7 Additional ISO/IEC 27002 guidance for PII controllers 附加到ISO/IEC 27002的个人身份信息(PII)控制者的指南/7.4 Privacy by design and privacy by default 隐私设计和隐私默认保护/7.4.2 Limit processing 限制处理
7.4.2 Limit processing 限制处理Control 控制The organization should limit the processing of PII to that which is adequate, relevant and necessary for the identified purposes.组织应将个人身份信息(PII)的处理限制在适当的,适宜的以及表明的目的所必要的程度。Implementation guidance 实施指南Limiting the processing of PII should be managed through information security and privacy policies (see 6.2) along with documented procedures for their adoption and compliance.宜通过信息安全和隐私策略(见6.2)以及所采用和遵循的文件化的规程对限制个人身份信息(PII)的处理进行管理。Processing of PII, including:个人身份信息(PII)的处理,包括:— the disclosure;— 披露;— the period of PII storage; and— 个人身份信息(PII)存储的时间;— who is able to access their PII;— 能访问其个人身份信息(PII)的人;should be limited by default to the minimum necessary relative to the identified purposes.在默认情况下,并相对于表明的目的,宜被限制在最低限度的需求。
还没有评论,来说两句吧...