How do I answer this question? "Does the protected personal information records the Applicant stores, collects, transacts, accepts, transmits, handles, or processes include any of the following types of information?"

Edited

Most companies accept credit cards for payment, but that’s not what this question is asking. If your client has a payment processor, they built it themselves, and you should answer yes to this question. Otherwise, they likely aren’t collecting Personally Identifiable Information (PII) about people’s credit cards.

Another way to look at it is if the client is actually storing the credit card numbers and other information, or if they just let people pay through a third-party tool.

This is because tools like Paypal, Square, Squarespace, and Shopify all handle credit card payments for businesses, so the business is not actually privy to or stores its clients' credit card information. If this is the case, then you should answer no to this question.

Questions to ask:

  • Do you have a payment processor you built? If so, are you PCI-compliant? How do you protect this data?

  • Do you see the credit card numbers people use to pay?


Related Articles

Where is the TRIA form?

What happens if I edit a quote?

How do I add multiple tenant types?

How do I add multiple class codes?

Cyber Liability