Connect with us

Hi, what are you looking for?

Information Privacy

ISO/IEC 27556

ISO/IEC 27556 — Information security, cybersecurity and privacy protection — User-centric framework for the handling of personally identifiable information (PII) based on privacy preferences [Draft]

Introduction

Following the privacy-by-design principle and other requirements of privacy laws and regulations, the standard will outline a “user-centric framework” (an architecture) for handling personal information in a controlled manner.

In the standard, organizations handling personal data are outlined with a mechanism for ensuring compliance with the data subject’s privacy requirements despite sharing and collaborating on data processing.

The scope of the standard

A generic architecture standard will be developed but no specifics about the content and format of privacy preference information will be included.

By designing and implementing the architecture, IT systems can handle personal information and transmit it between organisations, while managing privacy preferences of data subjects (referred to in the standard as PII principals, i.e., the individuals whose information is processed).

In this standard, the privacy framework of ISO/IEC 29100 is expanded upon.

The content

To be determined.

Status

In 2019, a standard development project was launched.

The standard was scheduled for publication in 2022. The project’s due date has been extended to early in 2023 because substantive comments and a new use case will take longer than expected to address.

Currently, it is in the third committee draft stage.

Commentary

To be determined.

Advertisement Advertisement
  • solutions-inc
  • solutions-inc
  • solutions-inc
  • solutions-inc

Latest Post

Advertisement Advertisement
  • solutions-inc
  • solutions-inc
  • solutions-inc
  • solutions-inc

You May Also Like

Compliance

The task to be performed ISO 27001 Clause 10.1 Nonconformity and corrective action, Clause 10 which includes sections 10.1 and 10.2 covers the “Act”...

Compliance

ISO/IEC 27034:2011+ – Information technology – Security techniques – Application security (all published except part 4) Introduction Business and IT managers, developers and auditors,...

Cyber Security

ISO/IEC TS 27110:2021 — Information security, cybersecurity and privacy protection — Cybersecurity framework development instructions Introduction As a Technical Specification, the standard (an architecture...

Compliance

The article discusses Compliance with Legal and Contractual Requirements, Identification of Applicable Legislation and Contractual Requirements and Intellectual Property Rights accordingly controls.A.18.1 Compliance with...