Information technology — Business Operational View — Part 8: Identification of privacy protection requirements as external constraints on business transactions

1 Scope

This part of ISO/IEC 15944:

provides method(s) for identifying, in Open-edi modelling technologies and development of scenarios, the additional requirements in Business Operational View (BOV) specifications for identifying the additional external constraints to be applied to recorded information in business transactions relating to personal information of an individual, as required by legal and regulatory requirements of applicable jurisdictional domains having governance over the personal information exchanged among parties to a business transaction;

integrates existing normative elements in support of privacy and data protection requirements as are already identified in the current editions of ISO/IEC 14662 and ISO/IEC 15944-1, ISO/IEC 15944-2, ISO/IEC 15944-4, and ISO/IEC 15944-5 which apply to information concerning identifiable living individuals as buyers17 in a business transaction or whose personal information is used in the transaction;

provides overarching operational ‘best practice’ statements for associated (and not necessarily automated) processes, procedures, practices and governance requirements that must act in support of implementing and enforcing technical mechanisms needed to support privacy/data protection requirements necessary for the implementation in Open-edi transaction environments;

identifies and provides a sample scenario and implementation (use case) for one or more use cases of privacy/data protection in business transactions; and,

provides guidelines on the need for procedural mechanisms in the event that mandatory disclosure rules of transactional information must be implemented.

This part of ISO/IEC 15944 is a BOV-related standard which addresses basic (or primitive) requirements of a privacy protection environment, as legal requirements represented through jurisdictional domains, on business transactions, and also integrates the requirements of the information technology and telecommunications environments.

This part of ISO/IEC 15944 contains a methodology and tool for specifying common classes of external constraints through the construct of "jurisdictional domains". It meets the requirements set in ISO/IEC 15944-1 and ISO/IEC 15944-2 through the use of explicitly stated rules, templates, and Formal Description Techniques (FDTs).

17 As stated in Clauses 6.2.4 – 6.2.8, and Figure 18 of ISO/IEC 15944-1:2011, a natural person who provides a good, service and/or right is deemed to be an organization. Most jurisdictional domains also view an unincorporated activity providing a good, service and/or right to be an organization. {See further ISO/IEC 6523}