ISO standard for protecting personal data

September 2019 News, Cyber Security

We are more connected than ever, bringing with it the joys, and risks, of our digital world. Cybersecurity is a growing concern, with attacks against business almost doubling over the last few years ( www.securitysa.com/*wf18a – redirects to http://reports.weforum.org/global-risks-2018/executive-summary/) and is an increasingly significant threat to global stability.

Unsurprisingly, laws and regulations are rapidly being put in place to reduce these risks and protect our digital privacy. How can organisations keep on top of these requirements and protect themselves at the same time? The world’s first international standard to help organisations manage privacy information and meet regulatory requirements has just been published.

Protecting our digital privacy is a significant business concern. According to IBM the average cost of a data breach is USD 3.6 million, and legal obligations are increasingly stringent ( www.securitysa.com/*ibm1 – redirects to https://www.ibm.com/downloads/cas/ZYKLN2E3).

As we get more connected, governments all over the world are introducing various privacy regulations, such as the European Union’s General Data Protection Regulation (GDPR), which organisations must adhere to. The new ISO standards will help businesses meet such requirements, whatever jurisdiction they work in.

ISO/IEC 27701, Security Techniques – Extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy information management – Requirements and Guidelines, specifies the requirements for establishing, implementing, maintaining and continually improving a privacy-specific information security management system. In other words, a management system for protecting personal data (PIMS).

Formerly referred to as ISO/IEC 27552 during its development, it builds on ISO/IEC 27001, Information Technology – Security Techniques – Information Security Management Systems – Requirements, providing the necessary extra requirements when it comes to privacy.

Dr Andreas Wolf, Chair of the ISO technical committee that developed the standard, said almost every organisation processes personally identifiable information (PII), and protecting it is not only a legal requirement but a societal need.

“ISO/IEC 27701 defines processes and provides guidance for protecting PII on an ongoing, ever evolving basis. Because being a management system, it defines processes for continuous improvement on data protection, particularly important in a world where technology doesn’t stand still.”

ISO/IEC 27701 was developed by Working Group 5 of ISO technical committee ISO/IEC JTC1/SC 27, Information Security, Cybersecurity and Privacy Protection (the secretariat of which is held by DIN, ISO’s member for Germany), which is made up of experts from all over the world from data protection authorities, security agencies, academia and industry.

Matthieu Grall of the Commission Nationale de l’Informatique et des Libertés, the French independent watchdog for the protection of personal data, was an active participant of SC 27 and a contributor to the development of the standard. With increasingly stringent data protection requirements and laws, he said there is a real need for this standard.

“Despite the risks of not complying to these regulations, we know that many organisations are simply not ready and need guidance. With the number of complaints and fines related to privacy and data protection on the rise, the need for this standard is now obvious.

“Moreover, organisations need to bring trust to their authorities, partners, customers and employers. Such a standard will contribute strongly to this trust.”

For more information, go to www.iso.org




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

TAPA: The role of an effective treasury function in business risk management
June 2019, Technews Publishing , News
Neil Le Roux, the Founder of Diligent Advisors will speak at the TAPA SA (Transported Asset Protection Association) annual conference on 26 July 2019.

Read more...
Platforms are us
September 2019, Technews Publishing , News
A conversation I had at the recent Residential Estate Security Conference Hi-Tech Security Solutions hosted in August (which will be reviewed in the October issue) got me to thinking about the security ...

Read more...
TAPA conference 2019 explores layered approach to security
September 2019, Technews Publishing, TAPA (Transported Asset Protection Association) , News, Transport (Industry)
The Transported Asset Protection Association (TAPA) held its annual South African conference at Emperors Palace in Johannesburg on 26 July 2019.

Read more...
Hennie Lategan joins Centurion as head of exports
September 2019, Centurion Systems , News, Access Control & Identity Management
Centurion Systems has announced the appointment of Hennie Lategan as the head of the company’s exports department.

Read more...
New Africa sales manager for Axis Communications
September 2019, Axis Communications SA , News, CCTV, Surveillance & Remote Monitoring
Axis Communications has appointed Brendon Hall, previously the founder and MD of Pentagon, as its new sales manager, Africa.

Read more...
Check Point appoints new regional director for Africa
September 2019 , News, Cyber Security
Check Point Software Technologies has appointed Pankaj Bhula as regional director for Africa.

Read more...
Hikvision helps secure African Union Summit
September 2019, Hikvision South Africa , News, CCTV, Surveillance & Remote Monitoring
Hikvision established a complete intelligent video solution to ensure the security of the thirty-third African Union (AU) Summit held on 7 July in Niamey, the capital of Niger.

Read more...
The hunt for the Carbanak group
September 2019 , Editor's Choice, Cyber Security, News
Tomorrow Unlocked has released a free four-part documentary that tells the story of the notorious Carbanak APT group and its $1 billion bank heist.

Read more...
Rockwell Automation a founding member of ISA Global Cybersecurity Alliance
September 2019 , News, Industrial (Industry)
To better secure today’s complex and often vulnerable production operations, the ISA Global Cybersecurity Alliance recently announced Rockwell Automation as a founding member.

Read more...
Genetec to integrate CylancePROTECT
September 2019, Genetec , Editor's Choice, CCTV, Surveillance & Remote Monitoring, News
Genetec has announced it is partnering with Cylance, a business unit of Blackberry, to bring AI-based antivirus protection to its appliance customers.

Read more...