《ISO IEC TS 27570-2021.docx》由会员分享,可在线阅读,更多相关《ISO IEC TS 27570-2021.docx(22页珍藏版)》请在课桌文档上搜索。
1、TECHNICA1.SPECIFICATIONISO/IECTS27570editionFirst2021-01Privacyprotection-Privacyguide1.inesforsmartcitiesISO/IEC7喇唳耐曲COPYRIGHTPROTECTEDDOCUMENTIS0/1EC2021M11chefivdi1.itedotherwise*ri快ChBxXniEX1.msitRiDhmw;ItmiihrCoPwnR.pnttjuiionpostingontheinternetoranInunnu1.withoutpriorwrittenpermission.Permiss
2、ioncanberequestedfromeitherISOatt1.addressbe1.oworISO*smemberhodyinthecountryofthMMaM*WI131313136.26.1.3WorkproductGovernance6.2.1RecommendationR6.2.14146.36.2.3WorkproductSupp1.ychain6.3.1RecommendationR63.15156.3.2Exp1.anations156.4WorkproductDatamanagement641RQcommondatkmR6.4,177BGuidanceonstanda
3、rdsforsmartcitvecosystemsDrivacvDrotection187.1Genera).187.2PrivacvPovernance198GuidanceonnrocessesforsmartcitvecosvstenDriVaCVnrotection208.1Genera1.208.2sncePrOCeSSft.2.1rKernmmp1dation.non.*.2121ExpftuvrrR,Z8.2.3 Guidanceonecosystemcoordination8.2.4 Guidancefororganizations21JA228.38.2.5Wiifi砒Pxi
4、RhRthntnhQdSDatamanagementprocess23228.3.1RecommendationR83八8.3.2Exp1.anations2?Guidanceecosystemcoordination8.3.4Guidancefororganizations238.3.5Standardsandmethods.24th1Tr8.4Hh4c1.narecfipn1.ie!R8.48.4.2Exp1.anations248.4.3Guidanceforecosystemcoordination隹:U传(JsEd豳b除ions8.4.6Workproduct8.5Engineeri
5、ngprocess268.5.2Rpbnn1.111.otionR8.5.8.5.3Guidanceforecosystemcoordination278.5.4GuidanceFororganizations708.5.6Wa(TH甲TtH1.mtImethOds.8.6Citizenenaeementprocess.298.6.1RecommendationR8.6.29.4.56.6.%8.&8.EXPIIanatiQnS,.1*.,(,“,GuidanceJorecosystemcoordinationGUidanCefororon23tions30Wc*kproductAnnexA(
6、informative)Examp1.eofecosystemprivacyp1.anstructureAnnexB(informative)UsingvideocamerasinsmartcitiesBib1.iography.ForewordISO(theInternationa1.OrganizationforStandardization)andIEC(theInternationa1.E1.ectrotechnica1.tnmmiS0h0fifiqiiB1.旬ratemtfteIkmd1.bpidentstaofttotdhjatiama1.NStftnfidrdsbodiesrht
7、taMmitteesestab1.ishedbytherespectiveorganizationtodea1.withparticu1.arfie1.dsoftechnica1.activity.ISOandIECmitteesco1.1.aborateinfie1.dsofmutua1.interest.Otheriatparina1.cvons,Sovernmenta*dnnon-governmenta1.,in1.iaisonwithISOandIEC,a1.soTheproceduresusedtodeve1.opthisdocumentandthoseintendedforitsf
8、urthermaintenanceare窗nf8妙CS1.g月M野用曲帆帆版IiO1.PdpMM4*e岷翻蛔ft凶祐砧即AronKifMWcdedtheeditoria1.ru1.esoftheISO/IECDirectives,Part2(seewww.iso.org/directivcs).1.istOfpatentdec1.arationsreceived(seepatents.iec.ch).Anytradenameusedinthisdocumentisinformationgivenfortheconvenienceofusersanddoesnotconstituteanendo
