|
Work item:
|
X.1058 (ex X.gpim)
|
|
Subject/title:
|
Information technology - Security techniques - Code of practice for Personally Identifiable Information protection
|
|
Status:
|
Approved on 2017-03-30 [Issued from previous study period]
|
|
Approval process:
|
TAP
|
|
Type of work item:
|
Recommendation
|
|
Version:
|
New
|
|
Equivalent number:
|
ISO/IEC 29151 (Common)
|
|
Timing:
|
-
|
|
Liaison:
|
ISO/IEC JTC 1/SC 27
|
|
Supporting members:
|
-
|
|
Summary:
|
The number of organizations processing personally identifiable information (PII) is increasing, as is the amount of PII that these organizations deal with. At the same time, societal expectations for the protection of PII and the security of data relating to individuals are also increasing. A number of countries are augmenting their laws to address the increased number of high profile data breaches.
This document establishes control objectives, controls and guidelines for implementing controls, to meet the requirements identified by a risk and impact assessment related to the protection of Personally Identifiable Information (PII). In particular, this document specifies guidelines based on ISO/IEC 27002, taking into consideration the requirements for processing PII which may be applicable within the context of an organization's information security risk environment(s).
|
|
Comment:
|
-
|
|
Reference(s):
|
|
|
Historic references:
|
|
Contact(s):
|
|
| ITU-T A.5 justification(s): |
|
|
|
|
First registration in the WP:
2011-09-27 15:12:10
|
|
Last update:
2017-06-15 11:38:44
|
