International Organization for Standardization (ISO)

The ISO 29100 privacy framework sets forth the following eleven core principles:

  1. Consent and choice
  2. Purpose legitimacy and specification
  3. Collection limitation
  4. Data minimization
  5. Use, retention and disclosure limitation
  6. Accuracy and quality
  7. Openness, transparency, and notice
  8. Individual participation and access
  9. Accountability
  10. Information security
  11. Privacy compliance

The ISO 27701 privacy framework is not explicitly organized using the

While theoretically an organization could adopt ISO 27701 as a separate standalone framework to apply to an organization’s privacy program, the framework was conceptualized as an extension of the ISO data security standards. As a result, it is organized based upon the assumption that an organization already has a security program that is built off

In 2019, the International Organization for Standards joint technical committee ISO/IEC JTC1, Information technology subcommittee SC27, developed a privacy framework that was intended to build off of the existing ISO data security standards – i.e., ISO/IEC 27001:2013 (Information security management systems) and ISO/IEC 27002:2013 (Code of practice for information security controls) – by integrating into

The ISO 29100 privacy framework sets forth the following 11 core principles:

  1. Consent and choice
  2. Purpose legitimacy and specification
  3. Collection limitation
  4. Data minimization
  5. Use, retention, and disclosure limitation
  6. Accuracy and quality
  7. Openness, transparency, and notice
  8. Individual participation and access
  9. Accountability
  10. Information security
  11. Privacy compliance

The ISO 27701 privacy framework is not explicitly organized using the

While theoretically an organization could adopt ISO 27701 as a separate standalone framework to apply to the organization’s privacy program, the framework was conceptualized as an extension of the ISO data security standards – i.e., a company would ideally be certified in both data security and data privacy. As a result, it is organized based

The International Organization for Standards, better known simply as ISO, is an international standard on how organizations should manage information security. Organizations can obtain a certification from an accredited assessor that it is compliant with ISO security standards.

In 2019, ISO developed a privacy framework that was intended to build off of the existing ISO

One of the provisions in the ISO 29100 privacy framework is that the top management of an organization should “establish a privacy policy” that, among other things:

  • Provides an internal organizational framework for setting objectives,
  • Includes a commitment to satisfy applicable privacy safeguarding requirements,
  • Includes a commitment to continual improvement.

The privacy policy envisioned under

The terminology used by the ISO 29100 privacy framework arguably most closely aligns with the terminology used under the GDPR. The following chart provides a side-by-side comparison of commonly used terms and concepts as they appear in the European GDPR, the California CCPA, and the newly passed Virginia Consumer Data Protection Act.

ISO 29100 Europe