Add to my Schedule Session Block—Standards and Applications
09 Sep 2019 02:00 PM - 02:20 PM (UTC)
20190909T1400 20190909T1420 UTC Open Source ISO/IEC 27701 Privacy Regulatory Mapping and Data Visualization Tool The pending ISO/IEC 27701 Privacy Information Management System (PIMS) standard is built upon the existing ISO/IEC 27001 Information Security Management System (ISMS) standard to establish an universa... Transforming Privacy Law into Practice | 9-10 September | University of Oxford events@oasis-open.org

The pending ISO/IEC 27701 Privacy Information Management System (PIMS) standard is built upon the existing ISO/IEC 27001 Information Security Management System (ISMS) standard to establish an universal privacy control set for controllers and processors. The primary applications of the new standard are to help controllers and processors reconcile applicable regulatory requirements into their internal controls and to validate compliance of controls between business partners such as co-controllers, processors, and sub-processors. The standard contains an annex providing a mapping between GDPR and ISO/IEC 27701 as an example of how the standard controls correspond to the European regulation. While this example is highly relevant to the state of privacy regulations, EU is not the only jurisdiction with applicable privacy regulation. 

 

To that end, the presenter proposes that additional mappings of privacy regulations against ISO/IEC 27701 would be beneficial to the privacy community. The presenter has prepared several mappings including regulations from Australia, Brazil, California, Canada, Hong Kong, Singapore, South Korea, and Turkey for this purpose. The plan is to publish these mappings as open source so enable validation of existing mappings, addition of new mappings, and general consumption by the privacy community. The presenter will present the mapping project to the community ahead of launching into open source.

 

The presenter will also showcase a data visualization tool designed to help users make sense of the relationship between these regulations and ISO/IEC 27701. The data visualization tool is also intended for open source consumption.