One Article Review
| Source |  NoticeBored |
|---|---|
| Identifiant | 2148839 |
| Date de publication | 2020-07-31 08:58:07 (vue: 2021-01-06 20:37:57) |
| Titre | NBlog July 31 - who\'s for a Pimms? |
| Texte |  Within a year or so, organisations will be able to have their Privacy Information Management Systems certified compliant with ISO/IEC 27701, thanks to a new accreditation standard ISO/IEC TS 27006 part 2, currently in draft.A PIMS is very similar to an Information Security Management System, hence compliance auditing and certification are also very similar – so much so that I've heard some certification bodies are already taking the initiative by issuing PIMS certificates despite their not being formally accredited for that.Potentially, a PIMS certificate may become the generally-accepted means of demonstrating an organisation's due care over privacy and personal data protection – a way to assure data subjects, business partners, the authorities and courts that they have, in fact, adopted good privacy practices. A PIMS should materially reduce an organisation's risk of suffering privacy breaches. However, as with an ISMS, 'materially reduce' is not quite the same as 'eliminate'. In the less likely event that a privacy breach occurs, despite having a PIMS, compliance certificates for the organisation and if appropriate its information service suppliers (e.g. cloud or marketing services) may be a credible part of the organisation's legal defence against prosecution under GDPR or other privacy laws and regs, but they would still need to explain why the breach occurred and what they have fixed to prevent a recurrence. The PIMS should at least structure the response to the breach, including corrective actions addressing the root causes, hence there should be something substantial behind the usual vacuous PR statements about 'taking this matter very seriously'. |
| Envoyé | Oui |
| Condensat | however 27006 27701 able about accepted accreditation accredited actions addressing adopted against already also appropriate are assure auditing authorities become behind being bodies breach breaches business but care causes certificate certificates certification certified cloud compliance compliant corrective courts credible currently data defence demonstrating despite draft due eliminate event explain fact fixed formally gdpr generally good have having heard hence including information initiative isms iso/iec issuing its july laws least legal less likely management marketing materially matter may means much nblog need new not occurred occurs organisation organisations other over part partners personal pimms pims potentially practices prevent privacy prosecution protection quite recurrence reduce regs response risk root same security seriously service services should similar some something standard statements structure subjects substantial suffering suppliers system systems taking thanks under usual vacuous very way what who why will within would year |
| Tags | |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.