7 Additional ISO/IEC 27002 guidance for PII controllers 附加到ISO/IEC 27002的个人身份信息(PII)控制者的指南/7.4 Privacy by design and privacy by default 隐私设计和隐私默认保护/7.4.1 Limit collection 限制收集
7.4.1 Limit collection 限制收集Control 控制The organization should limit the collection of PII to the minimum that is relevant, proportional and necessary for the identified purposes.组织应将个人身份信息(PII)的收集限制在适宜的,相称的以及表明的目的所必要的最低限度。Implementation guidance 实施指南The organization should limit the collection of PII to what is adequate, relevant and necessary in relation to the identified purposes. This includes limiting the amount of PII that the organization collects indirectly (e.g. through web logs, system logs, etc.).组织宜将个人身份信息(PII)的收集限制在适当的,适宜的以及表明的目的相对必要的程度。这包括组织间接收集(例如,网络日志,系统日志等)的个人身份信息(PII)的数量的限制。Privacy by default implies that, where any optionality in the collection and processing of PII exists, each option should be disabled by default and only enabled by explicit choice of the PII principal.隐私默认保护意味着,若任何的可选择性在个人身份信息(PII)的收集和处理中存在,所有选项在默认情况下宜被禁用,并只有通过个人身份信息(PII)主体的明确的选择才能启用。
还没有评论,来说两句吧...