ISO ISO IEC 15944-12-2020 pdf free download – Information technology — Business operational view — Part 12: Privacy protection requirements (PPR) on information life cycle management (ILCM) and EDI of personal information (PI)
These eleven (11) privacy protection principles are placed in a business transaction context,i.e.that of Persons, as parties,making a commitment on the commonly agreed upon goal for a businesstransaction.
From a FSv perspective,this includes ensuring that the lT systems of an organization are able to and doprovide associated required technical implementation measures which need be capable of exchangingthe necessary information among the parties to a business transaction. This is necessary to be ableto determine when personal information is to be processed as opposed to all other (non-personal)recorded information forming part of the business transaction. T’his includes ensuring that applicablecontrols are in place in the decision-making applications (DMAs) of the IT systems of organizations(and public administrations) where personal information is processed and interchanged among allparties to a business transaction).
Finally, the privacy protection principles enumerated above represent a whole and should be interpretedand implemented as a whole and not piecemeal. lmplementers of this document should be aware that insubsequent clauses of this document, two or more of the privacy protection principles referenced maybe instantiated together and simultaneously.
5.4 Link to “consumer protection” and “individual accessibility”requirements (seeISO/IEC 15944-8:2012,6.3)
This document, as with ISO/IEC 15944-5 and ISO/IEC 15944-8, is based on the following assumptions:1) The privacy protection requirements of the individual, as a buyer in a business transaction, are
those of the jurisdictional domain in which the individual made the commitments associated withthe instantiated business transaction.As such, this document shall be implemented in accordancewith the requirements of ISO/IEC 15944-1 and lsO/IEC 15944-5;
2) Where the seller is in a jurisdictional domain other than that of the individual, as the buyer, this
document incorporates and supports the:
– OECD Guidelines on the Protection of Privacy and Transborder Data Flows of Personal Data;
– Directive 95/46/EC of the European Parliament and of the Council of 240ctober 1995 on the
protection of individuals with regard to the processing of personal data and on the free movementof such data (1995);10)
-APEC Privacy Framework. (2005);
– uN Convention on the Rights of Persons with Disabilities (CRPD) (2006+).
3) Where the buyer is an ” individual” this also incorporates individual accessibility requirements.4)Where the buyer is an individual this also invokes consumer protection and individual accessibility requirements.
In order to support ILCM implementation requirements in this document, it is important that theseassumptions are explicitly stated, i.e., in the form of a rule.
Rule 004:
Laws and regulations governing privacy protection (as well as consumer protection andindividual accessibility requirements) which apply where, in a business transaction. the buyeris an individual, are those of the jurisdictional domain of the buyer.11)
5.5 Privacy protection principles in the context of ILCM requirements
The purpose of this subclause is to supplement, from an ILCM perspective, the rules and associated textfrom each of the eleven privacy protection principles specified in ISO/IEC 15944-8:2012,5.3.
Rule 0o5:
An individual, as a buyer in a business transaction, shall be able to challenge the timelinessand accuracy of his or her personal information including ILCM aspects including any statechanges to the content value of such a set of personal information (SPI) as part of the ILCM ofthe organization in accordance with other applicable information law requirements, includingretention, and expungement, as well as with respect to any ILCM management of a privacyprotection requirements nature, in any use by the seller organization of an agent and/or thirdparty to a business transaction.
Guideline 05G1:
An organization, in its role as seller or regulator, should provide its name, physical and electronicaddress and related contact information of its privacy protection officer (PPoj.ISO ISO IEC 15944-12 pdf download.