Standarder for privacy ISO/IEC 29100 Arkitektur for beskyttelse af personfølsomme oplysninger High-level framework for the protection of personally identifiable information (PII) within information and communication technology (ICT) systems. It is general in nature and places organizational, technical, and procedural aspects in an overall privacy framework. The privacy framework is intended to help organizations define their privacy safeguarding requirements related to PII within an ICT environment by: specifying a common privacy terminology; defining the actors and their roles in processing PII; describing privacy safeguarding requirements; and referencing known privacy principles. ISO/IEC 29101 Rammer for arkitektur for beskyttelse af personfølsomme oplysninger High-level architecture framework and associated controls for the safeguarding of privacy in information and communication technology (ICT) systems that store and process personally identifiable information (PII). The privacy architecture framework described: provides a consistent, high-level approach to the implementation of privacy controls for the processing of PII in ICT systems; provides guidance for planning, designing and building ICT system architectures that safeguard the privacy of PII principals by controlling the processing, access and transfer of personally identifiable information; and shows how privacy enhancing technologies (PETs) can be used as privacy controls. Builds on the privacy framework provided by ISO/IEC 29100 to help an organization define its privacy safeguarding requirements as they relate to PII processed by any ICT system. Hvad rør sig bl.a. i ISO og CEN? Education to Ensure Health Information Privacy Privacy capability assessment model Intelligent Transport Systems (ITS) Open-EDI Personally identifiable information (PII) DNA data Personal Identification Number (PIN) PII protection in Public Clouds Human-machine interface Biometric UPnP Device Architecture Privacy enhancing technologies (PETs) Privacy constraints on business transactions Financial services Sharing of OID Pseudonymization RFID Health Informatics Mobile devices Electronic Registration Identification (ERI) Privacy Impact Assessment (PIA) (Smart) Card Systems Code of practice for PII protection Learning, education and training (LET) Electronic Fee Collection (EFC) Automated Border Control WD 29151 Code of practice for PII protection Extends the objectives, controls and guidance in ISO/IEC 27002 to treat security and privacy risks related to Personally Identifiable Information (PII). Provides a guidance to those protecting PII where this needs to be aligned with data protection regulations, both at a national level and across a wide variety of geographies and jurisdictions. ISO/IEC 27001 can be used as basic management process/requirements for privacy/personal information management system for an organization that are responsible for the protection of PII. WD 29134 Privacy impact assessment — Methodology Guidelines for the conduct of PIAs by organizations that are establishing or operating programmes, systems or processes that involve the processing of personally identifiable information (PII), or that are making significant changes to existing programmes, systems or processes that involve the processing of PII. Relevant to managers and staffs responsible for or concerned with the life cycle of programmes, systems or processes that involve the processing of PII and, where appropriate, external parties supporting such activities. To be used when the impact to a PII principal needs consideration for processes, systems or programmes, where: The responsibility for the implementation and/or delivery of the process, system or programme is shared with other organizations and there is a need to ensure that each organization properly addresses the identified risks; a single organization is performing privacy risk management as part of its overall risk management effort in preparation for implementation or improvement of its ISMS (established in accordance with ISO 27001) or equivalent system; or a single organization is performing privacy risk management as a dedicated task for privacy impact only; or a legislator runs another programme, in which the final PII controller organization is not known yet, with the result that the treatment plan will be without an obligation yet and the controls proposed should become subject to a resulting legislative or other regulatory framework instead. Tak Niels Madelung, Dansk Standard [email protected] – 4121 8304
© Copyright 2024 ExpyDoc
