ISO IEC 27555:2021 pdf download – Information security, cybersecurity and privacy protection — Guidelines on personally identifiable information deletion.
3.1 cluster of personally identifiable information cluster of PII personally identifiable information which is processed for a consistent functional purpose Note 1 to entry: Clusters of PII are described independently of the technical representation of data objects. On a regular basis, the clusters of PII also include PII which is not stored electronically. 3.2 data object element which contains personally identifiable information (PII) EXAMPLE Examples of elements include files, documents, records or attributes. Concrete data objects include, for example, invoices, contracts, personal files, visitor lists, personnel planning sheets, photos, voice recordings, user accounts, log entries and consent documents. Note 1 to entry: In the context of this document, data objects usually contain PII and can be combined with other data objects in a cluster of PII ( 3.1). The individual data object can be of varying complexity. 3.3 deletion process by which personally identifiable information (PII) is changed so that it is no longer present or recognizable and usable and can only be reconstructed with excessive effort Note 1 to entry: In this document the term deletion has the following synonyms: disposition mechanism, erasure, destruction, destruction of data storage media. Note 2 to entry: In this document the term deletion refers to the elimination of the bit patterns or comparable practices, not simply marking or moving the data to be hidden. As a result, excessive effort for PII reconstruction is required, considering all the means likely to be used, e.g. available state-of-the-art technology, human and technical resources, costs and time. Note 3 to entry: For selecting the methods for deletion, a risk-based approach should be taken into account, including sensitivity of PII and potential use of forensic tools. Required measures can change over time depending on the state of the art of technology and other factors. Note 4 to entry: PII can be also changed by applying an irreversible de-identification technique. Such data often fall out of the scope of privacy legislation. Further guidance on a de-identification technique can be found in ISO/ IEC 20889:2018, Clause 11. 3.4 deletion class combination of a standard deletion period (3.7 ) and an abstract starting point for the period run Note 1 to entry: All clusters of personally identifiable information (PII) which are subject to the same deletion period (3.6) and the same abstract starting point are combined in a deletion class. As opposed to the (specific) deletion rule ( 3.5 ) for a cluster of PII (3.1), the (abstract) deletion class relates only to the abstract starting point and not to a specific condition for the start of the period run (see also Clause 8). 3.5 deletion rule combination of deletion period ( 3.6 ) and specific condition for the starting point of the period run 3.6 deletion period time period after which a specific cluster of personally identifiable information (PII) (3.1) should be deleted Note 1 to entry: As a generic term, the deletion period comprises all deletion periods. This includes the standard deletion periods ( 3.7 ) and the regular deletion periods ( 3.8 ), which form special groups. However, the term also includes, for instance, the specific deletion periods for some clusters of PII or deletion periods in special cases. For details, see Clause 7.