1 Scope
This document contains guidelines for developing and establishing policies and procedures
for deletion of personally identifiable information (PII) in organizations by specifying:
-
— a harmonized terminology for PIIdeletion;
-
— an approach for defining deletion rules in an efficient way;
-
— a description of required documentation;
-
— a broad definition of roles, responsibilities and processes.
This document is intended to be used by organizations where PII is stored or processed.
This document does not address:
-
— specific legal provision, as given by national law or specified in contracts;
-
— specific deletion rules for particular clusters of PII that are defined by PII controllers for processing PII;
-
— deletion mechanisms;
-
— reliability, security and suitability of deletion mechanisms;
-
— specific techniques for de-identification of data.