An integrative approach to managing data privacy

Authored by Douglas Stewart, Senior Director, Solutions Consulting at OpenText A few months ago, while doing some data privacy research, I was excited to learn…

OpenText Content Cloud Team profile picture

OpenText Content Cloud Team

August 31, 20214 minutes read

Authored by Douglas Stewart, Senior Director, Solutions Consulting at OpenText

A few months ago, while doing some data privacy research, I was excited to learn about the recently issued ISO 27701 standard for privacy information management. This is an extension to ISO 27001—the gold standard for information security. And, for me, the latest news brought back memories from mid-2008, when I became well acquainted with the information security standard. 

At the time, I was the director of technology for a fast-growing eDiscovery software and service provider—and I’d been given the task of obtaining ISO 27001 certification for the business. While that standard was new to me, I had a solid foundation in information security, an IT team that was well versed in security best practices, and experience with continual improvement systems going back to the days of TQM, or total quality management.

I figured that getting certified would improve our information security practices, demonstrate to customers our commitment to information security, and better equip our IT team to protect our information. But I had no idea how transformative the ISO 27001 certification would be for our entire company.

Let me explain.

The benefits of ISO 27001 certification

The ISO 27001 controls, by design, ended up positively impacting all aspects of our operations—front- and back-office functions—and every employee. By the time of our initial certification audit, our entire organization was working as a coordinated team to ensure the security of the information assets entrusted to us.

Policy, process and personnel development accounted for most of the certification effort, but we also made technology investments driven largely by policy and process requirements. This provided a good lesson in the power of the intentional application of the people-process-technology triad.

The ISO 27701 extension

The organizational transformation that I witnessed as a result of the ISO 27001 certification is what makes me excited about the new ISO 27701 extension. In a nutshell, ISO 27701 provides a framework for handling personal information within an organization. It does this by extending the Information Security Management System (ISMS) required under ISO 27001 through the development of a Privacy Information Management System (PIMS). The PIMS layers data privacy specific controls and requirements on top of the information security framework mandated by ISO 27001. In other words, it leverages your existing information security policies and procedures framework. 

Considering the large overlap between information security and data privacy, the ISO 27701 extension of ISO 27001 seems like a smart approach to data privacy management and compliance. The new standard also supports the idea that organizations should not go it alone or resort to ad hoc methods when crafting their data privacy policies and procedures.

Look to the experts—and existing regulations and law

There is a lot of great guidance on data privacy out there, and a lot of it is free. Regulations and laws like Europe’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) did not grow out of thin air. Rather, they are based on existing best practices, standards and controls. Consequently, the more you can align your organization’s policies with these public standards and best practices, the better positioned you will be when new data privacy laws, regulations and rules are enacted.

I have long held that the most effective way to manage data privacy risks is to build on the experience of those who have gone before. So make use of the best and better practices endorsed by groups like the International Association of Privacy Professionals, the National Institute of Standards and Technology, ARMA International and the Association for Intelligent Information Management. Read up on the relevant ISO standards like ISO 27001 and ISO 27701. Find experts who have the experience you don’t yet have. And apply the most appropriate technology to address your data privacy challenges.

Learn how OpenText™ Intelligent Viewing can help you address your data privacy challenges. OpenText Intelligent Viewing is a cloud-first universal file viewing solution that offers secure viewing, collaboration, and redaction. Intelligent Viewing provides in-house and remote employees with consistent, reliable access to content while ensuring that it never leaves the repository.

Share this post

Share this post to x. Share to linkedin. Mail to
OpenText Content Cloud Team avatar image

OpenText Content Cloud Team

The OpenText Content Cloud offers a broad and deep suite of content management products, providing end-to-end solutions that help organizations maximize the value and minimize the risk of their information. OpenText Content Services platforms and applications support diverse business and industry needs through extensive integration capabilities, full lifecycle management and intelligent automation.

See all posts

More from the author

Loxam boosts customer service and environmental sustainability with faster document workflows

Loxam boosts customer service and environmental sustainability with faster document workflows

As the leading equipment rental provider in Europe, Loxam offers construction firms everything from powered access systems to earthmoving machinery. We own a fleet of…

March 6, 2024 4 minutes read
What’s new in OpenText Extended ECM

What’s new in OpenText Extended ECM

OpenText™ Extended ECM (formerly OpenText Extended ECM Platform and OpenText Content Suite Platform) integrates business content with leading ERP, CRM, HCM applications, seamlessly connecting people…

February 15, 2024 19 minutes read
What’s new in OpenText Core Capture

What’s new in OpenText Core Capture

OpenText™ offers several SaaS information capture applications that leverage continuous machine learning to enable intelligent document processing and accelerate information routing to the right users…

February 12, 2024 5 minutes read

Stay in the loop!

Get our most popular content delivered monthly to your inbox.