Title :
Protecting personal data: can IT security management standards help?
Author_Institution :
Coll. of Comput., Georgia Inst. of Technol., Atlanta, GA, USA
Abstract :
Compelled to improve information security by the introduction of personal data protection legislation, organizations worldwide are adopting standardized security management guidelines to inform their internal processes. We analyze whether existing security management standards support process requirements for personal data management, drawing from experience with security policies in private organizations and through an analysis of current European and US legislation. Various aspects of personal data management not commonly addressed by security standards are identified, and a number of generally applicable enhancements are proposed to one common standard, IS17799. The appropriateness of including data protection guidelines in security standards is discussed, showing how these enhancements could simplify the definition of personal data management procedures in organizations.
Keywords :
DP management; data privacy; legislation; organisational aspects; standards; IS17799 standard; data privacy; health insurance portability and accountability act; information security management; legislation; multilateral security; personal data management; personal data protection; security management guidelines; security management standards; security policies; Data security; Educational institutions; Guidelines; Information security; Insurance; Legislation; National security; Protection; Standards organizations; Technology management;
Conference_Titel :
Computer Security Applications Conference, 2003. Proceedings. 19th Annual
Print_ISBN :
0-7695-2041-3
DOI :
10.1109/CSAC.2003.1254331
