials before destruction, or utilizing physical storage containers outside the Cardholder Data Environment (CDE) do not fulfill the specific requirements for the secure destruction of media as per the PCI DSS. These options may reduce risks but do not ensure the complete elimination of cardholder data, which is essential for