Public consultation process launched for new international privacy information management standard

Infrastructure
18.01.2019 11:17 am

The public consultation process for the draft international privacy information management standard, ISO/IEC 27552, is now open until 25 February 2019.

BSI, as the UK’s National Standards Body, is seeking to consult with interested parties from the tech industry, data protection practitioners, information security specialists and individuals. Experts can register their comments online at: https://standardsdevelopment.bsigroup.com/projects/2016-03384?_ga=2.176888802.655974847.1547469065-1085050989.1522317317

Digitalization, globalization and the personalization of services to the public have led to greater collection and processing of personal information. Therefore, the need for guidance on how organizations should manage and process data to reduce the risk to personal information is also growing globally. This is particularly important now as many countries already have, or are in the process of enacting, data protection and privacy legislation.

The aim of ISO/IEC 27552 Security techniques – Extensions to ISO/IEC 27001 and ISO/IEC 27002 for privacy information management – Requirements and Guidelines is to help organizations establish, implement, maintain and continually improve a Privacy Information Management System (PIMS). This new international standard for privacy information management will help organizations by providing:
• best practice guidance
• transparency between PII controllers
• an effective way to manage PII processes
• reassurance to customers that PII is effectively managed

This standard is a privacy extension to ISO/IEC 27001 Information Security Management System and ISO/IEC 27002 Security Controls, and intends to provide guidance on the protection of privacy, including how organizations should manage personal information. It also aims to assist in demonstrating compliance with privacy regulations around the world.

Anne Hayes, Head of Governance and Resilience at BSI, said: “Given the dynamic environment in which we operate, the need for guidance on how organizations should manage and process data to reduce the risk to personal data is becoming more important. This is why we are encouraging everyone to engage and share their feedback on this draft privacy information management standard.”