分享
ISO_IEC_29100-2011.pdf
下载文档

ID:234742

大小:3.86MB

页数:28页

格式:PDF

时间:2023-03-14

收藏 分享赚钱
温馨提示:
1. 部分包含数学公式或PPT动画的文件,查看预览时可能会显示错乱或异常,文件下载后无此问题,请放心下载。
2. 本文档由用户上传,版权归属用户,汇文网负责整理代发布。如果您对本文档版权有争议请及时联系客服。
3. 下载前请仔细阅读文档内容,确认文档内容符合您的需求后进行下载,若出现内容与标题不符可向本站投诉处理。
4. 下载文档时可能由于网络波动等原因无法下载或下载错误,付费完成后未能成功下载的用户请联系客服处理。
网站客服:3074922707
ISO_IEC_29100 2011
INTERNATIONALISO/IECSTANDARD29100First edition2011-12-15Information technology-Securitytechniques-Privacy frameworkTechnologies de linformation-Techniques de securite-Cadre priveReference number1S0/1EC29100:2011(E)ISOIEC1S0/1EC20111S0/1EC29100:2011(E)COPYRIGHT PROTECTED DOCUMENTIS0/1EC2011All rights reserved.Unless otherwise specified,no part of this publication may be reproduced or utilized in any form or by any means,electronic or mechanical,including photocopying and microfilm,without permission in writing from either ISO at the address below orISOs member body in the country of the requester.ISO copyright officeCase postale 56.CH-1211 Geneva 20Tel.+41227490111Fax+41227490947E-mail copyrightiso.orgWeb www.iso.orgPublished in SwitzerlandlSO/小EC2011-All rights reserved1S0/1EC29100:2011(E)ContentsPagentroduction.1.12Terms and definitions.3Symbols and abbreviated terms.4Basic elements of the privacy framework4.1Overview of the privacy framework.5.54.2Actors and roles.54.2.1Pl principals4.2.2Pl controlers.54.2.3Pll processors.4.2.4Third Partie4.3Interactions.64.4Recognizing Pl.74.4.1dentifiers.74.4.2Other distinguishing characteristics.4.4.3Information which is or might be linked to a Pll principal7.84.4.4Pseudonym0 us data94.4.54.4.6MetadataUnsolicited Pll.994.4.7Sensitive Pll.94.5Privacy safeguarding requirements.104.5.1Legal and regulato门y factors.114.5.2Contractual factors.14.5.3BuSineS4.5.4Other factors.124.6Privacy policies.4.7Privacy controls.135The privacy principles of ISO/IEC 29100.145.1Overview of privacy principles.145.2Consent and choice.145.3Purpose legitimacy and specification.5.4Copection limitation155.55.6Use,retention and disclosure limitation.165.7Accuracy and guality165.8Openness,transparency and notice.175.9Individual participation and access.5.10Accountability.185.11Information security.5.12Privacy compliance.19Annex A(informative)Correspondence between ISO/IEC 29100 concepts and ISO/IEC 27000concepts.20Bibliography.21All rights reserved1S0/1EC29100:2011(E)FiguresFigure 1-Factors influencing privacy risk management.11TablesTable 1-Possible flows of Pll among the Pll principal,Pll controller,Pll processor and a third party and theirroles7Table 2-Example of attributes that can be used to identify natural persons8Table 3-The privacy principles of ISO/IEC 2910014Table A.1-Matching ISO/IEC 29100 concepts to ISO/IEC 27000 concepts20ISO/IEC 2011-All rights reserved1S0/1EC29100:2011(E)ForewordISO(the International Organization for Standardization)and IEC(the International ElectrotechnicalCommission)form the specialized system for worldwide standardization.National bodies that are members ofISO or IEC participate in the development of International Standards through technical committeesestablished by the respective organization to deal with particular fields of technical activity.ISO and IECtechnical committees collaborate in fields of mutual interest.Other international organizations,governmentaland non-governmental,in liaison with ISO and IEC,also take part in the work.In the field of informationtechnology,ISO and IEC have established a joint technical committee,ISO/IEC JTC 1.International Standards are drafted in accordance with the rules given in the ISO/IEC Directives,Part 2.The main task of the joint technical committee is to prepare International Standards.Draft InternationalStandards adopted by the joint technical committee are circulated to national bodies for voting.Publication asan International Standard requires approval by at least 75%of the national bodies casting a vote.Attention is drawn to the possibility that some of the elements of this document may be the subject of patentrights.ISO and IEC shall not be held responsible for identifying any or all such patent rights.ISO/IEC 29100 was prepared by Joint Technical Committee ISO/IEC JTC 1,Information technology,Subcommittee SC 27,IT Security techniques.All rights reservedV

此文档下载收益归作者所有

下载文档
猜你喜欢
你可能关注的文档
收起
展开