{"id":4308,"date":"2024-04-27T06:17:10","date_gmt":"2024-04-27T12:17:10","guid":{"rendered":"https:\/\/trustarc.com\/?post_type=regulations&p=4308"},"modified":"2025-03-05T10:57:06","modified_gmt":"2025-03-05T16:57:06","slug":"iso-27701","status":"publish","type":"regulations","link":"https:\/\/trustarc.com\/regulations\/iso-27701\/","title":{"rendered":"ISO 27701 International Standard"},"content":{"rendered":"\t\t
\n\t\t\t
\n\t\t\t\t\t\t\t\t\tStandard<\/span>\n\t\t\t\t\t\t\t\t\t\t

ISO 27701<\/h1>\n\t\t\t\t\t

The ISO 27701 establishes requirements and guidance for developing, managing and improving a Privacy Information Management System (PIMS) for activities in privacy management involving personally identifiable information (PII). ISO 27701 focuses on security techniques and is an extension to ISO\/IEC 27001 and ISO\/IEC 27002 for privacy information management.<\/p>\n\t\t\t<\/div>\n\t\t<\/section>\n\t\t\n\n\t\t

\n\t\t\t
\n\t\t\t\t\t\t\t\t\t
\n\t\t\t\t\t\t

Who should use ISO 27701?<\/h2>\n

The requirements of ISO 27701 apply to all types and sizes of data controllers and\/or processors who process PII<\/a> including private and public entities, government entities, and non-profit organizations.<\/p>\n\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\n\n\t

\n\t\t
\n\t\t\t\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\t

Key requirements of ISO 27701<\/h2>\n\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t
\n\t\t\t\t\t\t\t

Designation of privacy leader<\/h4>\n

Organizations should appoint one or more privacy officials to develop, implement and manage an organization-wide privacy governance program\/policy to outline procedures to comply with relevant data protection laws and regulations. Privacy officials shall also be responsible to provide support to all organizational stakeholders on their responsibilities related to data protection tasks.<\/p>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t

\n\t\t\t\t\t\t\t

Prioritize privacy by design and default<\/h4>\n

Organizations should apply principles and related tools of privacy by design and default into all layers of the information system for the secure management of PII (e.g. practicing data minimization to collect and process only the necessary PII).<\/p>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t<\/section>\n\t\n\n\t

\n\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t
\n\t\t\t\t\t\t\t

Mechanisms for data deletion<\/h4>\n

Organizations should establish policies and technical mechanisms to permanently delete, de-identify, return and\/or transfer PII when the purpose of processing becomes obsolete or the PII retention period has expired.<\/p>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t

\n\t\t\t\t\t\t\t

Vendor Management<\/h4>\n

Where PIMS will be outsourced, organizations should regularly assess the vendor\u2019s privacy and data processing practices for compliance to organizational objectives and relevant data protection laws, verify the vendor\u2019s security posture, and consider applying privacy by design and default principles to the outsourced PIMS.<\/p>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t<\/section>\n\t\n\n\t

\n\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t
\n\t\t\t\t\t\t\t

Implementation of security protocols<\/h4>\n

Organizations must implement both organizational and technical security policies and procedures to safeguard confidential PII. This includes access controls to prevent unauthorized copying of PII by terminated employees or contractors and segregating overlapping responsibilities to prevent unauthorized access to sensitive data.<\/p>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t<\/section>\n\t\n\n\t\t

\n\t\t\t
\n\t\t\t\t\"\"\t\t\t<\/div>\n\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\tWhitepaper<\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t

Privacy and Data Security in Mergers & Acquisitions<\/h2>\n\t\t\t\t\t\t

Data can be a valuable asset or an incredible liability to your business. Proactive data privacy practices are strategically critical in this data economy because of the extreme cost of mistakes today. <\/p>\n\t\t\t\t\t\t