ISO/IEC 29100:2011 provides a privacy framework which
specifies a common privacy terminolog;
defines the actors and their roles in processing personally identifiable information (PII);
describes privacy safeguarding considerations; and
provides references to known privacy principles for information technology.
ISO/IEC 29100:2011 is applicable to natural persons and organizations involved in specifying, procuring, architecting, designing, developing, testing, maintaining, administering, and operating information and communication technology systems or services where privacy controls are required for the processing of PII.
Author(s): ISO/IEC JTC 1/SC 27 Information security cybersecurity privacy protection
Series: International Standard
Edition: 1
Publisher: ISO
Year: 2011
Language: English
Pages: 21
1 Scope
2 Terms and definitions
3 Symbols and abbreviated terms
4 Basic elements of the privacy framework
4.1 Overview of the privacy framework
4.2 Actors and roles
4.2.1 PII principals
4.2.2 PII controllers
4.2.3 PII processors
4.2.4 Third parties
4.3 Interactions
4.4 Recognizing PII
4.4.1 Identifiers
4.4.2 Other distinguishing characteristics
4.4.3 Information which is or might be linked to a PII principal
4.4.4 Pseudonymous data
4.4.5 Metadata
4.4.6 Unsolicited PII
4.4.7 Sensitive PII
4.5 Privacy safeguarding requirements
4.5.1 Legal and regulatory factors
4.5.2 Contractual factors
4.5.3 Business factors
4.5.4 Other factors
4.6 Privacy policies
4.7 Privacy controls
5 The privacy principles of ISO/IEC 29100
5.1 Overview of privacy principles
5.2 Consent and choice
5.3 Purpose legitimacy and specification
5.4 Collection limitation
5.5 Data minimization
5.6 Use, retention and disclosure limitation
5.7 Accuracy and quality
5.8 Openness, transparency and notice
5.9 Individual participation and access
5.10 Accountability
5.11 Information security
5.12 Privacy compliance
