ISO27701A.7.4.5voice-validated
ISO27701 A.7.4.5: A.7.4.5
ISO27701
AL
Founder at SQUR · last verified 2026-06-19
Regulation text
The organisation should either delete PII or render it in a form which does not permit identification or re-identification of PII principals, as soon as the original PII is no longer necessary for the identified purpose(s). De-identification techniques must be evaluated against re-identification risks.
ATT&CK techniques this article tests · 15
| Technique | Why it maps | Confidence |
|---|---|---|
| T1083 | 1. This technique involves discovering files and directories. A.7.4.5 mandates PII deletion or de-identification when no longer necessary. Failure to comply directly enables attackers to discover PII that should have been removed, increasing exposure risk. | 90% |
| T1005 | 1. This technique focuses on collecting data from local systems. A.7.4.5 requires PII to be deleted or de-identified. If PII persists, attackers can collect it, directly violating the control's intent to minimize PII availability. | 90% |
| T1041 | 1. This technique describes exfiltration over C2 channels. A.7.4.5 aims to remove PII when no longer needed. PII that remains due to non-compliance can be exfiltrated, leading to data breaches and regulatory penalties. | 80% |
| T1048 | 1. This technique involves exfiltration over alternative protocols. A.7.4.5 requires PII deletion or de-identification. PII not properly handled can be exfiltrated via various means, undermining privacy safeguards. | 80% |
| T1530 | 1. This technique targets data from cloud storage objects. A.7.4.5 extends to PII in cloud environments. If PII is not deleted or de-identified in cloud storage, it remains vulnerable to unauthorized access and collection. | 85% |
| T1560 | 1. This technique involves archiving collected data. A.7.4.5 mandates PII removal. If PII is not removed, attackers can archive it for later use or exfiltration, prolonging its exposure. | 75% |
| T1567 | 1. This technique describes exfiltration over web services. A.7.4.5 requires PII deletion. PII that persists can be exfiltrated through legitimate-looking web service interactions, bypassing standard data loss prevention. | 80% |
| T1078 | 1. This technique uses valid accounts for access. A.7.4.5 implies that even with valid access, PII should not be present if its purpose is fulfilled. Persistent PII increases the impact of compromised valid accounts. | 70% |
| T1071 | 1. This technique uses application layer protocols for command and control. A.7.4.5 aims to reduce the attack surface by removing PII. Systems retaining PII become more attractive C2 targets for data theft. | 65% |
| T1059 | 1. This technique involves command and scripting interpreters. A.7.4.5 requires PII deletion. Attackers can use scripts to locate and extract PII that should have been removed, demonstrating a failure in data lifecycle management. | 70% |
| T1021 | 1. This technique involves remote services for lateral movement. A.7.4.5 aims to reduce the presence of PII. If PII is not deleted, it can be accessed via remote services on compromised systems, expanding the breach scope. | 70% |
| T1018 | 1. This technique involves remote system discovery. A.7.4.5 requires PII deletion. Attackers discovering systems that still hold PII, which should have been removed, can target them for further compromise. | 75% |
| T1003 | 1. This technique involves OS credential dumping. A.7.4.5 requires PII deletion. If PII is not deleted, compromised credentials can grant access to this sensitive data, increasing the risk of exposure. | 70% |
| T1552 | 1. This technique involves finding unsecured credentials. A.7.4.5 mandates PII deletion. If PII is stored alongside unsecured credentials and not deleted, both become vulnerable, facilitating unauthorized access. | 80% |
| T1555 | 1. This technique involves credentials from password stores. A.7.4.5 requires PII deletion. If PII is accessible via compromised password stores, its persistence directly contributes to data exposure risk. | 75% |
Defending mitigations · 7
| Mitigation | What it does | Confidence |
|---|---|---|
| M1050 | 1. Data Loss Prevention (DLP) systems prevent unauthorized exfiltration of PII. A.7.4.5 requires PII deletion or de-identification; DLP acts as a critical safeguard if PII is not properly removed. | 90% |
| M1056 | 1. Privileged Account Management limits access to sensitive systems and data. A.7.4.5 requires PII deletion; restricting privileged access reduces the risk of PII being improperly retained or accessed. | 85% |
| M1057 | 1. User Account Management ensures appropriate access controls. A.7.4.5 mandates PII deletion; proper user management prevents unauthorized access to PII that should have been removed or de-identified. | 85% |
| M1028 | 1. Operating System Configuration secures the environment where PII resides. A.7.4.5 requires PII deletion; robust OS configuration ensures secure deletion processes and prevents unauthorized PII recovery. | 80% |
| M1032 | 1. Multi-factor Authentication (MFA) strengthens access security. A.7.4.5 requires PII deletion; MFA reduces the risk of unauthorized access to systems containing PII that might not have been fully removed. | 80% |
| M1047 | 1. Auditing and logging detect suspicious activities. A.7.4.5 mandates PII deletion; auditing helps identify attempts to access or re-identify PII that should have been removed, supporting compliance verification. | 85% |
| M1035 | 1. Network Segmentation isolates sensitive systems. A.7.4.5 requires PII deletion; segmentation limits the impact if PII is not fully removed, preventing lateral movement to other PII stores. | 75% |
Underlying weaknesses · 7
| CWE | Why it persists | Confidence |
|---|---|---|
| CWE-200 | 1. This weakness involves exposure of sensitive information. A.7.4.5 directly addresses this by requiring PII deletion or de-identification, preventing unauthorized actors from accessing data that should be removed. | 95% |
| CWE-212 | 1. This weakness describes improper removal of sensitive information. A.7.4.5 explicitly mandates PII deletion or de-identification, directly mitigating the risk of PII persistence when no longer needed. | 90% |
| CWE-359 | 1. This weakness represents exposure of private information. A.7.4.5 aims to prevent privacy violations by ensuring PII is removed or de-identified, reducing the window for unauthorized access. | 90% |
| CWE-532 | 1. This weakness involves sensitive information in log files. A.7.4.5 requires PII deletion; if PII persists in logs after primary deletion, it creates a compliance gap and an exposure risk. | 85% |
| CWE-922 | 1. This weakness concerns insecure storage of sensitive information. A.7.4.5 requires PII deletion; insecure storage practices make it harder to guarantee complete and irreversible removal of PII. | 85% |
| CWE-548 | 1. This weakness involves information exposure through directory listing. A.7.4.5 requires PII deletion; if PII files are not removed and directory listings are enabled, sensitive data becomes easily discoverable. | 80% |
| CWE-668 | 1. This weakness describes exposure of resources to the wrong sphere. A.7.4.5 requires PII deletion; if PII remains accessible in an unintended context, it violates the principle of data minimization and purpose limitation. | 75% |
What SQUR Covers
Web application + API pentesting for OWASP Top 10, business logic flaws, authentication bypass, injection attacks, and other application-layer vulnerabilities. €1,995 per scan, 24-hour turnaround, EU-only data.
What SQUR Does Not Cover
Internal network pentesting, endpoint security testing, physical security assessments, social engineering, or ICT third-party concentration risk reviews. Engage a complementary provider for those scope items.
Provenance
Mapped Q2.2026 using gemini-2.5-flash · €0.0200 compute · voice-rubric self-validated