ISO/IEC TR 27550 — Information technology — Security techniques — Privacy engineering [draft]
‘Privacy engineering’ involves taking account of privacy during the entire lifecycle of IT systems, such that privacy is an integral part of their function.
Scope of the standard
This is an IT security standard, concerning privacy (personal data protection) in the specific context of IT systems.
Content of the standard
The standard will:
- Discuss how privacy engineering supports system and security engineering, information risk management, knowledge management etc.
- Elaborate on conceptual principles such as privacy-by-design and privacy-by-default;
- Explain how systems can be engineered to support and satisfy the OECD privacy principles.
Currently in draft. Unlikely to surface before 2019. Due to be published as a Technical Report.
The procedures for operating, using, monitoring, managing and maintaining IT systems and their privacy controls are just as important as the technical controls themselves, and also benefit from being systematically designed: I hope this standard will not be totally focused on the technology itself