International community working to define new standard for consumer privacy

With data breaches occurring at the corporate level (Target, Experian) and privacy issues from social media (Facebook) causing concern, a group of American companies are working together to define international standards for privacy. The group is part of the ISO Project Committee 317 and will be represented by its Technical Advisory Group (TAG), administered by the American National Standards Institute (ANSI) in partnership with the OASIS standards and open source consortium.

The companies involved are Amazon, American Express, Apple, Axiomatics, Bank of America, BigID, Cisco, Comcast, Deloitte, DocuSign, Dropbox, Equifax, Experian, Ernst & Young, Facebook, Ford, Google, IBM, Ionic Security, JPMorgan Chase, Kaiser Permanente, KPMG, MailChimp, Mastercard, Microsoft, OneTrust, PwC, Return Path, Riot Games, State Street, Sumo Logic, Tesla, TransUnion, TrustArc, Uber, US NIST, Verizon, Walmart, and WireWheel.

In the press release announcing the formation of the committee, ANSI stated that “ISO/PC 317 will complement the efforts of the European GDPR standard aiming to aid in the prevention of data breaches while giving consumers more control over the use of their data,” said Rik Parker of KPMG, chair of the U.S. TAG to ISO/PC 317. “By being involved from the outset, the U.S. can be sure that this international standard is practical, well-conceived, and adoptable across complex organizations.”

In addition to the U.S., 11 other countries, including the U.K., China, Canada, and Korea, have a voice in establishing this global standard. The first meeting of ISO/PC 317 will be held in London, Nov 1-2, 2018.

More information on the U.S. TAG to ISO/PC 317 is available here.

Cyber Oregon partner blog post of interest