Information Deletion

Information Deletion

One of the most well-known information deletion stories is related to a motion picture.

The ISO 27001 standard requirement regarding information deletion is as follows: „Information stored in information systems, devices or in any other storage media shall be deleted when no longer required.” (A8.10)

This control has two key terms:

  • „deleted” means making content inaccessible, but this simple action has several aspects to consider:
    • is deletion needed or removal of access rights suits the objective better
    • when is erasure enough and when wiping is needed
    • where does that data reside (for example if GDPR requires deletion of the data, then it requires deletion of all its instances, including backups)
  • „when no longer required” means at that given time, because both deviations can be painful:
    • early deletion may stem from the fact that there is no adequate (recovery-tested) backup
    • late erasure may cause problems with data that shouldn’t exist at all already (e. g. customer data that should have been erased gets stolen and published).
02/05/2024
«
»
DACHS
Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.