ISO/IEC 15944-17:2024
(Main)Information technology — Business operational view — Part 17: Fundamental principles and rules governing Privacy-by-Design (PbD) requirements in an EDI and collaboration space context
Information technology — Business operational view — Part 17: Fundamental principles and rules governing Privacy-by-Design (PbD) requirements in an EDI and collaboration space context
This document: a) focuses on PbD aspects of privacy protection requirements as external constraints on any type of Person, (e.g. organization or public administration) involved in any kind of business transaction among such Persons which involves the electronic data interchange (EDI) of any personal information; b) establishes a fundamental set of privacy principles known as Privacy by Design and assumptions based on primary sources; c) integrates existing normative elements in support of PbD as are already identified in ISO/IEC 14662 and ISO/IEC 15944-1, ISO/IEC 15944-5, ISO/IEC 15944-8, ISO 15944-12; d) provides overarching operational ‘best practice’ statements for associated (and not necessarily automated) processes, procedures, practices and governance requirements that need to act in support of implementing and enforcing technical mechanisms that support PbD in Open-edi transaction and collaboration space environments; e) focuses on PbD related aspects of the life cycle management of and accountability for the personal information, i.e. the contents of SPIs (and their SRIs) related to the business transaction interchanged via EDI as information bundles and their associated semantic components among the parties to a business transaction. This document focuses on the BOV aspects of a business transaction and does not concern itself with the technical mechanisms needed to implement the FSV aspects of the business requirements of the FSV including the specification of requirements of an FSV nature which include security techniques and services, communication protocols, etc.). The FSV includes any existing standard (or standards development of an FSV nature), which has been ratified by existing ISO, IEC, UN/ECE and/or ITU standards. This document does not specify the technical mechanisms, i.e. FSV which are required to support BOV-identified requirements. Detailed exclusions to the scope of this document are provided in Annex D.
Technologies de l'information — Vue opérationnelle d'affaires — Partie 17: Règles et principes fondamentaux régissant les exigences de protection de la vie privée par conception (PbD) dans un contexte d'EDI et d'espace de collaboration
General Information
Buy Standard
Standards Content (Sample)
International
Standard
ISO/IEC 15944-17
First edition
Information technology — Business
2024-04
operational view —
Part 17:
Fundamental principles and rules
governing Privacy-by-Design
(PbD) requirements in an EDI and
collaboration space context
Technologies de l'information — Vue opérationnelle d'affaires —
Partie 17: Règles et principes fondamentaux régissant les
exigences de protection de la vie privée par conception (PbD)
dans un contexte d'EDI et d'espace de collaboration
Reference number
ISO/IEC 15944-17:2024(en) © ISO/IEC 2024
---------------------- Page: 1 ----------------------
ISO/IEC 15944-17:2024(en)
COPYRIGHT PROTECTED DOCUMENT
© ISO/IEC 2024
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on
the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below
or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
© ISO/IEC 2024 – All rights reserved
ii
---------------------- Page: 2 ----------------------
ISO/IEC 15944-17:2024(en)
Contents Page
Foreword .v
Introduction .vi
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 2
4 Abbreviated terms .18
5 Fundamental privacy protection principles . 19
5.1 Overview .19
5.2 Primary sources of privacy protection principles . 20
5.3 Exceptions to the application of the privacy protection principles . 20
5.4 Key eleven (11) privacy protection principles . 20
5.5 Link to “consumer protection” and “individual accessibility” requirements .21
5.6 Requirements for tagging (or labelling) sets of personal information (SPIs) in support
of privacy protection requirements (PPR) . 22
5.7 Requirements for making all personal information (PI) available to the buyer where
the buyer is an individual . 22
6 Fundamental principles and rules governing Privacy by Design (PbD) requirements .22
6.1 Overview . 22
6.2 Fundamental principles of Privacy by Design . 23
6.2.1 Privacy by Design Principle 1: Proactive not reactive; preventative not remedial . 23
6.2.2
...
