New technology, data and regulations require heightened privacy vigilance from enterprises, according to new guidance from global business technology and information security association ISACA.
Technologies like scanning devices at airports, policy body cameras and visual-recording drones need to make privacy a priority, according to the new publication, ISACA Privacy Principles and Program Management Guide. The guide provides direction to practitioners and their organizations on governing privacy programs.
Specifically, ISACA identified seven categories of privacy enterprises must address:
- Privacy of person, including the right for a person’s body to be free of unauthorized invasion
- Privacy of behavior and action, including personal activities, orientations and preferences
- Privacy of communication, including telephone conversations, emails and other forms of correspondence
- Privacy of data and image, including personal information
- Privacy of thoughts and feelings, including religious beliefs and political views
- Privacy of location and space, including being free from intrusion
- Privacy of association, including the ability for people to freely get together with groups of their choosing
Additionally, the guide provides a set of privacy principles aligned with the most commonly used privacy standards, frameworks and good practices, and special instructions on how to use the enterprise IT governance framework COBIT 5 to implement a more complete privacy program.
“By establishing a robust privacy governance and management program, organizations around the world can address and successfully mitigate privacy risk throughout the entire enterprise,” stated Christos Dimitriadis, chair of ISACA’s board of directors and group director of information security for INTRALOT.
The privacy guide, released as Data Privacy Day approaches on January 28, is available for purchase here.