9、rsement.FpWftsionsex闺ntftiWrtiiErtbwMty厕IentQfaWdhdardS,Ihfoemati皿曲Ut1.SCrPadixtasmhdWoI-IdTradeOrganization(WTO)princip1.esintheTechnica1.BarrierstoTrade(TBT)1seewww.iso.org/iso/foreword.htm1.3翻碎曜MC海砂R三枷也UW/8痛就CMWC8Mft唉/0/1Ed眄Ma.。mMbrmaamtechno1.ogy.Anyfeedbackorquestionsonthisdomentshou1.dbedirect
10、edtotheuser/snationa1.standardsbody.Acomp1.ete1.istingofthesebodiescanbefoundatwww.iso.orgnenbers.hrQukenvenuISOCC2915184MMPrac1.B1.OfPIiPfoCoOn 1.S0f三C27550PnVaCyennoerrgSmartcitystandards ISOrtEC30145Smartr1.rncframworx PAS183dotoM1.abaahingadoc*orw11aKingH1.eWtkforsharingdaaandnformatonrvco4 ISO3
11、7156GuJene*MDMxca11geendShnngFSnWtCCmmUn”ISO/IEC27570Privicyguide1.inesformartcitiC1.oudcomputingstandards ISOrCC17789C1.oudCocnputrgRofo*or)ceArchftocturcSOC2W8.CoTstandardsISOf1.tC30141IoTRofrncoAfchnctur-ISOWC27030H*cu*1.tyandMsCygM73B七rarefwcearen*IeCare-ISOC2054741.gMA*curtyaocyITgovernancestan
12、dards ISOMrC8500Corp(X8!governance&MXmetOa1.ecnooy ISOHEC36S01GovwanceofITmpFrrteongud-ISOfFC38502GoverrancoofIT-FraMd(end:PrivacyprotectionPrivacyguide1.inesforsmartcities1 ScopeItprovidesguidanceon:-Citizensjs1.andardscanbeusedatag1.oba1.1.eve1.andatanorganizationa1.1.eve1.forthebenefitofcompanies
13、,governmen1.app1.icab1.etoandnot-for-profitorganizations,indudingservicesinsmartprivate2 Normativereferences3 Termsanddefinitionsna1.thefo1.1.owingISOandIECmaintaintermino1.ogica1.databasesforuseJns1.andard3Hcaddresses:3.1 IECE1.ectropedia:avai1.ab1.eat4ttwww.e1.eftropedisFgactivitySOURCE:ISO1ECIEEE
14、15288:2015,4.1.3agency3.3avai1.abi1.itySOURCE:ISO/IEC27000:2018,3.7citizen3.5citizenengagementThedocumenttakesamu1.tip1.eagencyaswe1.1.asacitizen-centricviewpoint. smartcityecosystemprivacyprotection;how processesforsmartcityecosystemprivacyprotection.Thisdocumentisentities,a1.1.typesandsizesofthatp
15、rovidepub1.icandcityenvironments.Therearenonormativereferencesinthisdocument.Forthepurposesofthisdocument,thefo1.1.owingtermsanddefinitionsapp1.y. ISOOn1.inebrowsingp1.atform:avai1.ab1.eathttps:/www.iso.org/obpsetofcohesivetasks(3.32)ofaprocess(3.25)3.2organization(3.13)providingaspecificservicefora
16、citypropertyofbeingaccessib1.eandusab1.eupondemandbyanauthorizedentity3.4inhabitantofacityinvo1.vementofcitizens(3.4)inthedecision-makingofpub1.icpo1.icies3.6confidentia1.itypropertythatinformationisnotmadeavai1.ab1.eordisc1.osedtounauthorizedindividua1.s,entitiesorprocesses(3.25)聆URCEISO1EC27000:20
17、18,3.10dataprotectionofficerpersonappointedbytheP1.1.contro1.1.er(3.15)toensure,inanindependentmanner,comp1.iancewiththeygacyiaw/regu1.ationrequirementsecosysteminfrastructureandservicesbasedonanetworkoforganizations(3.13)andstakeho1.dersNe1toentry:Organizationscaninc1.udepub1.icbodies.ecosystempriv
