ISO 22307-2008 金融业务.隐私影响评估

标准号：ISO 22307-2008
中文标准名称：金融业务.隐私影响评估
英文标准名称：Financial services - Privacy impact assessment
标准类型：A11
发布日期：1999/12/31 12:00:00
实施日期：1999/12/31 12:00:00
中国标准分类号：A11
国际标准分类号：03.060
适用范围：This International Standard recognizes that a privacy impact assessment (PIA) is an important financialservices and banking management tool to be used within an organization, or by “contracted” third parties, toidentify and mitigate privacy issues and risks associated with processing consumer data using automated,networked information systems. This International Standard- describes the privacy impact assessment activity in general,- defines the common and required components of a privacy impact assessment, regardless of business systems affecting financial institutions, and- provides informative guidance to educate the reader on privacy impact assessments.A privacy compliance audit differs from a privacy impact assessment in that the compliance audit determinesan institution’s current level of compliance with the law and identifies steps to avoid future non-compliancewith the law. While there are similarities between privacy impact assessments and privacy compliance auditsin that they use some of the same skills and that they are tools used to avoid breaches of privacy, the primaryconcern of a compliance audit is simply to meet the requirements of the law, whereas a privacy impactassessment is intended to investigate further in order to identify ways to safeguard privacy optimally.This International Standard recognizes that the choices of financial and banking system development and riskmanagement procedures are business decisions and, as such, the business decision makers need to be informed in order to be able to make informed decisions for their financial institutions. This InternationalStandard provides a privacy impact assessment structure (common PIA components, definitions and informative annexes) for institutions handling financial information that wish to use a privacy impactassessment as a tool to plan for, and manage, privacy issues within business systems that they consider to bevulnerable.