On Feb. 8, the International Organization for Standardization (ISO) will adopt PbD as ISO 31700. The ISO is a network of 167 national standards bodies. It sets over 24,000 standards, including ISO 27001 for information security management systems, some of which organizations can be certified for compliance with after passing a review by auditing firms. The ISO 31700 has 30 requirements. A draft of the standard shows it will be 32 pages long. It includes general guidance on designing capabilities to enable consumers to enforce their privacy rights, assigning relevant roles and authorities, providing privacy information to consumers, conducting privacy risk assessments, establishing and documenting requirements for privacy controls, how to design privacy controls, lifecycle data management, and preparing for and managing a data breach. The proposed introduction notes that Privacy by Design refers to several methodologies for product, process, system, software, and service development. The proposed bibliography that comes with the document refers to other standards with more detailed requirements on identifying personal information, access controls, consumer consent, corporate governance, and other topics. Continue reading on IT World Canada here.
