ISO/IEC 27556 — Information technology — User-centric framework for the handling of personally identifiable information (PII) based on privacy preferences [DRAFT]
The standard will lay out a “user-centric framework” (an architecture) to handle personal information in a controlled manner in accordance with the privacy-by-design and other requirements of applicable privacy laws and regulations.
Scope of the standard
The standard will describe a generic high-level system architecture without specifying the content and format of privacy preference information.
The architecture, in turn, will inform the design and implementation of IT systems handling personal information and communicating it between organisations, while managing the privacy preferences of data subjects (known as ‘PII Principals’ in the standard i.e. the people whose personal information is being handled).
The standard will expand upon ISO/IEC 29100 “Privacy framework”.
Content of the standard
The project started in 2019. The standard is due to be published in 2022.
It is already at Committee Draft stage although there are substantial issues being addressed.
< Previous standard ^ Up a level ^ Next standard >