Organisations should limit their collection of PII based on three factors:
Organisations should only collect PII – either directly or indirectly – in accordance with the above factors, and only for purposes that are relevant and necessary towards their stated purpose.
As a concept, ‘privacy by default’ should be adhered to – i.e., any optional functions should be disabled by default.
To accompany ISO 27701 7.4.1, organisations should also only process PII if it is relevant, proportional and necessary to fulfil a stated purpose.
PII processing includes:
All of the above functions should be carried out to the minimum levels that are required to fulfil an objective.
Organisations should limit the processing of PII in conjunction with published information security processes, policies and procedures (see ISO 27701 Clause 6.2).
Organisations should take steps to ensure that PII is accurate, complete and up-to-date, throughout its entire lifecycle.
Organisational information security policies and technical configurations should contain steps that seek to minimise errors throughout its PII processing operation, including controls on how to respond to inaccuracies.
Organisations need to construct ‘data minimisation’ procedures, including mechanisms such as de-identification.
Data minimisation should be used to ensure that PII collection and processing is limited to the ‘identified purpose’ of each function (see ISO 27701 Clause 7.2.1).
A large part of this process involves documenting the extent to which a PII principals information should be directly attributable towards them, and how minimisation is to be achieved via a variety of available methods.
Organisations should outline the specific techniques use to de-identify PII principals, such as:
Organisations either need to completely destroy any PII that no longer fulfils a purpose, or modify it in a way that prevents any form of principal identification.
As soon as the organisation established that the PII doesn’t need to be processed at any time in the future, the information should be deleted or de-identified, as the circumstances dictate.
Book a tailored hands-on session
based on your needs and goals
Book your demo
Temporary files are created for a number of technical reasons, throughout the PII processing and collection lifecycle, across numerous applications, systems and security platforms.
Organisations need to ensure that these files are destroyed within a reasonable amount of time, in accordance with an official retention policy.
A simple way to identify the existence of such files is to perform periodic checks of temporary files across the network. Temporary files often include:
Organisations should adhere to a so-called garbage collection procedure that deletes temporary files when they’re no longer needed.
It is vitally important that organisations acknowledge their obligations to delete and/or dispose of PII that is no longer necessary in achieving a stated purpose.
Organisations should draft and adhere to categorical retention schedules that outline the exact period of time that PII principals can expect their data to be stored for.
Retention schedules should be tailored around any legal, statutory or contractual requirements that govern how long PII should be stored for on any given platform.
Organisations need to have clear policies and procedures that govern how PII is disposed of.
Data disposal is a wide-ranging topic that features a host of different variables, based on the required disposal technique and the nature of the data that’s being disposed of.
Organisations need to consider:
We can’t think of any company whose service can hold a candle to ISMS.online.
Any PII that is set to be transferred to a third party organisation should be done so with the utmost of care for the information being sent, using secure means.
Organisations need to ensure that only authorised personnel are able to access transmission systems, and are doing so in a way that is easily audited with the sole purpose of getting the information to where it needs to go without incident.
Various elements of ISO 27701 Clause 7.4 are applicable within UK GDPR legislation. Take a look at the below table for the corresponding references.
ISO 27701 Clause Identifier | ISO 27701 Clause Name | Associated GDPR Articles |
---|---|---|
7.4.1 | Limit Collection | Article (5) |
7.4.2 | Limit Processing | Article (25) |
7.4.3 | Accuracy and Quality | Article (5) |
7.4.4 | PII Minimisation Objectives | Article (5) |
7.4.5 | PII De-identification and Deletion at the End of Processing | Articles (5), (6), (11), (32) |
7.4.6 | Temporary Files | Article (5) |
7.4.7 | Retention | Articles (13), (14) |
7.4.8 | Disposal | Article (5) |
7.4.9 | PII Transmission Controls | Article (5) |
The ISMS.online platform offers integrated assistance at every stage, and our ‘Adopt, Adapt, Add’ implementation approach to ISO 27701, to make the process much easier.
You will also benefit from a variety of time-saving features.
If for any reason you experience a lack of confidence, ability or the drive to take action during your journey to ISO 27701, we can make our team of in-house experts available.
Find out more by booking a demo.
Book a tailored hands-on session
based on your needs and goals
Book your demo