The seeping data problem
We all backup our data on computers, smartphones, and wherever else it is held. That's a good thing - but an article on the StorefrontBacktalk blog entitled Are Data Backups Unintentionally Expanding Your PCI Scope? talks about how payment card data can seep into places you don't want it to, which is then in turn backed up. While the article focuses on payment cards, the issue could apply to any data. The entire article is worth a read - whether you deal with credit and debit card information or not - but to get a flavour:
Are your automated backup systems expanding your PCI scope? Almost everyone agrees that backing up your important data is a smart thing to do. Except, that is, when it’s not. The problem starts when your sensitive data seeps into places you don’t expect.
Your backup systems then unintentionally spread cardholder data to locations you don’t suspect and expand your PCI scope in the process. Should you be concerned? I think you should be, and I’m not the only one–the PCI Council thinks retailers may have a problem, too.
And another post on the same blog entitled iPhone Payment Peril: Mobile Mayhem Omen? starts by saying:
Many apps are simply sloppy about the security of sensitive data.
The bottom line is that everyone who designs any kind of hardware or software, or is responsible for any kind of computer system, needs to think about this issue carefully, and limit the unnecessary duplication or storage of personal or confidential information.