What is this standard about?
It’s about protecting personally identifiable information (PII). The standard will help organizations define their privacy safeguarding requirements as they relate to PII processed by any ICT system.
Who is this standard for?
Entities involved in specifying, procuring, architecting, designing, testing, maintaining, administering and operating ICT systems that process PII.
Why should you use this standard?
It describes a high-level architecture framework and associated controls for safeguarding privacy in information and communication technology (ICT) systems that store and process personally identifiable information (PII).
The privacy architecture framework described:
- Provides a consistent, high-level approach to the implementation of privacy controls for the processing of PII in ICT systems
- Offers guidance for planning, designing and building ICT system architectures that safeguard the privacy of PII principals by controlling the processing, access and transfer of personally identifiable information
- Demonstrates how privacy enhancing technologies (PETs) can be used as privacy controls
The standard defines a privacy architecture framework that:
- Specifies concerns for ICT systems that process PII
- Lists components for the implementation of such systems
- Provides architectural views contextualizing these components It focuses primarily on ICT systems that are designed to interact with PII principals.