ISO/IEC DIS 15944-12

DRAFT INTERNATIONAL STANDARD
ISO/IEC DIS 15944-12
ISO/IEC JTC 1/SC 32 Secretariat: ANSI
Voting begins on: Voting terminates on:
2016-06-07 2016-08-29
Information technology — Business Operational View —
Part 12:
Privacy protection requirements on information life cycle
management (ILCM) and EDI of personal information
Technologies de l’information — Vue opérationnelle d’affaires
ICS: 35.240.60
THIS DOCUMENT IS A DRAFT CIRCULATED
FOR COMMENT AND APPROVAL. IT IS
THEREFORE SUBJECT TO CHANGE AND MAY
NOT BE REFERRED TO AS AN INTERNATIONAL
STANDARD UNTIL PUBLISHED AS SUCH.
To expedite distribution, this document is circulated as received from the
IN ADDITION TO THEIR EVALUATION AS
committee secretariat. ISO Central Secretariat work of editing and text
BEING ACCEPTABLE FOR INDUSTRIAL,
composition will be undertaken at publication stage.
TECHNOLOGICAL, COMMERCIAL AND
USER PURPOSES, DRAFT INTERNATIONAL
STANDARDS MAY ON OCCASION HAVE TO
BE CONSIDERED IN THE LIGHT OF THEIR
POTENTIAL TO BECOME STANDARDS TO
WHICH REFERENCE MAY BE MADE IN
Reference number
NATIONAL REGULATIONS.
ISO/IEC DIS 15944-12:2016(E)
RECIPIENTS OF THIS DRAFT ARE INVITED
TO SUBMIT, WITH THEIR COMMENTS,
NOTIFICATION OF ANY RELEVANT PATENT
RIGHTS OF WHICH THEY ARE AWARE AND TO
PROVIDE SUPPORTING DOCUMENTATION. ISO/IEC 2016
---------------------- Page: 1 ----------------------
ISO/IEC DIS 15944-12:2016(E)
COPYRIGHT PROTECTED DOCUMENT
© ISO/IEC 2016, Published in Switzerland

All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form

or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior

written permission. Permission can be requested from either ISO at the address below or ISO’s member body in the country of

22 Foreword ............................................................................................................................................................. x

23 Introduction .......................................................................................................................................... xii

24 0.1 Purpose and overview ................................................................................................................. xii

25 0.2 Use of ISO/IEC 14662 “Open-edi Reference Model” and Business Operational View

26 (BOV) perspective ....................................................................................................................... xiii

27 0.2.1 ISO/IEC 14662 "Open-edi Reference Model" ............................................................................ xiii

29 (“Business Operational View (BOV”)) ...................................................................................... xiv

30 0.2.3 Link to ISO/IEC 15944-5 and ISO/IEC 15944-8 .......................................................................... xvi

31 0.4 Importance and role of terms and definitions ......................................................................... xvii

32 0.5 Standard based on rules and guidelines ................................................................................ xviii

33 0.6 Use of “Person”, “organization”, “individual” and “party” in the context of business

34 transaction and commitment exchange ................................................................................. xviii

35 0.7 Use of “identifier” (in a business transaction) and roles of an individual ............................ xix

36 0.8 Use of "jurisdictional domain" in the context of privacy protection and related ILCM

37 requirements ............................................................................................................................... xix

38 0.9 Use of “privacy protection” in the context of business transaction, EDI and any type

39 of commitment exchange ........................................................................................................... xix

40 0.10 Use of “set of recorded information” (SRI) and “set of personal information” (SPI)

41 versus record, document, message, data, etc. ......................................................................... xx

42 0.11 Organization and description of this document ....................................................................... xx

43 1 Scope ...................................................................................................................................................... 1

44 1.1 Statement of scope ........................................................................................................................ 1

45 1.2 Exclusions ...................................................................................................................................... 2

46 1.2.1 Functional Services View (FSV) ................................................................................................... 2

47 1.2.2 Internal behaviour of organizations (and public administration) ............................................. 2

48 1.2.3 Overlap of and/or conflict among jurisdictional domains as sources of privacy

49 protection requirements ................................................................................................................ 2

50 Changes in jurisdictional domain of parties to a business transaction .................................. 3

51 1.2.5 Publicly available personal information (PAPI) .......................................................................... 4

52 1.3 Aspects currently not addressed ................................................................................................. 4

53 1.4 IT-systems environment neutrality .............................................................................................. 7

54 2 Normative references ............................................................................................................................ 8

