We use cookies to give you the best experience and to help improve our website

Find out what cookies we use and how to disable them

ISO/IEC PWI TS 7709 Information technology -- Big data security and privacy -- Security and privacy-preserving guidelines for multi-sourced data processing

Scope

This document provides security and privacy preserving guidelines for multi-sourced data processing, including a model for multi-sourced data processing, identifying the stakeholders, and identifying the security and privacy risks related to multi-sourced data processing, and a framework to mitigate the identified security and privacy risks with guidance on applying security and privacy controls.

Purpose

Compared to single-source data, processing multi-sourced data from different providers offer the ability to conduct correlated analysis on a richer data set, and more information can be extracted to guide decision-making in business operations, leading to better customer services. The variety of data from multiple sources may make the data processing more productive. ISO IEC TR 231862018 “Information technology – Cloud computing - Framework of trust for processing of multi-sourced data” describes scenarios of using multi-sourced data to reduce traffic deaths and injuries, for home automation, for automotive operations.

Meanwhile, there are security and privacy risks (such as data leakage, re-identification, data misuse, etc.) need to be mitigated during the data processing.

There have been series of standards about big data architecture, trust for multi-sourced data processing, security and privacy, etc. Some of them provide requirement statement, some of them provide high level framework, while how to guide the implementation and what kind of mechanisms are applicable on security and privacy regarding the specific scenario, that is multi-sourced data processing, is absent.

The stakeholders of multi-sourced data processing need standards as guidance and implement relevant technical solutions such as prevention of re-identification from multi-sourced data, authorization consistency checking and confirmation of multi-sourced data, etc. to ensure the data processing security and privacy-preserving. And the clear technical terms in the standard could reassure the stakeholders (data providers, service providers, end users, etc.) when sharing data. This proposal is intended to provide guidelines on how to mitigate the security and privacy risks in multi-sourced data processing scenarios and help to reassure the stakeholders in technical ways.

Comment on proposal

Required form fields are indicated by an asterisk (*) character.


Please email further comments to: debbie.stead@bsigroup.com

Follow standard

You are now following this standard. Weekly digest emails will be sent to update you on the following activities:

You can manage your follow preferences from your Account. Please check your mailbox junk folder if you don't receive the weekly email.

Unfollow standard

You have successfully unsubscribed from weekly updates for this standard.

Error