Connect with us

Hi, what are you looking for?

Compliance

ISO/IEC 27555

ISO/IEC 27555 — Information security, cybersecurity and privacy protection — Rules on personally identifiable information deletion [Draft]

Introduction

The standard will help companies to work toward deleting Personally Identifiable Information systematically while adhering to the “Privacy Framework” defined by ISO/IEC 29100.

The scope of the standard

In particular, the standard covers processing and storing PII, as well as other personal data, which is largely the responsibility of PII controllers.

Among the things it will not address are:

– Specific provisions in contracts and laws (GDP regulation and other privacy rules based on the OECD’s privacy principles will be incorporated);
– Deletion rules that are specific for certain types (“groups”) of PII;
– Mechanisms for deleting data, such as cloud storage;
– Protection of the deletion mechanisms; nor
– De-identification (anonymization) of data using specific techniques.

Using a standard approach may facilitate harmonized lists of the PII deletion rules for different industrial sectors and clarify IT requirements for processing personal data.

The content

The standard guides policies and procedures in 30 pages, including:

– Harmonized terminology for the deletion of PII;
– A better way to define deletion / de-identification rules;
– Documentation requirements; and
– Responsibilities, roles, and processes.

Status

In 2018, the project was launched. The standard is scheduled to be published in 2021.

The document is a Draft International Standard that has been accepted for publication.

Commentary

In addition to establishing a concept as was originally intended, the standard offers practical advice as well.

This standard describes how PII is used for various business purposes as ‘clusters,’ a fascinating but complex concept.

Advertisement Advertisement
  • solutions-inc
  • solutions-inc
  • solutions-inc
  • solutions-inc

Latest Post

Advertisement Advertisement
  • solutions-inc
  • solutions-inc
  • solutions-inc
  • solutions-inc

You May Also Like

Compliance

The task to be performed ISO 27001 Clause 10.1 Nonconformity and corrective action, Clause 10 which includes sections 10.1 and 10.2 covers the “Act”...

Compliance

ISO/IEC 27034:2011+ – Information technology – Security techniques – Application security (all published except part 4) Introduction Business and IT managers, developers and auditors,...

Cyber Security

ISO/IEC TS 27110:2021 — Information security, cybersecurity and privacy protection — Cybersecurity framework development instructions Introduction As a Technical Specification, the standard (an architecture...

Compliance

The article discusses Compliance with Legal and Contractual Requirements, Identification of Applicable Legislation and Contractual Requirements and Intellectual Property Rights accordingly controls.A.18.1 Compliance with...