Protecting the personally identifiable information of customers and employees is increasingly regulated. Having started with the EU – General Data Protection Regulation (GDPR), privacy requirements have now grown to include not only the California Consumer Privacy Act (CCPA) but many other state laws.
Data privacy requirements are part of many customer and vendor contracts. Implementing the regulatory requirements in your company needs to become standard business practice.
Lisa DuBrock, managing partner of Radian Compliance states, “Our conversations with clients concerning privacy have increased exponentially. Between all the new regulatory requirements as well as greater knowledge that we need to protect personal information, privacy appears to be on everyones mind. The natural alignment between ISO 27001 and ISO 27701 makes for a smooth transition to add PIMS to our solutions offerings.”
ISO 27701:2019 is an international standard based on GDPR with universal adoption for the most essentional requirements of a business acting as a data controller, where they collect and process data in house, a data processor, for processing data on behalf of clients or 3rd parties, or a combination of both. This standard is a data privacy extension to ISO 27001:2013 Information Security Management. Certification to ISO 27001:2013 is required. The PIMS cannot achieve certification alone.
Brandan Keaveny, founder of Data Ethics, a recognized privacy and ethics specialist and a Radian Compliance subject matter expert adds, “Collecting and utilizing an individual’s data, whether an employee, customer, or consumer, is a privilege that requires the highest standards for its protection and usage. Each data point that an organization collects represents a person who is trusting that their data is being used in a transparent and ethical manner.”
For more such updates follow us on Google News ITsecuritywire News