Protection of Personally Identifiable Information
Two draft standards relating to the protection of personally identifiable information have been issued for comment.
The development of a personal information management system (PIMS) encompassing all an organisation's activities can be complex. Two new draft standards provide some guidance:
- From BSI British Standards, DPC BS 10012 Specification for the management of personal information in compliance with the Data Protection Act 1998, deadline for responses 31 March 2009.
- From the US National Institute of Standards and Technology (NIST), DRAFT Special Publication 800-122, Guide to Protecting the Confidentiality of Personally Identifiable Information (PII), deadline for responses 13 March 2009.
These are two very different documents. The BSI draft standard is a guide to planning, implementing, monitoring, reviewing and improving a personal information management system (PIMS) to support compliance with the Data Protection Act 1998. On the other hand, the NIST draft standard is a much more readable document and describes how organisations (in this case US federal organisations) should identify, categorise and apply protection to personally identifiable information. Emphasis is also placed on reducing the PII at risk and development of incident response plans for PII breaches.
However, once released as final versions, we could see them being referenced in web project requests for information (RFIs) documents and requirements specifications, and therefore they are worth a look in advance, and possibly comment via trade and professional organisations.
Posted on: 16 January 2009 at 06:20 hrs
Comments are filtered automatically and should appear shortly after they been checked.