PRI-05—Personal Data (PD) Retention & Disposal

Weight: 8

>Control Description

Mechanisms exist to: (1) Retain Personal Data (PD), including metadata, for an organization-defined time period to fulfill the purpose(s) identified in the notice or as required by law; (2) Dispose of, destroys, erases, and/or anonymizes the PD, regardless of the method of storage; and (3) Use organization-defined techniques or methods to ensure secure deletion or destruction of PD (including originals, copies and archived records).

>Control Description

>Cross-Framework Mappings

NIST SP 800-53 r5

NIST CSF 2.0

PCI DSS v4.0.1

CIS Controls v8

SOC 2 TSC

EU AI Act

EU AI Act (Detailed)

Saudi Arabia PDPL

SOC 2 TSC (Detailed)

CIS Controls v8.1 (Detailed)

GovRAMP

ISO 27002:2022

ISO 29100

NIST SP 800-161

Data Privacy Management Principles

FBI CJIS

US Data Privacy Framework

FIPPs

GLBA (16 CFR 314)

Oregon CPA

Tennessee IPA

GDPR

Ask AI