标准摘要
[中文适用范围]: 本文档提供了在Open-edi建模技术和场景开发中识别附加要求的方法,用于在业务事务中识别涉及个人信息的记录信息的附加外部约束,这些约束由管辖个人信息交换的适用法律和监管要求规定。本文档整合了ISO/IEC 14662和ISO/IEC 15944-1、ISO/IEC 15944-2、ISO/IEC 15944-4和ISO/IEC 15944-5中已确定的支持隐私保护要求的现有规范性要素,这些要素适用于作为业务事务购买方的可识别活体个人的信息,或其个人信息在业务事务中被使用的情况。本文档提供了关于相关(不一定自动化)流程、程序、实践和治理要求的总体业务“最佳实践”陈述,这些要求需要在Open-edi交易环境中实施和执行机制以支持隐私/数据保护要求。本文档识别并提供了一个或多个业务事务中隐私/数据保护用例的场景和实施(用例)示例。本文档提供了关于在需要实施强制性披露规则时采用程序机制的指导。本文档不指定实施功能性服务视图所需的技术机制。本文档范围的详细排除在附件H中提供。 [外文原描述]: This document: provides method(s) for identifying, in Open-edi modelling technologies and development of scenarios, the extra requirements in Business Operational View (BOV) specifications for identifying the additional external constraints to be applied to recorded information in business transactions relating to personal information of an individual, as required by legal and regulatory requirements of applicable jurisdictional domains having governance over the personal information exchanged among parties to a business transaction; integrates existing normative elements in support of privacy protection requirements as are already identified in ISO/IEC 14662 and ISO/IEC 15944-1, ISO/IEC 15944-2, ISO/IEC 15944-4 and ISO/IEC 15944-5, which apply to information concerning identifiable living individuals as buyers in a business transaction or whose personal information is used in the business transaction; provides overarching operational "best practice" statements for associated (and not necessarily automated) processes, procedures, practices and governance requirements that need to act in support of implementing and enforcing mechanisms needed to support privacy/data protection requirements necessary for the implementation in Open-edi transaction environments; identifies and provides a sample scenario and implementation (use case) for one or more use cases of privacy/data protection in business transactions; provides guidelines on the need for procedural mechanisms in the event that mandatory disclosure rules of transactional information that needs to be implemented. This document does not specify the technical mechanisms needed to implement the Functional Services View. Detailed exclusions to the scope of this document are provided in Annex H.
英文名称Information technology - Business operational view - Part 8: Identification of privacy protection requirements as external constraints on business transactions