This document provides a framework for identifying and mitigating re-identification risks and risks associated with the lifecycle of de-identified data.This document is applicable to all types and sizes of organizations, including public and private companies, government entities, and not-for-profit organizations, that are PII controllers or PII processors acting on a controller’s behalf, implementing data de-identification processes for privacy enhancing purposes.
ISO/IEC 29100:2011 provides a privacy framework which- specifies a common privacy terminology;- defines the actors and their roles in processing personally identifiable information (PII);- describes privacy safeguarding considerations; and- provides references to known privacy principles for information technology.ISO/IEC 29100:2011 is applicable to natural persons and organizations involved in specifying, procuring, architecting, designing, developing, testing, maintaining, administering, and operating information and communication technology systems or services where privacy controls are required for the processing of PII.
This document gives guidelines for:- a process on privacy impact assessments, and- a structure and content of a PIA report.It is applicable to all types and sizes of organizations, including public companies, private companies, government entities and not-for-profit organizations. This document is relevant to those involved in designing or implementing projects, including the parties operating data processing systems and services that process PII.
This document specifies controls which shape the content and the structure of online privacy notices as well as the process of asking for consent to collect and process personally identifiable information (PII) from PII principals.This document is applicable in any online context where a PII controller or any other entity processing PII informs PII principals of processing.
This standard defines a decentralized identity and access management (IAM) framework for the Internet of Things (IoT) based on the emerging concepts such as decentralized identifiers (DIDs) and verifiable credentials (VCs). The framework addresses the integration of DIDs and VCs into the lifecycle of IoT devices as well as the decentralized IoT security services such as device authentication, data authorization and access control.
This document specifies an interoperable, open and extensible information structure for recording PII principals' consent to PII processing. This document provides requirements and recommendations on the use of consent receipts and consent records associated with a PII principal's PII processing consent, aiming to support the:- provision of a record of the consent to the PII principal;- exchange of consent information between information systems;- management of the life cycle of the recorded consent.
The document takes a multiple agency as well as a citizen-centric viewpoint. It provides guidance on:- smart city ecosystem privacy protection;- how standards can be used at a global level and at an organizational level for the benefit of citizens; and- processes for smart city ecosystem privacy protection. This document is applicable to all types and sizes of organizations, including public and private companies, government entities, and not-for-profit organizations that provide services in smart city environments.
This document provides illustrative use cases, with associated analysis, chosen to assist in understanding the requirements of 31700-1. The intended audience includes engineers and practitioners who are involved in the development, implementation or operation of digitally enabled consumer goods and services.
The requirements for a systems/software engineering process for privacy-oriented considerations regarding products, services, and systems utilizing employee, customer, or other external user's personal data are defined by this standard. Organizations and projects that are developing and deploying products, systems, processes, and applications that involve personal information are candidate users of the IEEE 7002 standard. Specific procedures, diagrams, and checklists are provided for users of the IEEE 7002 standard to perform conformity assessments on their specific privacy practices. Privacy impact assessments (PIAs) are described as a tool for both identifying where privacy controls and measures are needed and for confirming they are in place.
ISO 10303-21:2016 specifies an exchange format that allows product data described in the EXPRESS language to be transferred from one computer system to another. ISO 10303-21:2016 adds anchor, reference and signature sections to support external references, support for compressed exchange structures in an archive, digital signatures and UTF-8 character encoding.