International
Standard
FINAL DRAFT
ISO/IEC
FDIS
15944-17
ISO/IEC JTC 1/SC 32
Information technology — Business
Secretariat: ANSI
operational view —
Voting begins on:
2024-01-25
Part 17:
Fundamental principles and rules
Voting terminates on:
2024-03-21
governing Privacy-by-Design
(PbD) requirements in an EDI and
collaboration space context
RECIPIENTS OF THIS DRAFT ARE INVITED TO SUBMIT,
WITH THEIR COMMENTS, NOTIFICATION OF ANY
RELEVANT PATENT RIGHTS OF WHICH THEY ARE AWARE
AND TO PROVIDE SUPPOR TING DOCUMENTATION.
IN ADDITION TO THEIR EVALUATION AS
BEING ACCEPTABLE FOR INDUSTRIAL, TECHNO
LOGICAL, COMMERCIAL AND USER PURPOSES, DRAFT
INTERNATIONAL STANDARDS MAY ON OCCASION HAVE
TO BE CONSIDERED IN THE LIGHT OF THEIR POTENTIAL
TO BECOME STAN DARDS TO WHICH REFERENCE MAY BE
MADE IN NATIONAL REGULATIONS.
Reference number
ISO/IEC FDIS 1594417:2024(en) © ISO/IEC 2024
---------------------- Page: 1 ----------------------
International
ISO/IEC FDIS 15944-17:2024(en)
Standard
FINAL DRAFT
ISO/IEC
FDIS
15944-17
ISO/IEC JTC 1/SC 32
Information technology — Business
Secretariat: ANSI
operational view —
Voting begins on:
Part 17:
Fundamental principles and rules
Voting terminates on:
governing Privacy-by-Design
(PbD) requirements in an EDI and
collaboration space context
RECIPIENTS OF THIS DRAFT ARE INVITED TO SUBMIT,
COPYRIGHT PROTECTED DOCUMENT
WITH THEIR COMMENTS, NOTIFICATION OF ANY
RELEVANT PATENT RIGHTS OF WHICH THEY ARE AWARE
AND TO PROVIDE SUPPOR TING DOCUMENTATION.
© ISO/IEC 2024
IN ADDITION TO THEIR EVALUATION AS
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
BEING ACCEPTABLE FOR INDUSTRIAL, TECHNO
LOGICAL, COMMERCIAL AND USER PURPOSES, DRAFT
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on
INTERNATIONAL STANDARDS MAY ON OCCASION HAVE
the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below
TO BE CONSIDERED IN THE LIGHT OF THEIR POTENTIAL
or ISO’s member body in the country of the requester.
TO BECOME STAN DARDS TO WHICH REFERENCE MAY BE
MADE IN NATIONAL REGULATIONS.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland Reference number
ISO/IEC FDIS 1594417:2024(en) © ISO/IEC 2024
© ISO/IEC 2024 – All rights reserved
ii
---------------------- Page: 2 ----------------------
ISO/IEC FDIS 15944-17:2024(en)
Contents Page
Foreword .v
Introduction .vi
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 2
4 Abbreviated terms .18
5 Fundamental privacy protection principles . 19
5.1 Overview .19
5.2 Primary sources of privacy protection principles . 20
5.3 Exceptions to the application of the privacy protection principles . 20
5.4 Key eleven (11) privacy protection principles . 20
5.5 Link to “consumer protection” and “indi
...
© ISO/IEC 2023 – All rights reserved
Style Definition
...
Date: 2023-12-19
Formatted: zzCover large, Space Before: 0 pt, After:
Reference number of document: ISO/IEC FDIS 15944--17
0 pt
Formatted
Committee identification: ISO/IEC JTC 001 1/SC 32/WG 01 .
Font: 11 pt, French (Switzerland)
Formatted:
Secretariat: JTC1/SC32 ANSI
Formatted
...
Formatted: Font: 11 pt, French (Switzerland)
Formatted: Font: 11 pt
Space After: 0 pt
Formatted:
Date: 2024-01-10
Formatted: Font: 16 pt
Information technology — Business Operational View — operational
view —
Formatted: Regular, Font: 16 pt, Bold
Part 17:
Formatted: Cover Title_A2, Space After: 0 pt, Tab
Fundamental principles and rules governing Privacy -by -Design
stops: Not at 10.39 cm
(PhDPbD) requirements in an EDI and collaboration space context
Formatted: Font: 16 pt, Bold
Formatted
...
