ISO/IEC 27555:2021 信息安全、网络安全和隐私保护 个人识别信息删除指南

标准编号：ISO/IEC 27555:2021

中文名称：信息安全、网络安全和隐私保护 个人识别信息删除指南

英文名称：Information security, cybersecurity and privacy protection — Guidelines on personally identifiable information deletion

发布日期：2021-10

标准范围

本文件包含制定和建立组织中删除个人身份信息(PII)的政策和程序的指南，具体说明:-PII缺失的协调术语；-用于以有效方式定义删除规则的方法；-所需文件的说明；-角色、职责和流程的广泛定义。本文档旨在供存储或处理PII的组织使用。本文档不涉及:-国内法规定或合同规定的具体法律规定；-由PII控制器定义的用于处理PII的特定PII集群的特定删除规则；-删除机制；-删除机制的可靠性、安全性和适用性；-用于数据去标识化的特定技术。

This document contains guidelines for developing and establishing policies and procedures for deletion of personally identifiable information (PII) in organizations by specifying:
- a harmonized terminology for PII deletion;
- an approach for defining deletion rules in an efficient way;
- a description of required documentation;
- a broad definition of roles, responsibilities and processes.
This document is intended to be used by organizations where PII is stored or processed.
This document does not address:
- specific legal provision, as given by national law or specified in contracts;
- specific deletion rules for particular clusters of PII that are defined by PII controllers for processing PII;
- deletion mechanisms;
- reliability, security and suitability of deletion mechanisms;
- specific techniques for de-identification of data.

标准预览图