55 2.1 ISO/IEC, ISO and ITU ..................................................................................................................... 8

56 2.2 Referenced specifications ............................................................................................................ 9

57 3 Terms and definitions ......................................................................................................................... 11

58 4 Symbols and abbreviations ............................................................................................................... 39

59 5 Fundamental privacy protection principles ..................................................................................... 43

60 5.1 Introduction.................................................................................................................................. 43

61 5.2 Primary sources of privacy protection principles ................................................................... 43

62 5.3 Key eleven (11) privacy protection principles .......................................................................... 44

63 5.4 Link to “consumer protection” and “individual accessibility” requirements ....................... 45

64 5.5 Privacy protection principles in the context of ILCM requirements ...................................... 46

65 5.6 Requirement for tagging (or labelling) sets of personal information (SPIs) in support

66 of privacy protection requirements ........................................................................................... 46

67 5.7 Requirements for making all personal information available where the buyer is an

68 individual ...................................................................................................................................... 46

69 5.8 Rules governing ILCM aspects of personal information profiles (PIPs) ............................... 47

70 6 Integrated set of information life cycle management (ILCM) principles in support of

71 information law and privacy protection requirements .................................................................... 49

72 6.1 Introduction – Primary purpose of Clause 6 ............................................................................ 49

73 6.2 Information life cycle management (ILCM) principles in support of privacy protection

74 requirements ................................................................................................................................ 50

75 6.2.1 Compliance with privacy protection requirements (PPR) and associated information

76 law requirements ......................................................................................................................... 50

77 6.2.2 Direct relevance, informed consent and openness ................................................................. 51

78 6.2.3 Ensuring that personal information is “under the control of” the organization

79 throughout its ILCM .................................................................................................................... 53

80 6.2.4 Limiting Use, Disclosure and Retention ................................................................................... 53

81 6.2.5 Timely, accurate, relevant .......................................................................................................... 55

82 6.2.6 Data integrity and quality ........................................................................................................... 57

83 6.2.7 Safeguards for non-authorized disclosure requirements ....................................................... 57

84 6.2.8 Back-up, retention and archiving .............................................................................................. 58

85 6.2.9 Disposition and expungement ................................................................................................... 58

86 6.2.10 Organizational archiving ............................................................................................................ 59

87 6.2.11 Historical, statistical and/or research value ............................................................................. 59

88 6.3 Requirement for tagging (or labelling) data elements in support of privacy protection

89 requirements ................................................................................................................................ 60

90 7 Rules governing ensuring accountability for and control of personal information .................... 61

91 7.1 Introduction.................................................................................................................................. 61

92 7.2 Key aspects of Open-edi requirements .................................................................................... 61

93 7.3 Key aspects of “under the control of” ...................................................................................... 61

94 7.4 “under the control of” in support of privacy protection requirements and in an ILCM

95 context .......................................................................................................................................... 62

96 7.5 Implementing “under the control of” and accountability ........................................................ 63

97 8 Rules governing the specification of ILCM aspects of personal information ............................... 69

98 8.1 Introduction .................................................................................................................................. 69

99 8.2 Rules governing establishing ILCM responsibilities for personal information .................... 70

100 8.3 Rules governing establishing specifications for retention of personal information –

101 applicable “SRI retention triggers” ............................................................................................ 73

102 8.4 Rules governing identification and specification of state changes of personal

103 information ................................................................................................................................... 77

104 8.4.1 Introduction .................................................................................................................................. 77

105 8.4.2 Specification of state changes allowed to personal information ........................................... 78

106 8.4.3 Specification of store change type ............................................................................................ 80

107 8.4.4 Rules governing specification of source of state changes ..................................................... 82

108 8.5 Rules governing disposition of personal information ............................................................. 83

109 8.6 Rules governing the establishment and maintenance of record retention and

110 disposal schedules (RRDS) for sets of personal information ................................................. 87

111 9 Data conversion, data migration, and data synchronization .......................................................... 91

112 9.1 Introduction .................................................................................................................................. 91

113 9.2 Rules governing data conversion of sets of personal information (SPI) ............................... 91

114 9.3 Rules governing requirements for data synchronization of sets of personal

115 information (SPI) .......................................................................................................................... 93

116 10 Rules governing EDI of personal information between primary ILCM Person, i.e., the

117 seller, and its “agent”, “third party” and/or “regulator” .................................................................. 97

118 10.1 Introduction .................................................................................................................................. 97

119 10.2 ILCM rules pertaining to use of an “agent” ............................................................................... 98

