|
A new ISO standard has been published which will help financial services companies to effectively manage privacy risks. ISO 22307:2008, Financial services – Privacy impact assessment, defines a methodology to help organizations in private and public sectors identify privacy issues and mitigate risks associated with processing the financial data of customers and consumers, business partners and citizens.
The standard describes the privacy impact assessment (PIA) which should be carried out at an early stage in the development of a proposed financial system. As well as helping to identify optimal privacy options and solutions, it provides a way to ensure that the system complies with applicable laws and regulations governing customer and consumer privacy. It is a tool that, when used effectively, can identify risks associated with privacy and help organizations plan to mitigate those risks.
ISO 22307:
- describes the PIA process in general
- defines the common and required components of a privacy impact assessment, regardless of business systems affecting financial institutions, and
- provides informative guidance, including frequently asked questions (FAQs) on PIAs and their implementation, together with a number of questionnaires designed to help users assess their needs and develop an effective PIA.
ISO 22307:2008, Financial services – Privacy impact assessment, was developed by ISO technical committee ISO/TC 68, Financial services, subcommittee SC 7, Core banking.
www.iso.org
•Date: 3rd June 2008• Region: World •Type: Article •Topic: Financial sector BC
Rate this article or make a comment - click here
|
