Skip to main content

2.4.16 Device Ownership Transfer

This section's intended audience is for those personnel who are responsible for Data Protection and Device Ownership management.

Req NoRequirementCompliance Class And ApplicabilityPrimary KeywordSecondary Keyword
2.4.16.1Where a device may have its ownership transferred to a different owner, the supplier or manufacturer of any devices and/or services shall provide information about how the device(s) removal and/or disposal or replacement shall be carried out to maintain the end user’s privacy and security, including deletion of all Personal Information from the device and any associated services. This option must be available when a transfer of ownership occurs or when an end user wishes to delete their Personal Information from the service or device.Mandatory for Class 1 and aboveBusinessProcess
2.4.16.2Where a device User wishes to dispose of the device or end the service, the supplier or manufacturer of any devices and/or services shall provide information about how the device(s) removal and/or disposal or replacement shall be carried out to maintain the end user’s privacy and security, including secure erasure of all Personal Information from the device and deletion of personal information from any associated services (other than that required for legitimate reasons such as billing). A clear confirmation is provided to the user. Examples of a user include a renter of accommodation, a vehicle or medical aids.Mandatory for Class 1 and aboveBusinessProcess
2.4.16.3The Service Provider should not have the ability to do a reverse lookup of device ownership from the device identity.Mandatory for Class 1 and aboveBusinessProcess
2.4.16.4If ownership change is required/allowed, the device must have an irrevocable method of decommissioning and recommissioning.Mandatory for Class 1 and aboveSystemSoftware
2.4.16.5The device registration with the Service Provider shall use a secure connection.Mandatory for Class 1 and aboveBusinessProcess
2.4.16.6The device manufacturer ensures that the exposed identity of the device cannot be linked by unauthorised actors to the end user, to ensure anonymity and comply with relevant local data privacy laws e.g. GDPR [ref 14]1 in the EU.Mandatory for Class 1 and aboveBusinessPolicy
2.4.16.7Where transfer of a device to a new end user is supported, user settings and confidential user data on the device should be reliably erasable by triggering a user reset function. This is so the new user can be confident in the device state and also so the previous user can be confident their data has been unrecoverably erased to maintain confidentiality (see alongside 2.4.12.13 and 2.4.12.11).Mandatory for Class 1 and aboveBusinessPolicy

Footnotes

  1. Overview of the General Data Protection Regulations (GDPR), ICO: [https://ico.org.uk/for-organisations/data-protection-reform/overview-of-the-gdpr]