Purpose
Ensure agencies that engage in online activities or electronic commerce use due diligence to protect customer information from misuse or unauthorized access.
Standard
- Agencies requesting customer information shall provide a secure method for collection in compliance with the Encryption Standard.
- Credit card numbers collected via e-services will not be stored electronically.
- Credit card transactions shall be processed securely and must use Bank of North Dakota (BND) approved vendors.
Definition
Customer information - Any recorded information that identifies the person, such as but not limited to: account number, social security number, user ID/ PIN number/password, driver's license number. Other information to be considered based on agency business, such as but not limited to: name, mailing address, e-mail address.
E-Services - Services provided electronically via media that is interactive. For example but not limited to:
- Interactive Voice Response (IVR)
- World Wide Web
Customer - Any entity doing business with the state of ND on their own or another's behalf.
Guidance
- Encryption Standard
Policy
Ensure customer information is handled securely.
Scope
This standard applies to all executive branch state agencies including the University Systems Office but excluding other higher education institutions, i.e. campuses and agricultural and research centers.
Statement of Commitment
North Dakota's CIO/CTO directs that IT Policy be created to establish statewide information technology policies and standards as defined within ND Century Code (Chapter 54-59-09).
Non-Compliance
Non-compliance with this standard shall be reported to the Office of the State Auditor.