标准摘要
[中文适用范围]: 本国际标准承认隐私影响评估 (PIA) 是一种重要的金融服务和银行管理工具,可在组织内部或由“签约”第三方使用,以识别和缓解使用自动化、网络化信息系统处理消费者数据时所涉及的隐私问题和风险。本国际标准 - 描述隐私影响评估活动的一般情况, - 定义隐私影响评估的通用和必需组成部分,无论影响金融机构的业务系统如何,以及 - 提供信息指导,让读者了解隐私影响评估。隐私合规审计与隐私影响评估的不同之处在于,合规审计确定机构当前的法律合规水平,并确定避免未来不遵守法律的步骤。虽然隐私影响评估和隐私合规审计之间存在相似之处,因为它们使用一些相同的技能,并且它们都是用于避免侵犯隐私的工具,但合规审计的主要关注点只是满足法律的要求,而隐私影响评估旨在进一步调查以确定最佳保护隐私的方法。本国际标准承认,金融和银行系统开发和风险管理程序的选择属于商业决策,因此,需要告知业务决策者,以便他们能够为其金融机构做出明智的决策。本国际标准为处理金融信息的机构提供了隐私影响评估结构(通用 PIA 组件、定义和信息性附件),这些机构希望使用隐私影响评估作为规划和管理他们认为易受攻击的业务系统中的隐私问题的工具。 [外文原描述]: ISO 22307:2008 recognizes that a privacy impact assessment (PIA) is an important financial services and banking management tool to be used within an organization, or by “contracted” third parties, to identify and mitigate privacy issues and risks associated with processing consumer data using automated, networked information systems. ISO 22307:2008 describes the privacy impact assessment activity in general, defines the common and required components of a privacy impact assessment, regardless of business systems affecting financial institutions, and provides informative guidance to educate the reader on privacy impact assessments. A privacy compliance audit differs from a privacy impact assessment in that the compliance audit determines an institution's current level of compliance with the law and identifies steps to avoid future non-compliance with the law. While there are similarities between privacy impact assessments and privacy compliance audits in that they use some of the same skills and that they are tools used to avoid breaches of privacy, the primary concern of a compliance audit is simply to meet the requirements of the law, whereas a privacy impact assessment is intended to investigate further in order to identify ways to safeguard privacy optimally. ISO 22307:2008 recognizes that the choices of financial and banking system development and risk management procedures are business decisions and, as such, the business decision makers need to be informed in order to be able to make informed decisions for their financial institutions. ISO 22307:2008 provides a privacy impact assessment structure (common PIA components, definitions and informative annexes) for institutions handling financial information that wish to use a privacy impact assessment as a tool to plan for, and manage, privacy issues within business systems that they consider to be vulnerable.
英文名称Financial services — Privacy impact assessment