Connect with us

Hi, what are you looking for?

Information Privacy

ISO/IEC 27559

ISO/IEC 27559 — Privacy-enhancing data de-identification framework [Draft]

Introduction

The standard outlines a non-prescriptive framework that can be used to identify and mitigate risks associated with re-identification of de-identified data as well as other risks associated with the lifecycle of de-identified data. This standard can help organizations de-identify (anonymize) data, build trust with data subjects, and meet compliance requirements.

The scope of the standard

The risks of re-identification are on the rise as data analytics increasingly rely on sharing and combining data sets that contain supposedly de-identified (anonymized) data. In this standard, guidance is provided for recognizing and mitigating risks.

The content

The main sections include:

– Context assessment: identifying the main concerns and consequently the main requirements.
– Data assessment: understanding the data as well as possible attackers’ attempts (to acquire data that exposes the privacy of individuals).
– Identifiability assessment: finding out what personal information can be gathered from available, accumulated data that has not been appropriately anonymized (individually or collectively).
– Governance: assigning roles and responsibilities to people involved in maintaining privacy, handling incidents, etc.

Status

The project began in 2019.

Currently, it is at the 1st Committee Draft stage.

Commentary

With people’s personal data increasingly being acquired and shared within and between organizations, this standard can play a valuable role in setting the ground rules for how to do so without unnecessarily compromising their privacy. Consequently, it increases the trust between the providers and purchasers of information and facilitates the process.

 

 

 

Advertisement Advertisement
  • solutions-inc
  • solutions-inc
  • solutions-inc
  • solutions-inc

Latest Post

Advertisement Advertisement
  • solutions-inc
  • solutions-inc
  • solutions-inc
  • solutions-inc

You May Also Like

Compliance

ISO/IEC 27034:2011+ – Information technology – Security techniques – Application security (all published except part 4) Introduction Business and IT managers, developers and auditors,...

Compliance

The task to be performed ISO 27001 Clause 10.1 Nonconformity and corrective action, Clause 10 which includes sections 10.1 and 10.2 covers the “Act”...

Cyber Security

ISO/IEC TS 27110:2021 — Information security, cybersecurity and privacy protection — Cybersecurity framework development instructions Introduction As a Technical Specification, the standard (an architecture...

Compliance

The article discusses Compliance with Legal and Contractual Requirements, Identification of Applicable Legislation and Contractual Requirements and Intellectual Property Rights accordingly controls.A.18.1 Compliance with...