120 10.3 ILCM rules pertaining to use of a “third party” ......................................................................... 98

121 10.4 ILCM rules pertaining to involvement of a “regulator” ............................................................ 99

122 11 Conformance statement.................................................................................................................... 101

123 11.1 Introduction ................................................................................................................................ 101

124 11.2 Conformance to the ISO/IEC 14662 Open-edi Reference Model and the multipart

125 ISO/IEC 15944 eBusiness standard ......................................................................................... 101

126 11.3 Conformance to ISO/IEC 15944-12 ........................................................................................... 101

127 11.4 Conformance by agents and third parties to ISO/IEC 15944-12 ............................................ 101

128 Annex A (normative) Consolidated list of terms and definitions with cultural adaptability: ISO

129 English and ISO French language equivalency ............................................................................. 103

130 A.1 Introduction ................................................................................................................................ 103

131 A.2 ISO English and ISO French ..................................................................................................... 103

132 A.3 Cultural adaptability and quality control ................................................................................. 103

133 A.4 Organization of Annex A – Consolidated list in matrix form ................................................. 104

134 A.5 List of added Part 12 terms and definitions with cultural adaptability: ISO English and

135 ISO French ................................................................................................................................. 105

136 B.1 Introduction................................................................................................................................ 119

137 B.2 Organization of Annex B: Consolidated list in matrix form .................................................. 119

138 B.3 Consolidated list of rules in ISO/IEC 15944-1 pertaining to external constraints

139 relevant to supporting privacy protection requirements ...................................................... 120

140 B.4 Consolidated list of rules in ISO/IEC 15944-2 pertaining to external constraints of

141 relevance to supporting privacy protection requirements ................................................... 123

142 B.5 Consolidated list of rules in ISO/IEC 15944-5 pertaining to external constraints of

143 relevance to supporting privacy protection requirements ................................................... 123

144 B.6 Consolidated list of rules in ISO/IEC 15944-7 pertaining to external constraints of

145 relevance to supporting privacy protection requirements ................................................... 128

146 B.7 Consolidated list of rules in ISO/IEC 15944-8 pertaining to external constraints of

147 relevance to supporting privacy protection requirements ................................................... 133

148 Annex C (normative) Business Transaction Model (BTM): classes of constraints ............................... 145

149 Annex D (informative) Linking ILCM to process phases of a business transaction ............................. 151

150 D.1 Introduction................................................................................................................................ 151

151 D.2 Rules governing linkages of ILCM process to process component of the Business

152 Transaction Model (BTM) ......................................................................................................... 151

153 Figurative overview of linking the five phases of the process component of the

154 Business Transaction Model (BTM) to ILCM requirements .................................................. 152

155 Annex E (informative) Generic approach to ILCM decisions in a privacy protection requirements

156 context – ILCM compliance decision tree ...................................................................................... 155

157 E.1 Introduction................................................................................................................................ 155

158 E.2 Generic approach to ILCM decisions in a privacy protection requirements context ........ 155

159 E.2.1 Link to applicable records and retention and disposal of personal information and

160 “transitory records” .................................................................................................................. 155

161 E.2.2 ILCM link to “post actualization” requirements ..................................................................... 156

162 Annex F (informative) Generic approach to identification of properties and behaviours of

163 personal information as SRI transitory records and their disposition/expungement ............... 159

164 F.1 Introduction................................................................................................................................ 159

165 F.2 Definition of the concept of “SRI transitory record” ............................................................. 159

166 F.3 Information on examples of “SRI transitory records” ........................................................... 160

167 Annex G (informative) Outsourcing information life cycle management (ILCM) and EDI of

168 personal information: From Value-Added Networks (VANs) to cloud computing ..................... 161

169 G.1 Purpose ...................................................................................................................................... 161

170 G.2 Background................................................................................................................................ 161

171 G.3 Summary of cloud computing in ICT ...................................................................................... 162

172 G.4 Summary of cloud computing and roles of an “agent” or a “third party” and a “seller”

173 in executing business transactions ........................................................................................ 163

174 G.5 Information life cycle management (ILCM) aspects on personal information and cloud

175 computing ................................................................................................................................... 166

176 G.7 Conclusions - Cloud computing services and protection of personal information ........... 168

177 Bibliography .................................................................................................................................................... 169

178 Abstracts ......................................................................................................................................................... 171

180 Figures .......................................................................................................................................................... Page

181 Figure 1 — Open-edi environment – Open-edi Reference Model ............................................................ xiii

182 Figure 2 — Integrated view - Business operational requirements: External constraints focusIng on

183 electronic business transactions, whether undertaken on a for profit or not-for-profit basis, the

