ISO standard for protecting personal data

September 2019 News, Cyber Security

We are more connected than ever, bringing with it the joys, and risks, of our digital world. Cybersecurity is a growing concern, with attacks against business almost doubling over the last few years ( www.securitysa.com/*wf18a – redirects to http://reports.weforum.org/global-risks-2018/executive-summary/) and is an increasingly significant threat to global stability.

Unsurprisingly, laws and regulations are rapidly being put in place to reduce these risks and protect our digital privacy. How can organisations keep on top of these requirements and protect themselves at the same time? The world’s first international standard to help organisations manage privacy information and meet regulatory requirements has just been published.

Protecting our digital privacy is a significant business concern. According to IBM the average cost of a data breach is USD 3.6 million, and legal obligations are increasingly stringent ( www.securitysa.com/*ibm1 – redirects to https://www.ibm.com/downloads/cas/ZYKLN2E3).

As we get more connected, governments all over the world are introducing various privacy regulations, such as the European Union’s General Data Protection Regulation (GDPR), which organisations must adhere to. The new ISO standards will help businesses meet such requirements, whatever jurisdiction they work in.

ISO/IEC 27701, Security Techniques – Extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy information management – Requirements and Guidelines, specifies the requirements for establishing, implementing, maintaining and continually improving a privacy-specific information security management system. In other words, a management system for protecting personal data (PIMS).

Formerly referred to as ISO/IEC 27552 during its development, it builds on ISO/IEC 27001, Information Technology – Security Techniques – Information Security Management Systems – Requirements, providing the necessary extra requirements when it comes to privacy.

Dr Andreas Wolf, Chair of the ISO technical committee that developed the standard, said almost every organisation processes personally identifiable information (PII), and protecting it is not only a legal requirement but a societal need.

“ISO/IEC 27701 defines processes and provides guidance for protecting PII on an ongoing, ever evolving basis. Because being a management system, it defines processes for continuous improvement on data protection, particularly important in a world where technology doesn’t stand still.”

ISO/IEC 27701 was developed by Working Group 5 of ISO technical committee ISO/IEC JTC1/SC 27, Information Security, Cybersecurity and Privacy Protection (the secretariat of which is held by DIN, ISO’s member for Germany), which is made up of experts from all over the world from data protection authorities, security agencies, academia and industry.

Matthieu Grall of the Commission Nationale de l’Informatique et des Libertés, the French independent watchdog for the protection of personal data, was an active participant of SC 27 and a contributor to the development of the standard. With increasingly stringent data protection requirements and laws, he said there is a real need for this standard.

“Despite the risks of not complying to these regulations, we know that many organisations are simply not ready and need guidance. With the number of complaints and fines related to privacy and data protection on the rise, the need for this standard is now obvious.

“Moreover, organisations need to bring trust to their authorities, partners, customers and employers. Such a standard will contribute strongly to this trust.”

For more information, go to www.iso.org





Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Johnny Aucamp joins iPulse exco
News
Johnny Aucamp has joined iPulse Systems as its chief sales officer (CSO), adding a massive boost to the executive team.

Read more...
From the editor's desk: Security and resilience
Technews Publishing News
It’s often said that South Africans are a resilient bunch, and history has proven this correct. When it comes to security, both cyber and physical, resilience is key to an effective defensive plan. ...

Read more...
Hikvision aims for solutions
Technews Publishing Hikvision South Africa Editor's Choice CCTV, Surveillance & Remote Monitoring News Integrated Solutions Conferences & Events
Hikvision recently held a roadshow titled Industry X, where the company highlighted its latest products and solutions, supported by partners and distributors.

Read more...
Olarm launches PRO 4G communicator
Olarm News Perimeter Security, Alarms & Intruder Detection Products
Olarm has announced an additional 4G/LTE version of its Olarm PRO smart communicator. It is aimed at areas suffering from poor connectivity by providing support for 4G, 2G and Wi-Fi networks.

Read more...
ADI Expo returns to South Africa
Technews Publishing ADI Global Distribution News
September saw the return of the ADI Expo to South Africa. The Johannesburg event was held at the Focus Rooms and the Durban event, two days later, at the Southern Sun Elangeni & Maharani.

Read more...
Technoswitch Awards dinner for 2022
Technews Publishing News Fire & Safety
Technoswitch hosted its fifth awards dinner at Montecasino in September, where customers and suppliers celebrated a year of success.

Read more...
Suprema joins FiRa Consortium
Suprema News Access Control & Identity Management
Suprema recently became a member of the FiRa Consortium, a consultative body that establishes standards for ultra-wideband (UWB) technology, the next generation of wireless communication.

Read more...
Reliable, low-maintenance video appliances
Technews Publishing Editor's Choice CCTV, Surveillance & Remote Monitoring News IT infrastructure Products
Symetrix, part of the Agera Group, has added the AES range of video recording servers, storage appliances and workstations to its portfolio.

Read more...
ZYTEQ Fire Engineering Summit 2022
ZYTEQ Fire Fire & Safety News
Cape Town-based ZYTEQ Fire hosted its inaugural Engineering Summit at the Commodore Hotel in Cape Town and the Leonardo Hotel in Sandton, Johannesburg.

Read more...
The challenge of data safety and availability
Technews Publishing Editor's Choice Cyber Security
Veeam offers backup and recovery software that presents the user with one interface to manage backups to and from almost any platform.

Read more...