Join IEEE Digital Privacy
IEEE Digital Privacy

Standards

Below is a sample of standards and standards activities that might be of interest to the privacy community.

 

IEEE P802E
Recommended Practice for Privacy Considerations for IEEE 802 Technologies
This recommended practice specifies a privacy threat model for IEEE 802 technologies. It provides recommendations on how to protect against privacy threats and promotes a consistent approach to threat mitigation by IEEE 802 protocol developers.

 

IEEE P1912
Standard for Privacy and Security Framework for Consumer Wireless Devices
This standard defines a privacy scale that shall be applied to data that is defined as personal identifiable information that is being collected, retained, processed or shared by or among applications implemented on networked edge, fog, or cloud computing devices. This privacy scale data provides input to assessment tools that developers or users of these applications use to develop, discover, recognize, or implement appropriate privacy settings for types or levels of personal data resident on these devices.

 

IEEE 2410-2021
Standard for Biometric Privacy
The Standard for Biometric Privacy (SBP) provides private identity assertion. SBP supersedes the prior IEEE Std 2410(TM)-2019 by including a formal specification for privacy and biometrics such that a conforming SBP system does not incur GDPR, CCPA, BIPA or HIPAA privacy obligations. Homomorphic encryption ensures the biometric payload is always one-way encrypted with no need for key management and provides full privacy by ensuring plaintext biometrics are never received by the SBP server. The SBP implementation includes software running on a client device and on the SPB server. Pluggable components are used to replace legacy functionality to allow rapid integration into existing operating environments. The SBP implementation allows the systems to meet security needs by using the application programming interface, whether the underlying system is a relational database management system or a search engine. The SBP implementation functionality offers a “point-and-cut” mechanism to add the appropriate security to the production systems as well as to the systems in development. The architecture is language neutral, allowing Representational State Transfer (REST), JavaScript Object Notation (JSON), and Transport Layer Security (TLS) to provide the communication interface. This document describes the essential methodology to SBP.

 

IEEE P2876
Recommended Practice for Inclusion, Dignity and Privacy in Online Gaming
This standard defines a set of recommended practices for inclusion, dignity and privacy in online gaming. It includes a descriptive taxonomy to ensure clear and concise communication between stakeholders, and a set of best practices designed to help game developers build more inclusive online communities. A reference model defining common concerns, challenges and remediation methods across all online games is also included.

 

IEEE P2895
Standard Taxonomy for Responsible Trading of Human-Generated Data
The standard defines a taxonomy, which shall be used to describe the rules and categories of data rights in data contracts that govern the capture, use, sharing and trade of data. This includes the permitted use, restricted use, exceptions, duration of use and/or storage and geography of use and/or storage of human-generated data. The standard is intended to describe the parameters of trade of data, regardless of the type/industry, or the file type. These parameters include permitted use, restricted use, exceptions, jurisdiction of processing, duration of the processing, individual vs aggregate data.

 

IEEE P2933
Standard for Clinical Internet of Things (IoT) Data and Device Interoperability with TIPPSS - Trust, Identity, Privacy, Protection, Safety, Security
This standard establishes the framework with TIPPSS principles (Trust, Identity, Privacy, Protection, Safety, Security) for Clinical Internet of Things (IoT) data and device validation and interoperability. This includes wearable clinical IoT and interoperability with healthcare systems including Electronic Health Records (EHR), Electronic Medical Records (EMR), other clinical IoT devices, in hospital devices, and future devices and connected healthcare systems.

 

IEEE P3156
Standard for Requirements of Privacy-preserving Computation Integrated Platforms
This standard provides architecture and requirements of privacy-preserving computation integrated platforms, that includes: - Overview of privacy-preserving computation integrated platforms - The reference architecture of privacy-preserving computation integrated platforms - Functional requirements of privacy-preserving computation integrated platforms - Performance requirements of privacy-preserving computation integrated platforms - Security requirements of privacy-preserving computation integrated platforms.

 

IEEE 7002™-2022
IEEE Standard for Data Privacy Process
This standard specifies how to manage privacy issues for systems or software that collect personal data. It will do so by defining requirements that cover corporate data collection policies and quality assurance. It also includes a use case and data model for organizations developing applications involving personal information. The standard will help designers by providing ways to identify and measure privacy controls in their systems utilizing privacy impact assessments.

 

IEEE 7005™-2021
IEEE Standard for Transparent Employer Data Governance
IEEE Standard on Employer Data Governance provides guidelines and certifications on storing, protecting, and using employee data in an ethical and transparent way. The standard recommends tools and services that help employees make informed decisions with their personal information. The standard provides clarity and recommendations both for how employees can share their information in a safe and trusted environment as well as how employers can align with employees in this process while still utilizing information needed for regular work flows.

 

IEEE P7012™
Standard for Machine Readable Personal Privacy Terms
IEEE Standards Project for Machine Readable Personal Privacy Terms. The purpose of the standard is to provide individuals with means to proffer their own terms respecting personal privacy, in ways that can be read, acknowledged, and agreed to by machines operated by others in the networked world. In a more formal sense, the purpose of the standard is to enable individuals to operate as first parties in agreements with others—mostly companies—operating as second parties. Note that the purpose of this standard is not to address privacy policies, since these are one-sided and need no agreement. (Terms require agreement; privacy policies do not.)

 

ISO/IEC 20889:2018
Privacy enhancing data de-identification terminology and classification of techniques
This document provides a description of privacy-enhancing data de-identification techniques, to be used to describe and design de-identification measures in accordance with the privacy principles in ISO/IEC 29100.
In particular, this document specifies terminology, a classification of de-identification techniques according to their characteristics, and their applicability for reducing the risk of re-identification.
This document is applicable to all types and sizes of organizations, including public and private companies, government entities, and not-for-profit organizations, that are PII controllers or PII processors acting on a controller's behalf, implementing data de-identification processes for privacy enhancing purposes.

 

ISO/IEC 27701:2019
Security techniques – Extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy information management – Requirements and guidelines
This document specifies requirements and provides guidance for establishing, implementing, maintaining and continually improving a Privacy Information Management System (PIMS) in the form of an extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy management within the context of the organization.
This document specifies PIMS-related requirements and provides guidance for PII controllers and PII processors holding responsibility and accountability for PII processing.
This document is applicable to all types and sizes of organizations, including public and private companies, government entities and not-for-profit organizations, which are PII controllers and/or PII processors processing PII within an ISMS.

 

ISO/IEC 29100:2011
Information technology – Security techniques – Privacy framework
ISO/IEC 29100:2011 provides a privacy framework which

  • specifies a common privacy terminology;
  • defines the actors and their roles in processing personally identifiable information (PII);
  • describes privacy safeguarding considerations; and
  • provides references to known privacy principles for information technology.

ISO/IEC 29100:2011 is applicable to natural persons and organizations involved in specifying, procuring, architecting, designing, developing, testing, maintaining, administering, and operating information and communication technology systems or services where privacy controls are required for the processing of PII.

 

ISO/IEC 29184:2020
Information technology – Online privacy notices and consent
This document specifies controls which shape the content and the structure of online privacy notices as well as the process of asking for consent to collect and process personally identifiable information (PII) from PII principals.
This document is applicable in any online context where a PII controller or any other entity processing PII informs PII principals of processing.

 

ISO/DIS 31700
Consumer protection – Privacy by design for consumer goods and services
This document establishes high-level requirements for privacy by design to protect privacy throughout the lifecycle of a consumer product, including domestic data processing by the consumer.