ISO IEC TS 27570:2021 pdf download – Privacy protection — Privacy guidelines for smart cities.
3.14 personally identifiable information PII any information that a) can be used to identify the PII principal (3.16) to whom such information relates, or b) is or might be directly or indirectly linked to a PII principal Note 1 to entry: To determine whether a PII principal is identifiable, account should be taken of all the means which can reasonably be used by the privacy stakeholder holding the data, or by any other party, to identify that natural person. [SOURCE: ISO/IEC 29100:2011, 2.9] 3.15 personally identifiable information controller PII controller privacy stakeholder (or privacy stakeholders) that determines the purposes and means for processing personally identifiable information (3.14) other than natural persons who use data for personal purposes Note 1 to entry: A PII controller sometimes instructs others [e.g. PII processors ( 3.17 )] to process PII on its behalf while the responsibility for the processing remains with the PII controller. [SOURCE: ISO/IEC 29100:2011, 2.10] 3.16 personally identifiable information principal PII principal natural person to whom the personally identifiable information (3.14) relates Note 1 to entry: Depending on the jurisdiction and the particular PII protection and privacy legislation, the synonym “data subject ” can also be used instead of the term “PII principal”. [SOURCE: ISO/IEC 29100:2011, 2.11] 3.17 personally identifiable information processor PII processor privacy stakeholder that processes personally identifiable information (3.14) on behalf of and in accordance with the instructions of a PII controller (3.15) [SOURCE: ISO/IEC 29100:2011, 2.12] 3.18 policy intentions and direction of an organization (3.13) as formally expressed by its top management [SOURCE: ISO/IEC 20547-3:2020, 3.11] 3.19 privacy breach situation where personally identifiable information (3.14) is processed in violation of one or more relevant privacy safeguarding requirements [SOURCE: ISO/IEC 29100:2011, 2.13] 3.21 privacy-by-design approach in which privacy is considered at the initial design stage and throughout the complete lifecycle of products, processes or services that involve processing personally identifiable information (3.14)
3.22 privacy data sharing agreement clauses for privacy protection in a data sharing agreement Note 1 to entry: a privacy data sharing agreement can involve data transfer, data processing, and sharing of PII between joint PII controllers ( 3.15) (ISO/IEC 27701:2019 7.2.7) 3.20 privacy principles set of shared values governing the privacy protection of personally identifiable information (3.14) when processed in information and communication technology systems [SOURCE: ISO/IEC 29100:2011, 2.18] 3.23 privacy risk effect of uncertainty on privacy Note 1 to entry: Risk is defined as the “effect of uncertainty on objectives ” in ISO Guide 73 and ISO 31000. Note 2 to entry: Uncertainty is the state, even partial, of deficiency of information related to, understanding or knowledge of, an event, its consequence, or likelihood. [SOURCE: ISO/IEC 29100:2011, 2.19] 3.24 privacy rule statement specifying what is allowed or not concerning privacy 3.25 process set of interrelated or interacting activities which transforms inputs into outputs [SOURCE: ISO/IEC 27000:2018, 3.54] 3.26 processing of PII operation or set of operations performed upon personally identifiable information (3.14) Note 1 to entry: Examples of processing operations of PII include, but are not limited to, the collection, storage, alteration, retrieval, consultation, disclosure, anonymization, pseudonymization, dissemination or otherwise making available, deletion or destruction of PII. [SOURCE: ISO/IEC 29100:2011, 2.23]