Home / / ISACA releases privacy guidelines

ISACA releases privacy guidelines

Guides will help enterprises to properly manage privacy of users and their data

The guidelines are intended to help enterprises to manage the complexities of privacy.
The guidelines are intended to help enterprises to manage the complexities of privacy.

Industry body ISACA has released a new set of guidelines focused on privacy and information technology.

The guidelines, published as the ISACA Privacy Principles and Program Management Guide, are intended to address the many different ways in which new technology can affect privacy, and give enterprises directions on how to manage privacy.

A wide array of business scenarios - from scanning devices at airports to police body cameras to visual-recording drones - must put privacy among the central considerations, according to the new publication.

ISACA identified seven categories of privacy every enterprise must address, including privacy of person, including:

  • Privacy of person, including the right for a person’s body to be free of unauthorized invasion

  • Privacy of behavior and action, including personal activities, orientations and preferences

  • Privacy of communication, including telephone conversations, emails and other forms of correspondence

  • Privacy of data and image, including personal information

  • Privacy of thoughts and feelings, including religious beliefs and political views

  • Privacy of location and space, including being free from intrusion

  • Privacy of association, including the ability for people to freely get together with groups of their choosing

The guide provides a set of privacy principles aligned with the most commonly used privacy standards, frameworks and good practices while filling existing gaps among them to deliver a harmonized privacy framework. Special instruction on how to use the COBIT 5 framework to implement a more robust privacy program is included.

"By establishing a robust privacy governance and management program, organisations around the world can address and successfully mitigate privacy risk throughout the entire enterprise," said Christos Dimitriadis, Ph.D. CISA, CISM, CRISC, chair of ISACA's Board of Directors and group director of Information Security for INTRALOT.