The Institute of Electrical and Electronics Engineers (IEEE) and the IEEE Standards Association (IEEE-SA) have announced the approval of a new standards development project to address the growing concern of data privacy.
IEEE P7002, titled “Data Privacy Process,” aims to provide “one overall methodological approach that specifies practices to manage privacy issues within the systems/software engineering life cycle processes.”
IEEE P7002
The new standard will provide users with specific procedures they can check to ensure that their privacy practices match up with best practices, and includes tools such as diagrams and checklists. IEEE P7002 takes a holistic approach to data privacy, as “[i]t extends across the life cycle from policy through development, quality assurance, and value realization.”
The need for a strict standard to address data privacy has been brought into sharp focus by the Internet of Things (IoT), where big data is the name of the game and privacy issues are a major concern. "With the continuing surge of big data growth, there is also a growing concern around how personal information is collected, managed and shared,” said Konstantinos Karachalios, managing director for IEEE-SA.
One big reason that IoT products and services pose privacy risks is due to the diverse range of companies that are getting on board the IoT train. As IEEE P7002 Chair Michelle Dennedy explained, “Data governance is well understood within the data privacy community, but enterprises that provide products and services, and collect, control and own personal data may be less informed on privacy and security issues.”
The new IEEE standard strives to offer a solution to companies that want to protect data privacy, but which may lack the security expertise. “Individuals and associations are under increasing pressure to manage and protect large volumes of data,” said Angela Burgess, executive director of IEEE Computer Society (IEEE CS).
“With the approval of the standards development project IEEE P7002, sponsored by IEEE CS, the new framework of requirements will help ensure trust and stronger data protection of end users when personal data is transferred among industries and environments,” said Burgess.