{"id":4320,"date":"2024-04-27T06:18:47","date_gmt":"2024-04-27T12:18:47","guid":{"rendered":"https:\/\/trustarc.com\/?post_type=regulations&p=4320"},"modified":"2024-06-04T09:28:21","modified_gmt":"2024-06-04T15:28:21","slug":"iso-31700-01","status":"publish","type":"regulations","link":"https:\/\/trustarc.com\/regulations\/iso-31700-01\/","title":{"rendered":"ISO 31700-01 International Standard"},"content":{"rendered":"\t\t
\n\t\t\t
\n\t\t\t\t\t\t\t\t\tStandard<\/span>\n\t\t\t\t\t\t\t\t\t\t

ISO 31700-01 <\/h1>\n\t\t\t\t\t

The International Organization for Standardization (ISOP) 31700-01 focuses on consumer protection and provides high-level guidance and requirements for the implementation of privacy by design elements throughout the entire lifecycle of consumer products. <\/p>\n\t\t\t<\/div>\n\t\t<\/section>\n\t\t\n\n\t\t

\n\t\t\t
\n\t\t\t\t\t\t\t\t\t
\n\t\t\t\t\t\t

Who should use ISO 31700-01?<\/h2>\n

This voluntary international standard is directed to any organizations and third parties responsible for the concept, design, manufacturing, management, testing, operation, service, maintenance and disposal of consumer goods and services.<\/p>\n\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\n\n\t

\n\t\t
\n\t\t\t\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\t

Key obligations of ISO 31700-01<\/h2>\n\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t
\n\t\t\t\t\t\t\t

Disposal and retention of consumer products<\/h4>\n

Consumer products shall only retain PII necessary to meet organizational needs. Companies must develop procedures for the responsible destruction of PII when the product reaches the end of its lifecycle (e.g., via deletion or anonymization). Destroy PII when it is not required to meet a business or legal requirement, and enable consumers to delete their PII stored on the product themselves.<\/p>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t

\n\t\t\t\t\t\t\t

Development of privacy controls within consumer products<\/h4>\n

Organizations should integrate privacy controls into the product\u2019s development and management lifecycle to establish product privacy goals. Third-parties may be outsourced to aid in the development and integration of privacy controls. Third-party relationship policies must be established and their participation monitored for compliance. Consider the privacy needs and expectations of consumers throughout the development process and inform them on how to operate such controls.<\/p>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t<\/section>\n\t\n\n\t

\n\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t
\n\t\t\t\t\t\t\t

Privacy risk assessments<\/h4>\n

Organizations should conduct privacy risk assessments before releasing a consumer product and on any third parties that intend to transfer personally identifiable information (PII) during the consumer product’s lifecycle.<\/p>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t

\n\t\t\t\t\t\t\t

Transparency<\/h4>\n

Organizations should provide consumers with transparency information regarding the product, including, but not limited to: the availability of and configuration options of privacy controls within the product, and products\u2019 end-of-life withdrawal information (e.g. the entity will continue to retain and process PII).<\/p>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t<\/section>\n\t\n\n\t\t

\n\t\t\t
\n\t\t\t\t\"\"\t\t\t<\/div>\n\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\tWhitepaper<\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t

Privacy and Data Security in Mergers & Acquisitions<\/h2>\n\t\t\t\t\t\t

Data can be a valuable asset or an incredible liability to your business. Proactive data privacy practices are strategically critical in this data economy because of the extreme cost of mistakes today. <\/p>\n\t\t\t\t\t\t