ISO – International Organization for Standardization has published the ISO Draft International Standard 27557 which provides guidelines for organizational privacy risk management. The document provides guidance to organizations for integrating risks related to the processing of PII as part of an organizational privacy risk management program. It distinguishes between the impact to an individual that processing PII may cause with consequences for organizations (e.g. reputational damage). It provides guidance for incorporating into the overall organizational risk assessment the organizational consequences of: • adverse privacy impacts on individuals; and, • privacy events that damage the organization (e.g. by harming its reputation) without causing any adverse privacy impacts to individuals.
