ISO27k-aligned security awareness service
ISO/IEC 27555
Creative security awareness materials

Creative security awareness materials for your ISMS

Copyright © 2018 IsecT Ltd.

ISO/IEC 27555 — Information technology — Security techniques — Establishing a PII deletion concept in organizations [DRAFT]


This standard will lay out a conceptual framework for deletion of PII (Personally Identifiable Information). It will offer guidance on establishing policies that embrace concepts presented by specifying:

  • Standard terminology for PII deletion;
  • An approach for defining efficient deletion/de-identification rules;
  • Required documentation; and
  • Roles, responsibilities and processes.

Scope of the standard

The standard is intended for organizations that store and process PII (“and other personal data”).

It will not address:

  • Specific provisions in laws and contracts;
  • Specific deletion rules for particular types of PII;
  • Deletion mechanisms including those for cloud storage;
  • Security of the deletion mechanisms; nor
  • Specific techniques for de-identification of data.

The standard will enable organizations to meet the increasing demands of privacy/data protection regulation, supporting them in fulfilling the requirements.

Standardizing the approach may facilitate harmonized catalogues of PII deletion rules for industrial sectors, clarifying requirements for IT systems processing personal data.


Content of the standard




The project has just started (June 2018). 


Personal notes

The outline goes beyond merely ‘establishing a concept’: it looks to me as if it will offer fairly specific guidance - which, to this pragmatist, sounds much more useful than ‘establishing a concept’.

When released, “PII” in the title may have to be expanded.


< Previous standard      ^ Up a level ^      Next standard >