A.8.10 Information deletion of the new version of ISO27001:2022 is a completely new requirement; compared with the previous version of ISO27001:2013, A.8.2 mentioned the classification and disposal of information, and A.8.3 mentioned that storage should be prevented In the event of unauthorized removal of media information, the new version of information deletion focuses on deleting unnecessary information to avoid leakage of sensitive information, and re-emphasizes the importance of legal compliance.
In the future, organizations/enterprises must comply with the requirements of A.8.10 information deletion in three aspects: deletion method, information deletion evidence retention, and legal compliance.
Among them, it is worth exploring in-depth legal compliance: 1. Taiwan's "Individual Information Law" and ISO27701:2019 Personal Information Privacy Information Management System can directly correspond to the new requirement A.8.10 Information deletion: Article 11, Paragraph 3 of my country's Personal Data Protection Act: When the specific purpose for collecting personal data disappears or the period expires, the personal data shall be deleted, stopped processing or used voluntarily or at the request of the party concerned. ISO27701:2019 Personal Information Management System (PIMS) Clause 7.4.5 Provisions for de-identification and deletion of PII at the end of processing: Once the original PII is no longer needed for the stated purpose, the organization should delete the PII Or provided in a form that does not allow identification or re-identification of PII parties; Clause 7.4.8 Deprecation: Organizations should have written policies, procedures and/or mechanisms for deprecation of PII.
2. The EU GDPR (General Data Protection Regulation) and the US CCPA (California Consumer Privacy Act) do not set sunset clauses for sensitive data, but require individual data holders to be obliged to delete data when requested by the individual data owner. (except in cases of public interest, regulatory requirements, etc.).
Comments