Technologies de l'information — Vue opérationnelle d'affaires — Partie 17: JTC1/SC32
---------------------- Page: 1 ----------------------
© ISO/IEC 2023 – All rights reserved
FDIS stage
---------------------- Page: 2 ----------------------
ISO/IEC FDIS 15944-17
© ISO [year] /IEC 2024
Formatted: Font color: Auto, English (United Kingdom)
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this Font color: Auto, English (United Kingdom)
Formatted:
publication may be reproduced or utilized otherwise in any form or by any means, electronic or mechanical,
including photocopying, or posting on the internet or an intranet, without prior written permission. Permission can
be requested from either ISO at the address below or ISO'sISO’s member body in the country of the requester. Font color: Auto, English (United Kingdom)
Formatted:
ISO Copyright Office copyright office
Formatted: Font color: Auto, English (United Kingdom)
CP 401 • Ch. de Blandonnet 8
Formatted: zzCopyright address
CH-1214 Vernier, Geneva
Formatted: Font color: Auto, English (United Kingdom)
Phone: + 41 22 749 01 11
Formatted: Font color: Auto, English (United Kingdom)
Email: copyright@iso.org
zzCopyright address
Formatted:
E-mail: copyright@iso.org
Font color: Auto, French (Switzerland)
Formatted:
Website: www.iso.orgwww.iso.org
Formatted: French (Switzerland)
Published in Switzerland.
Formatted: Font color: Auto
Formatted: zzCopyright address
Formatted: Font color: Auto
Font color: Auto, English (United Kingdom)
Formatted:
Font color: Auto, English (United Kingdom)
Formatted:
© ISO/IEC 2023 – All rights reserved
iv
---------------------- Page: 3 ----------------------
ISO/IEC FDIS 15944-17
Contents Page
Introduction xii Formatted: Font: Bold, Font color: Auto
0.1 Purpose and overview xii
0.2 Use of ISO/IEC 14662 and ISO/IEC 15944 xii
0.2.1 ISO/IEC 14662 "Open-edi Reference Model" xii
0.2.2 ISO/IEC 15944-1 Business operational view (BOV) – operational aspects of Open-edi for
implementation xiv
0.2.3 Links to ISO/IEC 15944-5, ISO/IEC 15944-8, ISO/IEC 15944-4 and ISO/IEC 15944-12 xvii
0.3 Importance and role of terms and definitions xvii
0.4 Basic rules and guidelines xviii
0.5 Use of “Person”, “organization”, “individual” and “party” in the context of business transaction
and commitment exchange xviii
0.6 Use of “identifier” (in a business transaction) and roles of an individual xviii
0.7 Use of "jurisdictional domain" in the context of privacy protection requirements and Privacy by
Design xviii
0.8 Use of “privacy protection” in the context of business transaction, EDI and any type of
commitment exchange xix
0.9 Use of “set of recorded information” (SRI) and “set of personal information” (SPI) versus record,
document, message, data, etc. xix
0.10 Aspects currently not addressed xix
0.11 IT-systems environment neutrality xx
0.12 Organization and description of this document xx
1 Scope 1
2 Normative references 3
3 Terms and definitions 5
4 Abbreviated terms 25
5 Fundamental privacy protection principles 27
5.1 Overview 28
5.2 Primary sources of privacy protection principles 29
5.3 Exceptions to the application of the privacy protection principles 30
5.4 Key eleven (11) privacy protection principles 30
5.5 Link to “consumer protection” and “individual accessibility” requirements 31
5.6 Requirements for tagging (or labelling) sets of personal information (SPIs) in support of privacy
protection requirements (PPR) 32
5.7 Requirements for making all personal information (PI) available to the buyer where the buyer is
an individual 32
6 Fundamental principles and rules governing Privacy by Design (PbD) requirements 32
6.1 Overview 32
© ISO/IEC 2023 – All rights reserved
v
---------------------- Page: 4 ----------------------
ISO/IEC FDIS 15944-17
6.2 Fundamental principles of Privacy by Design 33
6.2.1 Privacy by Design Principle 1: Proactive not reactive; preventative not remedial 33
6.2.2 Privacy by Design Principle 2: Privacy as the Default Setting 34
6.2.3
...
Questions, Comments and Discussion
Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.