The ISO 29100 privacy framework sets forth the following eleven core principles:
- Consent and choice
- Purpose legitimacy and specification
- Collection limitation
- Data minimization
- Use, retention and disclosure limitation
- Accuracy and quality
- Openness, transparency, and notice
- Individual participation and access
- Accountability
- Information security
- Privacy compliance
The ISO 27701 privacy framework is not explicitly organized using the above privacy principles; however, the controls that apply to controllers and processors, respectively, that are found within ISO 27701 can be mapped to each of the above principles. As a result, it is possible for an organization to adopt the privacy principles of ISO 29100 and utilize the 49 controls identified within ISO 27701 as a framework for implementing those principles.