18、acyp1.an典BnCdarrangementsforensuringthatprivacyisadequate1.ymanagedinanecosystem(3.8)governancesystemofdirectingandcontro1.1.ing史yyRCE:1SOIEC38500:201S.2.8integritypropertyofaccuracyandcomp1.eteness融RCE:)SOIEC27000:2018,3.36intervenabi1.itypropertythatensuresthatP1.1.principa1.s(3.16),P1.1.contro1.1
19、.ers(3.15),P1.1.processors(3.17)andsupervisoryauthoritiescaninterveneina1.1.privacy-re1.evantdataprocessingNdey1.rftj1.awH?UnrWrinticVhiChnyfthesestakeho1.derscaninterveneindataprocessingcanbe1.imitedhy更RCE:ISO/IECTR27550:2019,3.6organizationpersonorgroupofpeop1.ethathasitsownfunctionswithresponsibi
20、1.ities,authoritiesandre1.ationshipstoachieveitsobjectivesNWWPrtbenarjrfip,orai即IiGndhaiIUufon,eriperttimitdicun1.bina1.itee.thcrvb也th1.rpurHtcdfirm,not.pub1.icorprivate.(SOURCE:ISO37100:2016.3.2.3,modifiedNote2toentryhasbeenomitted.)3.14persona1.1.yidentifiab1.einformationanyinformationthata)canbeu
21、sedtoidentifytheP1.1.principa1.(36)towhomsuchinformationre1.ates,orb)isormightbedirect1.yorindirect1.y1.inkedtoaP1.1.principa1.NMeh1.m11)Rb1.y(be1.ttsHirwhetherphvBUmtariMfirfiidEbkdaxmtbx3hptidkenparty,OttthrihderitAmeansnatura1.person.KSJRCE:ISO/iEC29100:2011,2.9persona1.1.yidentifiab1.einformatio
22、ncontro1.1.erPIIcontro1.1.erprivacystakeho1.der(orprivacystakeho1.ders)thatdeterminesthepurposesandmeansforprocessingpersona1.1.yidentifiab1.einformation(3.14)otherthannatura1.personswhousedataforpersona1.purposes(3,17)toprocessP1.1.onitsbeha1.f更钳RCE:ISO/IEC29100:2011,2.10persona1.1.yidentifiab1.ein
23、formationprincipa1.PIIprincipa1.natura1.persontowhomthepersona1.1.yidentifiab1.einformation(3.14)re1.atesme1in,dsfchipcrfiuiRimttietiBdaiifndttterri1ticu1.aPtfrincipar.protectionandprivacy1.egis1.ation,the莫什RCE:ISO/IEC29100:2011,2.11persona1.1.yidentifiab1.einformationprocessorPIIprocessorprivacysta
24、keho1.derthatprocessespersona1.1.yidentifiab1.einformation(3.14)onbeha1.fofandinaccordancewiththeinstructionsofaPHcontro1.1.er(35)jSOURCE:ISO/iEC29100:2011,2.12po1.icyintentionsanddirectionofanorganization(3.13)asforma1.1.yexpressedbyitstopmanagementiso/iec20547-3:2020,3.11privacybreachsituationwher
25、epersona1.1.yidentifiab1.einformation(3.14)isprocessedinvio1.ationofoneormorere1.evantprivacysafeguardingrequirementsOURCE:ISO/IEC29100:2011,2,13privacy-by-designapproachinwhichprivacyisconsideredattheinitia1.designstageandthroughoutthecomp1.ete1.ifecyc1.eofproducts,processesorservicesthatinvo1.vepr
26、ocessingpersona1.1.yidentifiab1.einformation(3.14)3.22privacydatasharingagreementbetweenentry:acontroersdata4S(1SOIEC27701:2019invo1.vedatatransfer,dataprocessing,andsharingofP1.1.3.20privacyprincip1.esSOURCE:ISO/IEC29100:2011,2.18)privacyriskNote1toentry:RiskIsdefinedastheeffectofuncertaintyonobjec
