Free advice for merchants accepting payment cards
3. Protect Stored Data 3.1 Keep cardholder information storage to a minimum. Develop a data retention and disposal policy. Limit your storage amount and retention time to that which is required for business, legal, and/or regulatory purposes, as documented in the data retention policy. 3.2 Do not store sensitive authentication data subsequent to authorization (not even if encrypted): 3.2.1 Do not store the full contents of any track from the magnetic stripe (on the back of a card, in a chip, etc.). 3.2.2 Do not store the card-validation code (CVC) (Three-digit or four-digit value printed on the front or back of a payment card (for example, CVV2, and CVC2 data). 3.2.3 Do not store the PIN Verification Value (PVV).
Payment Card Industry Data Security Standard, (Jan. 2005) p. 6