NIST SP 800-122 Guide to Protecting the Confidentiality of Personally Identifiable Information
Special Publication (SP) 800-122 Guide to Protecting the Confidentiality of Personally Identifiable Information (PII) has been published by the US National Institute of Standards and Technology (NIST). Are you using personal data on your web site?
SP 800-122 provides a useful read for people responsible for assessing privacy and for those designing and implementing privacy controls within information systems and business processes. Importantly it mentions web applications which are increasingly being used as part of business processes. By their nature, data will pass through systems more exposed to public threats.
In the UK, the best starting point for advice is the Information Commissioner's Office guides and other resources, especially the Data Protection Guide and the pages and reports on building privacy in. However, SP 800-122's impact classification methodology, lists of safeguards, examples and scenarios are useful whatever your jurisdiction.
But do note, the definitions, requirements and obligations in NIST SP 800-122 of course relate to US legislation and not to the UK Data Protection Act 1998. In particular they don't cover all eight UK data protection principles. Apart from background reading, they can therefore also be of use for UK organisations considering, or who already have, customers or some other presence in the US.
Posted on: 04 May 2010 at 11:32 hrs
Comments are filtered automatically and should appear shortly after they been checked.