- December 25, 2015
- Posted by: isoqaruser
PRIVACY is the buzz word today.
The Constitution of India does not specifically guarantee a “right to privacy”. However, through various judgments over the years, Indian courts have interpreted the other rights in the Constitution as giving rise to a (limited) right to privacy primarily through Article 21, the right to life and liberty.
India’s Supreme Court Upholds Right to Privacy as a Fundamental Right—and It’s About Time
ISO/IEC 29100:2011 is applicable to natural persons and organizations involved in specifying, procuring, architecting, designing, developing, testing, maintaining, administering, and operating information and communication technology systems or services where privacy controls are required for the processing of PII.
CRITICAL COMPONENTS OF 29001 UNDER REVIEW
- Reviewing privacy safeguarding requirements
- Reviewing legal and regulatory requirements and framework
- Reviewing privacy based control identification and design based on RA output
- Pseudonymization / Meta data/ Collection limitation / data minimization controls etc.
- System design based on 11 Privacy principle including information security and privacy compliance.
- Roles and responsibilities
- Competency assessment process
- Awareness process
- Internal audit and review process
- Privacy breach and management process.
- Corrective action system review
WHAT ARE THE BENEFITS OF HAVING A PRIVACY FRAMEWORK?
Implementing and maintaining a Privacy Framework based on the ISO/IEC 29100 standard has crucial benefits for every organization and individual dealing with personally identifiable information, such as:
- It serves as a basis for preferred additional privacy standardization initiatives such as a technical reference architecture, the use of specific privacy technologies, and overall privacy management, assurance of privacy compliance for outsourced data processes, privacy impact assessments and engineering terms.
- It defines privacy safeguarding requirements as they relate to all personally identifiable information and communication systems.
- It is applicable on a wide scale and sets a common privacy terminology, defines privacy principles when processing PII, classifies privacy features and relates all described privacy aspects to existing security guidelines.
- It is closely linked to existing security standards that have been widely implemented into practice.
- It places organizational, technical, procedural and regulatory aspects in perspective and addresses system-specific matters on a high-level.
- It provides guidance relating information and communication system requirements for processing personally identifiable information to contribute to the privacy of people on an international level.
WHY SHOULD YOU USE ISO/IEC 29100?
The ISO/IEC 29100 Privacy Framework serves as a base for other relevant standards that are internationally applicable and general in nature.
Privacy Framework will contribute to improvements in privacy, assistance in maintaining good governance, reducing overhead costs related to security, and serve as a good marketing strategy to promote your credibility with internationally known ISO standards.
It’s easy to integrate with other management standards – ISO 27001/ HIPAA/ PCI DSS/ SOC etc.
It’s rightly said, “BETTER LATE THAN NEVER”. Let’s safeguard privacy.