360 – Remove unnecessary sensitive information

Summary

The system must remove sensitive and personal information when it is no longer required.

Description

Systems usually request sensitive or personal information from their users or collect it based on their interactions with the application. Regulations demand that none of these collections occur without the users consent, and that it not be stored for more time than strictly necessary. Therefore, the system should delete this information after it is no longer required.

Supported In

Advanced: True

References

• GDPR-5_1e. Principles relating to processing of personal data
• SOC2-P3_1. Additional criteria for privacy (related to collection)
• SOC2-P4_3. Additional criteria for privacy (related to use, retention, and disposal)
• PADSS-1_1. Do not store sensitive authentication data after authorization
• PADSS-1_1_1. Do not store full contents of any track from the magnetic stripe
• PADSS-1_1_2. Do not store the card verification value or code used to verify transactions
• PADSS-1_1_3. Do not store personal identification number (PIN) or the encrypted PIN block
• PADSS-1_1_4. Securely delete any track data, card verification values or codes, and PINs or PIN block data stored by application in accordance with industry-accepted standards
• PADSS-2_1. Provide guidance to customers regarding secure deletion of cardholder data
• PDPA-6_24. Protection of personal data
• PDPA-6_25. Retention of personal data
• POPIA-3A_14. Purpose specification - Retention and restriction of records
• PDPO-5_26. Erasure of personal data no longer required
• PDPO-S1_2. Accuracy and duration of retention of personal data
• CMMC-MA_L2-3_7_3. Equipment sanitization
• CMMC-MP_L1-3_8_3. Media disposal
• HITRUST-09_p. Disposal of media
• HITRUST-13_j. Data minimization
• HITRUST-13_l. Retention and disposal
• HITRUST-13_m. Accuracy and quality
• ISO27002-7_14. Secure disposal or re-use of equipment
• ISO27002-8_10. Information deletion
• LGPD-15_I. Termination of Data Processing
• LGPD-16. Termination of Data Processing
• LGPD-18_IV. Data Subjects Rights
• LGPD-60. Final and Transitional Provisions
• FERPA-D_35_b_2. Conditions of prior consent required to disclose information
• OWASPRISKS-P6. Insufficient deletion of personal data
• OWASPSCP-8. Data protection
• NIST800115-7_4_4. Data destruction
• ASVS-14_2_2. Dependency
• C2M2-1_2_h. Manage IT and OT asset inventory
• PCI-3_2_1. Retain account data only where necessary and deleted when no longer needed
• PCI-3_3_3. Sensitive authentication data (SAD) is not stored after authorization
• PCI-6_5_6. Changes to all system components are managed securely
• SIG-P_5_1. Privacy
• CWE-212. Improper removal of sensitive information before storage or transfer
• CWE-226. Sensitive information in resource not removed before reuse
• CWE-1272. Sensitive information uncleared before debug/power state transition
• ISO27001-7_14. Secure disposal or re-use of equipment
• ISO27001-8_10. Information deletion
• CASA-8_3_8. Sensitive Private Data
• RESOLSB-Art_28_1. Security in Electronic Channels - ATMs

Last updated

2023/09/18