Fourteen years after being introduced by a Canadian privacy commissioner, Privacy by Design (PbD) is about to become an international privacy standard for the protection of consumer products and services.<\/p>\n
On Feb. 8, the International Organization for Standardization<\/a> (ISO) will adopt PbD as ISO 31700.<\/p>\n The ISO is a network of 167 national standards bodies. It sets over 24,000 standards,\u00a0 including ISO 27001 for information security management systems, some of which organizations can be certified for compliance with after passing a review by auditing firms like Deloitte, KPMG, and PwC.<\/p>\n Initially, however, ISO 31700 will not be a conformance standard.<\/p>\n \u201cIt\u2019s amazing that ISO is doing this,\u201d said PbD creator Ann Cavoukian, now executive director of the Toronto-based Global Privacy and Security by Design Centre. \u201cIt\u2019s huge.\u201d<\/p>\n \u201cWe think it will be a major milestone in privacy.\u201d<\/p>\n Unveiled in 2009, Privacy by Design<\/a> is a set of principles that calls for privacy to be taken into account throughout an organization\u2019s data management process.<\/p>\n Since then it has been adopted by the International Assembly of Privacy Commissioners and Data Protection Authorities, and incorporated in the European General Data Protection Regulation (GDPR). However, only organizations that hold data of European residents are obliged to follow the GDPR. In 2018, the ISO formed a group to start planning for the inclusion of PbD in its standards.<\/p>\n Adoption by the ISO \u201cgives life to operationalizing the concept of Privacy by Design,\u201d said Cavoukian, \u201chelping organizations figure out how to do it. The standard is designed to be utilized by a whole range of companies \u2014 startups, multinational enterprises, organizations of all sizes. With any product, you can make this standard work because it\u2019s easy to adopt. We\u2019re hoping privacy will be pro-actively embedded in the design of [an organization\u2019s] operations and it will complement data protection laws.\u201d<\/p>\n As a guideline, Privacy by Design applies to IT systems, accountable business practices, and physical design and networked infrastructure.<\/p>\n As originally written, PbD has seven principles, including those stating that privacy should be an organization\u2019s default setting (no action is required by an individual to protect their privacy), it is embedded into the design of IT systems and business practices, and it is part of the entire data lifecycle.<\/p>\n The final ISO 31700 standard is more detailed, with 30 requirements. A draft of the standard shows it will be 32 pages long. It includes general guidance on designing capabilities to enable consumers to enforce their privacy rights, assigning relevant roles and authorities, providing privacy information to consumers, conducting privacy risk assessments, establishing and documenting requirements for privacy controls, how to design privacy controls, lifecycle data management, and preparing for and managing a data breach.<\/p>\n The proposed introduction notes that Privacy by Design refers to several methodologies for product, process, system, software, and service development. The proposed bibliography that comes with the document refers to other standards with more detailed requirements on identifying personal information, access controls, consumer consent, corporate governance, and other topics.<\/p>\n Along with the standard, a separate document will outline possible use cases.<\/p>\n The launch will be marked by a one-hour webinar<\/a> giving an overview of the standard for business managers, company owners, consumer privacy advocates, and technology practitioners.<\/p>\n Cavoukian repeated the argument she has made for years: Privacy can be a competitive advantage for businesses that adopt it. \u201cGet rid of the dated either-or model of privacy and business,\u201d she said. \u201cThis can be a win-win. It\u2019s privacy and business interests. You can do both.\u201d<\/p>\n The post Privacy by Design to become an ISO standard next month<\/a> first appeared on IT World Canada<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":" The standard, to be known as ISO 31700, can mesh with organizations that follow the ISO 2700 standard for IT security<\/p>\n","protected":false},"author":17,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[21,361,16],"tags":[519,391,774,396,775,776,275],"class_list":["post-33858","post","type-post","status-publish","format-standard","hentry","category-emerging-tech","category-privacy","category-security","tag-data-privacy","tag-di","tag-iso","tag-postmedia","tag-privacy-by-design","tag-standards","tag-top-story"],"acf":[],"_links":{"self":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/33858","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/users\/17"}],"replies":[{"embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/comments?post=33858"}],"version-history":[{"count":2,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/33858\/revisions"}],"predecessor-version":[{"id":33965,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/33858\/revisions\/33965"}],"wp:attachment":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/media?parent=33858"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/categories?post=33858"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/tags?post=33858"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}