ISO IEC 29134-2023.docx

《ISO IEC 29134-2023.docx》由会员分享，可在线阅读，更多相关《ISO IEC 29134-2023.docx（34页珍藏版）》请在优知文库上搜索。

1、INTERNATIONA1.STANDARDISO/IEC29134editionSecond2023-05Informationtechno1.ogySecuritytechniquesGuide1.inesforprivacyimpactassessmentTechno1.ogiesdeinfrmationTechniquesdeSRUriW1.ignesdirectricespourV6tuded,impactssur1.aviepriv6eReferencenumberISO/IEC29134:2023(E)COPYRIGHTPROTECTEDDOCUMENTIS0/1EC2023IU

2、irhM*hedbdi1.iUedotherwiseupdhi.o啪InyM1.tta0DmkfifiU81.andonnet8CH-1214Vernier,GenevaPhone：M1.227490111觥ftte:丽丽BQrgPub1.ishedinSwitzer1.andIntroductionAprivacyimpactassessment(PIA)isaninstrumentfor:asgdb由ccrWh由hduiVeerhiPhiVae5zp3s,PerSoiDfrteriCttiSkkdTrtzProgt1114RJJ如Rwaretakingnecessaryactions,in

3、consu1.tationwithstakeho1.ders,totreatprivacyrisk.船期1g1.HPt三献或m9三WW)R1.三哨啼H阚拗硼f%E(片蹦加曲行0/1E得叫p!7uresmorethanatoo1.:itisaprocessthatbeginsattheear1.iestpossib1.estagesofaninitiative,whentherearesti1.1.opportunitiestoinf1.uenceitsoutcomeandtherebyensureprivacybydesign.Itisaprocessthatcontinuesunti1.,a

4、ndevenafter,theprojecthasbeendep1.oyed.Initiativesvarysubstantia1.1.yinsca1.eandimpact.Objectivesfa1.1.ingundertheheadingofprivacy,wi1.1.dependoncu1.ture,societa1.expectationsandjurisdiction.Thisdocumentisintendedtoprovide嘛林做物康顺飒M酬H机由I1.taWative期体由HjgMferPre曲秘艇re球通龈Mttancescircumstances.4JS律即群盟人帧科强?

5、搬总给itybA和&油邢8般裁蝴品即独服内部PrO强羽AoCOndUCttheirownPIA.婚“缺嬲em,in湖幅栩VW即颈励舀磐an愧科sefi鼬初强假任俄Vi勰解hersJ梳UChdevicestoprovideprivacy-re1.evantdesigninformationtothoseundertakingthePIA.irispossib1.ethattheproviderofdigita1.devicesisunski1.1.edinandnotresourcedforPIAstforexamp1.e：asma1.1.retai1.er,orasma1.1.andmediu

6、m-sizedenterprise(SME)usingdigita1.1.yconnecteddevicesinthecourseofitsnorma1.businessoperations.印ItWMryHnm3ticiwMhi甫iAiwdTttJkdbBWAndevicrwhAp1.iercantheexpectedP1.1.principa1./SMEcontextfortheequipmenttheysupp1.y.洲小Pa1.懈赧叫工加湘蝴Mrt?陶徽湎硼三W幽硼的rea朋pp1.y.Thisdocumentisintendedtobeusedwhentheprivacyimpact

7、onP1.1.principa1.sinc1.udesconsiderationofprocesses,informationsystemsorprogrammes,where：-theresponsibi1.ityfortheimp1.ementationand/orde1.iveryoftheprocess,informationsystemOrprogrammeissharedwithotherorganizationsanditshou1.dbeensuredthateachorganizationproper1.yaddressestheidentifiedrisks;anorgan

8、izationisperformingprivacyriskmanagementaspartOfitsovera1.1.riskmanagementeffortwhi1.epreparingfortheimp1.ementationorimprovementofitsISMS(estab1.ishedinaccordancewith由SWIRGRZWMsorananfiMyfeRfiHg魄Fmentsystem);oranorganizationisperformingprivacyriskanorganization(e.g.government)isundertakinganinitiat

9、ive(e.g.aPUbIiC-PriVate-PartnerShiP逸柚由屈信怖阖hent糠8福掘Vte1.由MMw出队V映S蛆幅rermentp1.anbecomespartofcorresponding1.egis1.ation,regu1.ationorthecontractinstead;theorganizationwantstoactresponsib1.ytowardsthePI1.principa1.s.CUBbg1.kd1.dddummhiMeibathcnko1.sJdchUi1.n削661娜CH的阙9铀门IapruitiMdyUiKo1.S)PrQosIS0/1EC29

10、151(forP1.1.protectioncontro1.s),orcomparab1.enationa1.standards,ortheycanbedefinedbythepersonresponsib1.eforconductingthePIA1independent1.yofanyothercontro1.set.3.3assessortheirteam.entry:Theassessormaybesupportedbyoneormoreotherinterna1.and/orexterna1.expertsaspartof3.4process(SOURCE:ISO/IEC27000:

11、2018,3.54device3.6privacyimpactsafeguardingrequirements,impactcanresu1.tfromtheprocessingofP1.1.inconformanceorinvio1.ationofprivacy3.7privacyimpactassessmentPIAinformation,framedwithinanorganizationbroaderriskmanagementframework3.8privacyriskmapNote1toentry：Themapistypica1.1.yusedtdeterminetheorder

12、inwhichtheprivacyrisksshou1.dbetreated.programme(SOURCE:ISO143004:2011,3.21projecttime,costandresourcesISO/IEC2023-A1.1.11ghtsreservedpersonwho1.eadsandconductsaprivacyimpactassessment(3.7)Note1toNote2toentry:Theassessormaybeanexpertinterna1.orexterna1.totheorganization.setofinterre1.atedorinteracti

13、ngactivitieswhichtransformsinputsintooutputs3.5combinationofhardwareandSoftWare,orso1.e1.ysoftware,thata1.1.owsausertoperformactionsanythingthathasaneffectontheprivacyofaP1.1.principa1.and/orgroupofP1.1.principa1.sNote1toentry:Theprivacyovera1.1.processofidentifying,ana1.ysing,eva1.uating,consu1.tin

14、g,communicatingandp1.anningthetreatmentofpotentia1.privacyimpactswithregardtotheprocessingofpersona1.1.yidentifiab1.eSOURCE:1SO1EC29100:2011,2.20rmodifiedNote1toentryhasbeende1.eted.)diagramthatindicatesthe1.eve1.ofimpactand1.ike1.ihoodofprivacyrisksidentified3.9groupofprojectsmanagedinacoordinatedw

15、aytoobtainbenefitsnotavai1.ab1.efrommanagingthemindividua1.1.y3.10uniqueprocess,consistingofasetofcoordinatedandcontro1.1.edactivitieswithstartandfinishdates,undertakentoachieveanobjectiveconformingtospecificrequirements,inc1.udingtheconstraintsof(SOURCE:ISO9000:2015,3.4.23.11organizationpersonorgroupofpeop1.ethath