ISO/IEC 27555:2021 provides guidelines for the deletion of personally identifiable information (PII) within organizations. This standard is essential for ensuring that PII is not retained longer than necessary and is deleted appropriately to comply with privacy regulations.
Key aspects covered include:
- Harmonized Terminology: Establishing a common language for PII deletion processes.
- Deletion Rules: Defining efficient and effective rules for deleting PII.
- Documentation: Describing the necessary documentation to support PII deletion processes.
- Roles and Responsibilities: Outlining the roles and responsibilities involved in the deletion of PII12.
The standard does not address specific legal provisions, deletion mechanisms, or techniques for de-identification of data, but it provides a framework for organizations to develop their own policies and procedures for PII deletion.