ISO 22307:2008 Targets Safeguarding Privacy of Financial Data in Computer Systems
June 18, 2008 // Published as a news service by IHS
| |
| Electronics & Telecom Docs |
IHS sells a full selection of standards documents & collections from the industry's top organizations.
To learn more, and for a free quote, please complete the form below. |
|
| |
A new standard from the International Organization for Standardization (ISO) seeks to safeguard the privacy of people's financial data when it is processed by automated, networked information systems.
ISO 22307:2008 - Financial services - Privacy impact assessment, defines a methodology organizations in the private and public sectors can use to identify privacy issues and mitigate risks associated with processing the financial data of customers and consumers, business partners and citizens.
"The financial services community recognizes how important it is to protect and not abuse their customers' privacy, and not just because it may be required by law," said John M. Ferris, convener of ISO/Technical Committee (TC) 68/Subcommittee (SC) 7's working group (WG) 5, Privacy impact assessment standard.
"As systems are developed or updated, there is an opportunity to enhance business processes and to provide improved services to customers.
"However, new ways of using existing technology and new technologies also bring new or unknown risks. It is advisable that corporations handling financial information be proactive in protecting and not abusing the privacy of their consumers and partners," Ferris said.
"One way of proactively addressing privacy principles and practices is to follow a standardized privacy impact assessment process for a proposed financial system, such as the one recommended in ISO 22307."
The standard describes the privacy impact assessment (PIA) to be carried out at an early stage in the development of a proposed financial system.
As well as identifying privacy options and tools, it provides a way to ensure that the system complies with applicable laws and regulations governing customer and consumer privacy, ISO said.
ISO 22307:
- Describes the PIA process in general.
- Defines the common and required components of a privacy impact assessment, regardless of business systems affecting financial institutions.
- Provides guidance, including frequently asked questions (FAQs) on PIAs and their implementation, together with a number of questionnaires designed so users can assess their needs and develop a PIA.
Source: International Organization for Standardization (ISO).