27、tives*mISOGuide73andISO31000.SOURCE:1SO1EC29100:2011,2.19privacyru1.e3.25process!SOURCE:ISO/IEC27000:2018,3.54JprocessingofPIIa1.teration.retrieva1.Examp1.esconsu1.taton.processingiisdosure,Openationsanonyinizahon,pseudonymtzation.disseminationco1.1.ection.otherwiseSOURCE:ISO/IEC29100:2011,2.23smart
28、city(SOURCE:BSIPS181:2014)smartcityservicegovernancebody8.3Datamanagementprocess8.3.1 RecommendationR8.3Adatamanagementprocessshou1.dbeestab1.ishedbythesmartcityservicegovernancebodytoensureprotectionofPU.8.3.2 Exp1.anationsThedatamanagementprocessfocusesonthemanagementofprivacyinthecreating,capturi
29、ng,cWef1.r11S(trAttw11Jj11inptibitting,cityaccessing,tram1b11!iha11aTHtMngactivitj6sdatBi11MitiddaSmrt1.bythegoverningbodiesofasmartcity,aswe1.1.asbytheorganizationsintheecosystemasshowedinFigure16.Aprerequisitetothisprocessisthesynchronizationwiththegovernance,riskmanagementFigure16Datamanagementpr
30、ocessstakeho1.ders8.3.3 GuidanceonecosystemcoordinationThefo1.1.owingguidanceisprovidedattheecosystem1.eve1.:poficiesn(fiatkmprocessanddemonstratethatthedatasharingpurposeiscomp1.iantwith initiatetheriskmanagementprocessasrequired; initiatetheengineeringprocessasrequired; specifytheprivacyimpactasse
31、ssmentandsharingagreementtemp1.atestouse;and estab1.ishandimp1.ementcoordinationschemesintheecosystem,concerning: theparticipationofneworganizationstoadatasharingcommunity; theextensionofdatasharingtonewapp1.ications: thecomp1.ianceofdatasharingapp1.icationswithagreedpo1.iciesaswe1.1.asregu1.ation;a
32、nd assuranceandauditofpractice.8.3.4GuidancefororganizationsThefo1.1.owingguidanceisprovidedattheorganization1.eve1.:-initiatethegovernanceprocessasrequired;ISO!EC2021-A1.1.rightsreservedinitiatetheengineeringprocessasrequired,useandcarryoutdatasharingactivitiesinaccordancewiththeecosystemcoordinati
33、onscheme.Thefo1.1.owingstandardsandmethodscanbeused:BSIPAS183isusedto一ISO37156providesaframeworkfordataexchangeandsharingtoentitieshavingauthorityto1SOIEC29184providescontro1.s,whichshapethecontentandthestructureofon1.ineprivacynoticeaswe1.1.astheprocessofaskingconsenttoco1.1.ectandprocessP1.!fromP1
34、.1.principa1.s.overa1.1.1AcityDataIsoperatesanwiththeconsentofthesmartmeterstheinorderofenergyitsunique1.y.Theco1.1.ecteddataismadeavai1.ab1.etoanumberofdataana1.yticscompaniesthroughadatasharingagreementwhichexp1.icit1.yforbidsorganizationsinthedatasharingecosystemtousethedataforanotheradatathanenergystudy,statestothisdocument.inc1.udesafterana1.ysis.Thecityagencyestab1.ishesthedatasharingecosystemreportannua1.1.yprovidinginformationsuchasPIAannua1.reportupdate,the1.is
