It is less complicated to make sure security and privacy controls are sufficient and justified when info is categorized and flagged as personally identifiable info (PII). Since We have now built and executed controls, let us proceed to monitoring and testing controls. Restrict usage of cardholder info by company need-to-know. https://livewebnews.info/nathan-labs-advisory-shaping-robust-cyber-security-policies-in-the-usa/