184 key element is commitment exchange among Persons made through their Decision Making

185 Applications (DMAs) of their Information Technology Systems (IT Systems) acting on behalf of

186 "Persons". "Persons" are the only entities able to make commitments. ........................................... xv

187 Figure 3 — Primary sources for privacy protection principles ................................................................ 44

188 Figure 4 — Illustration of the role of a privacy protection officer based on Part 8 in an ILCM and

189 Open-edi context ...................................................................................................................................... 64

190 Figure 5 — Illustration of role, responsibilities, and relationship of a personal information controller

191 (PIC) in an organization in Open-edi context ......................................................................................... 65

193 Figure C.1 — Business Transaction Model — Fundamental elements (Graphic illustration) ............... 145

194 Figure C.2 — UML-based Representation of Figure C.1 — Business Transaction Model ..................... 146

195 Figure C.3 — Business Transaction Model: Classes of constraints ........................................................ 149

197 Figure D.1 ─ Overview - linking the five phases of the process component of the Business

198 Transaction Model (BTM) to ILCM requirements for personal information ...................................... 153

200 Figure E. 1 ─ Decision Tree Diagram for the identification and disposition of a SPI from an ILCM

201 requirements perspective (including it being declared a transitory record”) .................................. 156

203 Figure G.1 — Illustration of buyer-seller interaction with the seller using an agent as a cloud

204 computing provider (CCP) ..................................................................................................................... 165

205 Figure G.2 — Illustration of buyer and seller with both using the same third party as a cloud

206 computing provider CCP) (including a regulator as mandatory third party .................................... 166

208 Tables .......................................................................................................................................................... Page

209 Table 1 — ISO/IEC 15944-12:01 Codes representing specification of records retention responsibility

210 for personal information ........................................................................................................... 71

211 Table 2 — ISO/IEC 15944-12:02 Codes representing SRI retention triggers for retention of personal

212 information ................................................................................................................................. 73

213 Table 3 — ISO/IEC 15944-12:03 Codes representing the specification of types of record retention

214 period .......................................................................................................................................... 75

215 Table 4 — ISO/IEC 15944-12:04 Codes for specifying whether state changes allowed for the content

216 values of SRIs containing personal information .................................................................... 79

217 Table 5 — ISO/IEC 15944-12:05 Codes representing store change type for SPIs (and SRIs)............. 81

218 Table 6 — ISO/IEC 15944-12:06 Codes representing source of state change type ID code for SRIs 82

219 Table 7 — ISO/IEC 15944-12:07 Codes representing disposition types as actions of personal

220 information (as SPIs) ................................................................................................................ 86

222 Table A.1 — Columns in Table A.2 ........................................................................................................... 104

223 Table A.2 — List of added Part 12 terms and definitions with cultural adaptability of: ISO English

224 and ISO French language equivalency .............................................................................. 105

225 Table G.1 — Some linkages amoung cloud computing concepts and their definitions and those

226 existing in Open-edi and eBusiness standards ................................................................ 105

231 1. This DIS ballot document is an update of the draft DIS document, (e.g., sneak peek”), prepared for review

232 and comment by SC32/WG1 participating experts and P-members at the Beijing November, 2015 interim

233 meeting. As a result, a SC32/WG1 N8046 document was prepared. The SC32/WG1 N8029 “Notes on

234 progression of ISO/IEC 15944-12” (prepared by the Project Editors) was also accepted.

236 ISO (the International Organization for Standardization) and IEC (the International Electrotechnical

237 Commission) form the specialized system for worldwide standardization. National bodies that are members of

238 ISO or IEC participate in the development of International Standards through technical committees

239 established by the respective organization to deal with particular fields of technical activity. ISO and IEC

240 technical committees collaborate in fields of mutual interest. Other international organizations, governmental

241 and non-governmental, in liaison with ISO and IEC, also take part in the work. In the field of information

242 technology, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1.

243 The procedures used to develop this document and those intended for its further maintenance are described

244 in the ISO/IEC Directives, Part 1. In particular the different approval criteria needed for the different types of

245 document should be noted. This document was drafted in accordance with the editorial rules of the ISO/IEC

248 Attention is drawn to the possibility that some of the elements of this document may be the subject of patent

249 rights. ISO and IEC shall not be held responsible for identifying any or all such patent rights. Details of any

250 patent rights identified during the development of the document will be in the Introduction and/or on the ISO

253 Any trade name used in this document is information given for the convenience of users and does not