On the 8th of February, the International Organization for Standardization (ISO) will officially recognize Privacy by Design (PbD) as standardized under ISO 31700. This is a significant milestone, as Privacy by Design has already been adopted by the International Assembly of Privacy Commissioners and Data Protection Authorities, and even incorporated into the European General Data Protection Regulation (GDPR). In 2018, the ISO took it one step further and formed a working group to draw up plans on how privacy standards could be included in their framework.
Privacy by Design focuses on IT systems, business practices that must be held accountable, networked infrastructure, and physical design aspects to ensure consumer privacy is safeguarded. The finalized ISO 31700 contains 30 requirements that go beyond the original 7 principles of Privacy by Design – consisting of over 32 pages of guidance. This includes providing useful advice on enabling consumers to enforce their privacy rights, assigning responsibilities and roles, giving customers privacy information, assessing risks, designing appropriate controls, managing data through its lifecycle, and tackling a data breach should it occur.
In addition to the standard itself, there will also be a separate document outlining potential use cases as well.