Which of the following best describes why ISO/IEC 27552 addresses expired user IDs?

The primary focus of ISO/IEC 27552 is to provide a framework for the management of potentially sensitive information, particularly concerning the protection of Personally Identifiable Information (PII). Addressing expired user IDs is critical in this context because outdated credentials can lead to unauthorized access, thereby compromising access controls. Ensuring that user accounts are promptly deactivated when no longer in use helps safeguard PII from being accessed by unauthorized individuals, thereby upholding data protection standards.

This proactive measure reduces the risk of breaches that might exploit residual access rights associated with expired accounts. While the other options mention aspects such as enhancing user experience or managing data storage costs, these are not directly related to the crucial security concerns that ISO/IEC 27552 aims to mitigate through proper management of user access controls.