Standards for collection & storage of banking information?

Sleepy

Does anyone know of any industry standards similar to PCI-DSS that exist around the area of collection and storage of bank account details?

StickyMcGinty

well, you'll need to get versed in your Data Protection legislation - especially if your considering using servers abroad to store this data

Depends on what your responsibilites are, but standards such as ISO-27001 would more than likely apply

Sleepy

Thanks StickyMcGinty, I've read the Data Protection legislation alright and noted that there didn't seem to be anything specific regarding encryption levels etc.

I'm coming at this from the POV of part of a development team creating a web app to collect direct debit mandates.

The data records may potentially be resting on the web server for a few minutes/hours before being passed through the firewall into a corporate LAN at which point the data protection becomes someone else's concern (ideally I'd like to ensure this happens immediately but I don't have full control over the system) but I want to learn everything I can about any and all standards we may be required to meet with our code and architecture.

I'll look up ISO-27001 now. Are there any legal requirements or standards enforced by banks etc beyond the Data Protection Act?