- Security TWENTY
- Women in Security
A public consultation process for the draft international privacy information management standard, ISO/IEC 27552, is now open until Monday, February 25.
British Standards (BSI) is seeking to consult with interested parties from the tech industry, data protection practitioners, information security specialists and individuals. Experts can register their comments online.
Digitalisation, globalisation and the personalisation of services to the public have led to greater collection and processing of personal information, says BSI. Therefore, the need for guidance on how organisations should manage and process data to reduce the risk to personal information is also growing globally. This is particularly important now as many countries already have, or are in the process of enacting, data protection and privacy legislation.
The aim of ISO/IEC 27552 Security techniques – Extensions to ISO/IEC 27001 and ISO/IEC 27002 for privacy information management – Requirements and Guidelines is to help organisations establish, implement, maintain and continually improve a Privacy Information Management System (PIMS). This new international standard for privacy information management will help organisations by providing:
• best practice guidance
• transparency between PII controllers
• an effective way to manage PII processes
• reassurance to customers that PII is effectively managed
This standard is a privacy extension to ISO/IEC 27001 Information Security Management System and ISO/IEC 27002 Security Controls, and intends to provide guidance on the protection of privacy, including how organisations should manage personal information. It also aims to assist in demonstrating compliance with privacy regulations around the world.
Anne Hayes, Head of Governance and Resilience at BSI, said: “Given the dynamic environment in which we operate, the need for guidance on how organisations should manage and process data to reduce the risk to personal data is becoming more important. This is why we are encouraging everyone to engage and share their feedback on this draft privacy information management standard.”