< Previous standard      ^ Up a level ^      Next standard >

ISO/IEC 27562 — Information technology — Security techniques — Privacy guidelines for fintech services [DRAFT]

Abstract

[TBA]

Introduction

“Fintech” refers to the use of information and communications technology within the financial services industry - banking, insurance, investment etc. - in particular, for financial services delivered digitally.  A significant amount of personal information is processed through fintech.

Personal information is subject to an array of privacy laws and regulations as well as corporate privacy policies and ethical considerations, all of which help ensure the trustworthiness necessary to earn the trust of data subjects (customers).

Modern fintech architectures increasingly involve novel technologies such as cloud-based microservices with Application Programming Interfaces, blockchain and Artificial Intelligence/Machine Learning. In addition to the usual data/cyber security risks and controls, privacy concerns must also be identified, evaluated and addressed.

Scope of the standard

The standard addresses the privacy aspects of fintech.

Content of the standard

Main sections:

5. Overview of general privacy concerns and principles
6. Fintech services business model (industry structure, personal information flows)
7. Fintech services actors (financial services suppliers)
8. Privacy risks for industry players
9. Privacy controls for industry players
10. Privacy guidelines for industry players
11. Privacy guidelines for industry regulators

Status

The project started in 2021.

 It is currently at Committee Draft stage and seems unlikely to complete before 2024.

Personal notes

I am unclear why the financial services technology industry requires specific guidance on privacy that is not already available in other standards, laws and regulations. What makes fintech so special?

< Previous standard      ^ Up a level ^      Next standard >