ISO 27701, Clause 7.4 – Privacy by Design and Privacy by Default

ISO 27701 Controls and Clauses Explained

Book a demo

cropped,image,of,professional,businesswoman,working,at,her,office,via

ISO 27701 Clause 7.4.1 – Limit Collection

Purpose of Clause 7.4.1

Organisations should limit their collection of PII based on three factors:

  • Relevance.
  • Proportionality.
  • Necessity.

Guidance on Clause 7.4.1

Organisations should only collect PII – either directly or indirectly – in accordance with the above factors, and only for purposes that are relevant and necessary towards their stated purpose.

As a concept, ‘privacy by default’ should be adhered to – i.e., any optional functions should be disabled by default.

ISO 27701 Clause 7.4.2 – Limit Processing

Purpose of Clause 7.4.2

To accompany ISO 27701 7.4.1, organisations should also only process PII if it is relevant, proportional and necessary to fulfil a stated purpose.

Guidance on Clause 7.4.2

PII processing includes:

  • Disclosure.
  • Storage.
  • Accessibility.

All of the above functions should be carried out to the minimum levels that are required to fulfil an objective.

Organisations should limit the processing of PII in conjunction with published information security processes, policies and procedures (see ISO 27701 Clause 6.2).

Relevant ISO 27701 Clauses

  • ISO 27701 6.2

We’re cost-effective and quick

Discover how that will boost your ROI
Get your quote

ISO 27701 Clause 7.4.3 – Accuracy and Quality

Purpose of Clause 7.4.3

Organisations should take steps to ensure that PII is accurate, complete and up-to-date, throughout its entire lifecycle.

Guidance on Clause 7.4.3

Organisational information security policies and technical configurations should contain steps that seek to minimise errors throughout its PII processing operation, including controls on how to respond to inaccuracies.

ISO 27701 Clause 7.4.4 – PII Minimization Objectives

Purpose of Clause 7.4.4

Organisations need to construct ‘data minimisation’ procedures, including mechanisms such as de-identification.

Guidance on Clause 7.4.4

Data minimisation should be used to ensure that PII collection and processing is limited to the ‘identified purpose’ of each function (see ISO 27701 Clause 7.2.1).

A large part of this process involves documenting the extent to which a PII principals information should be directly attributable towards them, and how minimisation is to be achieved via a variety of available methods.

Organisations should outline the specific techniques use to de-identify PII principals, such as:

  • Randomisation.
  • Noise addition.
  • Generalisation.
  • Attribute removal.

Relevant ISO 27701 Clauses

  • ISO 27701 7.2.1

ISO 27701 Clause 7.4.5 – PII
De-identification and Deletion at the End of Processing

Purpose of Clause 7.4.5

Organisations either need to completely destroy any PII that no longer fulfils a purpose, or modify it in a way that prevents any form of principal identification.

Guidance on Clause 7.4.5

As soon as the organisation established that the PII doesn’t need to be processed at any time in the future, the information should be deleted or de-identified, as the circumstances dictate.

See our platform
in action

Book a tailored hands-on session
based on your needs and goals
Book your demo

Simple. Secure. Sustainable.

See our platform in action with a tailored hands-on session based on your needs and goals.

Book your demo
img

ISO 27701 Clause 7.4.6 – Temporary Files

Purpose of Clause 7.4.6

Temporary files are created for a number of technical reasons, throughout the PII processing and collection lifecycle, across numerous applications, systems and security platforms.

Organisations need to ensure that these files are destroyed within a reasonable amount of time, in accordance with an official retention policy.

Guidance on Clause 7.4.6

A simple way to identify the existence of such files is to perform periodic checks of temporary files across the network. Temporary files often include:

  • Database update files.
  • Cached information.
  • Files created by applications and bespoke software packages.

Organisations should adhere to a so-called garbage collection procedure that deletes temporary files when they’re no longer needed.

ISO 27701 Clause 7.4.7 – Retention

Purpose of Clause 7.4.7

It is vitally important that organisations acknowledge their obligations to delete and/or dispose of PII that is no longer necessary in achieving a stated purpose.

Guidance on Clause 7.4.7

Organisations should draft and adhere to categorical retention schedules that outline the exact period of time that PII principals can expect their data to be stored for.

Retention schedules should be tailored around any legal, statutory or contractual requirements that govern how long PII should be stored for on any given platform.

ISO 27701 Clause 7.4.8 – Disposal

Purpose of Clause 7.4.8

Organisations need to have clear policies and procedures that govern how PII is disposed of.

Guidance on Clause 7.4.8

Data disposal is a wide-ranging topic that features a host of different variables, based on the required disposal technique and the nature of the data that’s being disposed of.

Organisations need to consider:

  • What the PII includes.
  • Any residual metadata that needs to be erased alongside the principal data.
  • The type of storage media the PII is held on.

Discover our platform

Book a tailored hands-on session
based on your needs and goals
Book your demo

We can’t think of any company whose service can hold a candle to ISMS.online.
Vivian Kroner
ISO 27001, 27701 and GDPR lead implementer Aperian Global
100% of our users pass certification first time
Book your demo

ISO 27701 Clause 7.4.9 – PII Transmission Controls

Purpose of Clause 7.4.9

Any PII that is set to be transferred to a third party organisation should be done so with the utmost of care for the information being sent, using secure means.

Guidance on Clause 7.4.9

Organisations need to ensure that only authorised personnel are able to access transmission systems, and are doing so in a way that is easily audited with the sole purpose of getting the information to where it needs to go without incident.

Supporting GDPR Articles

Various elements of ISO 27701 Clause 7.4 are applicable within UK GDPR legislation. Take a look at the below table for the corresponding references.

ISO 27701 Clause IdentifierISO 27701 Clause NameAssociated GDPR Articles
7.4.1Limit CollectionArticle (5)
7.4.2Limit ProcessingArticle (25)
7.4.3Accuracy and QualityArticle (5)
7.4.4PII Minimisation ObjectivesArticle (5)
7.4.5PII De-identification and Deletion at the End of ProcessingArticles (5), (6), (11), (32)
7.4.6Temporary FilesArticle (5)
7.4.7RetentionArticles (13), (14)
7.4.8DisposalArticle (5)
7.4.9PII Transmission ControlsArticle (5)

How ISMS.online Helps

The ISMS.online platform offers integrated assistance at every stage, and our ‘Adopt, Adapt, Add’ implementation approach to ISO 27701, to make the process much easier.

You will also benefit from a variety of time-saving features.

If for any reason you experience a lack of confidence, ability or the drive to take action during your journey to ISO 27701, we can make our team of in-house experts available.

Find out more by booking a demo.

See ISMS.online
in action

Book a tailored hands-on session
based on your needs and goals
Book your demo

Unsure whether to build or buy?

Discover the best way to achieve ISMS success

Get your free guide

Explore ISMS.online's platform with a self-guided tour - Start Now