Standards and frameworks provide real benefits for privacy management. Standards are established norms to be applied consistently across organizations, while frameworks are a set of basic guidelines to be adapted to an organization’s needs. Both can help to fulfill compliance obligations, build trust, benchmark against industry best practices, support strategic planning and evaluation, enable global interoperability, and strengthen an organization’s market position.
Just as in information security, the International Organization for Standardization in cooperation with the International Electrotechnical Commission, and the U.S. National Institute for Standards and Technology, are the main players for offering general guidance for privacy risk management. ISO and IEC are non-governmental international organizations with all member states of the United Nations having a vote in their standardization processes. NIST is a non-regulatory government agency within the U.S. Department of Commerce. In furtherance of its mission to promote American innovation and industrial competitiveness, NIST provides a wide variety of standards and technology resources, tools, and guidelines for use by U.S. federal agencies as well as by private industry, both domestically and abroad.
On a European level, three distinct private international nonprofit organizations are officially recognized by the EU as being responsible for developing and defining voluntary standards. They also collaborate with ENISA, the EU Agency for Cybersecurity. The European Telecommunications Standards Institute covers a variety of privacy-related sector specific standards. The European Committee for Standardization and the European Committee for Electrotechnical Standardization are currently working on privacy information management systems for a European context.
In Asia, the APEC Privacy Framework provides …
Schrems II Judgment Day
The Court of Justice of the European Union (“CJEU“) issued its judgment today in …
