This document provides privacy engineering guidelines that are intended to help organizations integrate recent advances in privacy engineering into system life cycle processes. It describes:
(1) the relationship between privacy engineering and other engineering viewpoints (system engineering, security engineering, risk management); and
(2) privacy engineering activities in key engineering processes such as knowledge management, risk management, requirement analysis, and architecture design.
The intended audience includes engineers and practitioners who are involved in the development, implementation or operation of systems that need privacy consideration, as well as managers in organizations responsible for privacy, development, product management, marketing, and operations.
This document specifies controls which shape the content and the structure of online privacy notices as well as the process of asking for consent to collect and process personally identifiable information (PII) from PII principals.
This document is applicable in any online context where a PII controller or any other entity processing PII informs PII principals of processing.
It is applicable to all types and sizes of organizations, including public companies, private companies, government entities and not-for-profit organizations. This document is relevant to those involved in designing or implementing projects, including the parties operating data processing systems and services that process PII.
ISO/IEC 29100:2011 provides a privacy framework which
- specifies a common privacy terminology;
- defines the actors and their roles in processing personally identifiable information (PII);
- describes privacy safeguarding considerations; and
- provides references to known privacy principles for information technology.
ISO/IEC 29100:2011 is applicable to natural persons and organizations involved in specifying, procuring, architecting, designing, developing, testing, maintaining, administering, and operating information and communication technology systems or services where privacy controls are required for the processing of PII.
This document provides a framework for identifying and mitigating re-identification risks and risks associated with the lifecycle of de-identified data.
This document is applicable to all types and sizes of organizations, including public and private companies, government entities, and not-for-profit organizations, that are PII controllers or PII processors acting on a controller’s behalf, implementing data de-identification processes for privacy enhancing purposes.
This document provides a description of privacy-enhancing data de-identification techniques, to be used to describe and design de-identification measures in accordance with the privacy principles in ISO/IEC 29100.
In particular, this document specifies terminology, a classification of de-identification techniques according to their characteristics, and their applicability for reducing the risk of re-identification.
This document is applicable to all types and sizes of organizations, including public and private companies, government entities, and not-for-profit organizations, that are PII controllers or PII processors acting on a controller's behalf, implementing data de-identification processes for privacy enhancing purposes.
This recommended practice produces best practices for meeting the requirements of IEEE P7004: Standard for Child and Student Data Governance, when designing, provisioning, configuring, operating, and maintaining an online virtual classroom experience for synchronous online learning, education, and training. The recommended practice includes language that can be referenced in requests for proposals (RFPs) for online (also known as virtual) classroom solutions, the operational runbook(s) for such solutions, and the assessment and certification guideline(s) for compliance process of such solutions.
This document specifies an interoperable, open and extensible information structure for recording PII principals' consent to PII processing. This document provides requirements and recommendations on the use of consent receipts and consent records associated with a PII principal's PII processing consent, aiming to support the:
- provision of a record of the consent to the PII principal;
- exchange of consent information between information systems;
- management of the life cycle of the recorded consent.
The document takes a multiple agency as well as a citizen-centric viewpoint. It provides guidance on:
- smart city ecosystem privacy protection;
- how standards can be used at a global level and at an organizational level for the benefit of citizens; and
- processes for smart city ecosystem privacy protection.
This document is applicable to all types and sizes of organizations, including public and private companies, government entities, and not-for-profit organizations that provide services in smart city environments.
