标准摘要
[中文适用范围]: 本文档提供了金融科技服务隐私指南。它确定了消费者与企业关系和企业与企业关系中的所有相关业务模式和角色,以及与金融科技服务相关的隐私风险和隐私要求。它为金融科技服务提供了具体的隐私控制措施以应对隐私风险。本文档基于ISO/IEC 29100、ISO/IEC 27701和ISO/IEC 29184的原则,ISO/IEC 29134中描述的隐私影响评估框架,以及ISO 31000中描述的风险管理指南。它还提供了一套针对每个利益相关者的隐私要求的指南。本文件适用于金融科技服务环境中的所有类型的组织,如监管机构、机构、服务提供商和产品提供商。 [外文原描述]: This document provides guidelines on privacy for fintech services. It identifies all relevant business models and roles in consumer-to-business relations and business-to-business relations, as well as privacy risks and privacy requirements, which are related to fintech services. It provides specific privacy controls for fintech services to address privacy risks. This document is based on the principles from ISO/IEC 29100, ISO/IEC 27701, and ISO/IEC 29184, the privacy impact assessment framework described in ISO/IEC 29134, and the risk management guideline described in ISO 31000. It also provides guidelines focusing on a set of privacy requirements for each stakeholder. This document can be applicable to all kinds of organizations such as regulators, institutions, service providers and product providers in the fintech service environment.
英文名称Information technology - Security techniques - Privacy guidelines for fintech services