Hi All,
ISO/IEC recently published ISO/IEC 27556:2022 Information security, cybersecurity, and privacy protection - User-centric privacy preferences management framework.
This document describes a user-centric framework for handling personally identifiable information (PII), based on privacy preferences and privacy preference administration within information and communication technology (ICT) systems. ICT systems that handle PII implement privacy control mechanisms. To ensure these mechanisms are implemented effectively in ICT systems, PII is controlled using privacy preferences that are set (directly or indirectly) by the relevant PII principal, including consent information. When PII is processed based upon authorities other than consent, ICT systems can, where appropriate, incorporate mechanisms to improve transparency and adjust PII processing in accordance with the preferences of the PII principal. PII principals can make informed use of a system only when they understand the scope of its privacy implications, which is improved when the actionable privacy control options align intuitively with PII processing undertaken in the ICT system.
This document can be previewed here:
https://www.iso.org/obp/ui/#iso:std:iso-iec:27556:ed-1:v1:enThis document can be purchased here:
https://www.iso.org/standard/71674.html------------------------------
Michael Roza CPA, CISA, CIA, MBA, Exec MBA
------------------------------