ISO – the International Organization for Standardization has already issued a set of guidelines and frameworks that anticipate the European Regulation on privacy.
The main standards already published are:
- ISO / IEC 29100: 2011 Information technology – Security techniques – Policy framework
- ISO / IEC 29101: 2013 Information technology – Security techniques – Privacy architecture
- ISO / IEC 29190: 2015 Information technology – Security techniques – Privacy capability assessment model
- ISO / IEC 27018: 2014 Information technology – Security techniques – Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII
The ISO / IEC 29100:2011 provides a privacy framework which:
- specifies a common privacy terminology;
- defines the actors and their roles in processing personally identifiable information (PII);
- describes privacy safeguarding considerations; and
- provides references to known privacy principles for information technology.
This framework should be used to protect personal information using specific controls to mitigate significant risks from the treatment.
The standard ISO / IEC CD 29134 Privacy impact assessment, is currently under development and it proposes a methodology to conduct an audit on the ‘ impact of privacy’.
ISO / IEC 29100 can be downloaded for free at this link: http://standards.iso.org/ittf/PubliclyAvailableStandards/index.html