Identity Proofing - PII Disposal Processes, v3.0

Requirements for dispossing of PII.

Assessment Step

Disposing PII (DisposingPII)
Does the CSP define it's practices for fully disposing of PII (and other sensitive data) beyond the retention period? This documentation should be made available to the intended community.
Provide policies and practices indicating conformance.

Conformance Criteria (1)

Disposing PII
The CSP SHALL define the practices in place for fully disposing of or destroying any sensitive data including PII, or its protection from unauthorized access for the duration of retention. Specific details of these practices must be made available to the intended user community.
Section 4.2 P11