Build a privacy information security umbrella and build a privacy information security firewall
In the era of the Internet and big data, the development of many businesses is inseparable from the processing of personal privacy information, and the issue of privacy protection has become a major focus of attention in the current society. On August 20, 2021, the 30th meeting of the Standing Committee of the Thirteenth National People's Congress voted to pass the "Personal Information Protection Law of the People's Republic of China", which will be officially implemented on November 1, 2021.
This means that the protection of personally identifiable information (PII) is not only a social consensus, it has become a legal requirement, and organizations face multiple responsibilities from customers, end users, investors and government regulation. How organizations should manage personally identifiable information (PII) or personal data, and how to ensure privacy compliance, have become new issues and challenges for organizations to address.
ISO/IEC 27701 is an international management system standard developed based on this requirement. It is an extension of ISO 27001 (Information Security Management System) and ISO 27002 (Guidelines for Information Security Control Practices) in privacy information management. Provide guidance to organizations on protecting personal privacy information. With the release of the EU’s GDPR and more similar privacy data protection laws and regulations, the need for compliance with privacy requirements is increasing globally. Almost every organization handles personally identifiable information (PII). In addition, the amount and type of PII handled is also increasing, and the number of organizations working together to handle PII is also increasing. Privacy protection in the context of PII processing is a societal need and a major topic of special laws and regulations around the world.
The ISO 27701 privacy information management system enables organizations to continuously improve their data protection practices. It is also a further deepening of the information security management system in terms of personal information protection. Operational and compliance risks.
On August 6, 2019, the International Organization for Standardization ISO and the International Electrotechnical Commission IEC officially released the ISO/IEC 27701 privacy information management system standard. This marks that information security, privacy and personal information protection have reached a consistent standard in the compliance display of international laws and regulations.
ISO/IEC 27701, as an extension of ISO/IEC 27001 and ISO/IEC 27002 in management, aims to enhance the existing information security management system with new requirements in order to establish, implement, maintain and continuously improve the privacy information management system , the standard outlines a framework for personally identifiable information (PII) controllers and PIl processors for privacy control management to reduce various risks to personal privacy.
ISO/IEC 27701 applies to organizations of all types and sizes, including public and private companies, government entities, and not-for-profit organizations. By implementing the ISO/IEC 27701 standard, organizations can bring stronger trust to their regulators, partners, customers and employees, etc., and win more opportunities for the organization.
○ "ISO/IEC 27701 Security Technology ISO/IEC27001 and ISO/IEC27002 Extended Requirements and Guidelines for Privacy Information Management"
○ "ISO/IEC 27001 Information Technology Security Technology Information Security Management System Requirements"
○ "ISO/IEC 27002 Information Technology Security Technical Information Security Control Practice Guidelines"
○ "ISO/IEC 27000 Information Technology Security Technology Information Security Management System General Principles and Vocabulary"
○ "ISO/IEC 29100 Information Technology Security Technology Privacy Framework"
○ "GB/T 35273 Information Security Technology Personal Information Security Specification"
○ Clarify the privacy protection requirements for PII controllers and processors, and assist organizations in identifying and analyzing privacy risks;
○ Clarify the privacy protection management compliance objectives, reduce the organization's compliance burden and reduce the organization's compliance risks;
○ Ensuring the interests of the organization’s senior management, organization owners, and key stakeholders to meet privacy protection requirements;
○ Communicate the value of privacy compliance to the organization's customers or partners, so that the organization can achieve long-term and lasting personal privacy security compliance development;
○ Based on the unified framework of international standards, the cost of compliance communication can be reduced and the credibility of the organization can be communicated to the public;
○ Enables the organization to convey a stronger sense of trust to its governing organizations, partners, customers and employees, and to gain a large number of opportunities.
Tel:+86-400 821 5138
Fax:+86-21 3327 5843
Email:noa@noagroup.com