《08-30166961-DC.pdf》由会员分享,可在线阅读,更多相关《08-30166961-DC.pdf(31页珍藏版)》请在三一文库上搜索。
1、a Date: 6 October 2008 Origin: International Latest date for receipt of comments: 31 January 2009 Project no.: 2007/01422 Responsible committee: EPL/278 Road transport informatics Interested committees: Title: Draft BS ISO 24100 Privacy - The basic principles for probe personal data protection Super
2、session information: If this document is published as a standard, the UK implementation of it will supersede NONE and partially supersede. NONE If you are aware of a current national standard which may be affected, please notify the secretary (contact details below). WARNING: THIS IS A DRAFT AND MUS
3、T NOT BE REGARDED OR USED AS A BRITISH STANDARD. THIS DRAFT IS NOT CURRENT BEYOND 31 January 2009. This draft is issued to allow comments from interested parties; all comments will be given consideration prior to publication. No acknowledgement will normally be sent. See overleaf for information on
4、commenting. No copying is allowed, in any form, without prior written permission from BSI except as permitted under the Copyright, Designs and Patent Act 1988 or for circulation within a nominating organization for briefing purposes. Electronic circulation is limited to dissemination by e-mail withi
5、n such an organization by committee members. Further copies of this draft may be purchased from BSI Customer Services, Tel: +44(0) 20 8996 9001 or email . British, International and foreign standards are also available from BSI Customer Services. Information on the co-operating organizations represe
6、nted on the committees referenced above may be obtained from the responsible committee secretary. Cross-references The British Standards which implement International or European publications referred to in this draft may be found via the British Standards Online Service on the BSI web site http:/.
7、Direct tel: 020 8996 7127 Responsible Committee Secretary: Mr M S Matharu (BSI) E-mail: Draft for Public Comment Head Office 389 Chiswick High Road London W4 4AL Telephone: +44(0)20 8996 9000 Fax: +44(0)20 8996 7001 Form 36 Version 8.0 DPC: 08/30166961 DC Licensed Copy: London South Bank University
8、, South Bank University, 16/11/2008 11:56, Uncontrolled Copy, (c) BSI b Introduction This draft standard is based on international discussions in which the UK has taken an active part. Your comments on this draft are invited and will assist in the preparation of the consequent standard. Comments sub
9、mitted will be reviewed by the relevant BSI committee before sending the consensus UK vote and comments to the international secretariat, which will then decide appropriate action on the draft and the comments received. If the international standard is approved, it is possible the text will be publi
10、shed as an identical British Standard. UK Vote Please indicate whether you consider the UK should submit a negative (with reasons) or positive vote on this draft. Submission The guidance given below is intended to ensure that all comments receive efficient and appropriate attention by the responsibl
11、e BSI committee. Annotated drafts are not acceptable and will be rejected. All comments must be submitted, preferably electronically, to the Responsible Committee Secretary at the address given on the front cover. Comments should be compatible with Version 6.0 or Version 97 of Microsoft Word for Win
12、dows, if possible; otherwise comments in ASCII text format are acceptable. Any comments not submitted electronically should still adhere to these format requirements. All comments submitted should be presented as given in the example below. Further information on submitting comments and how to obtai
13、n a blank electronic version of a comment form are available from the BSI web site at: http:/ Template for comments and secretariat observations Date: xx/xx/200x Document: ISO/DIS xxxxx 1 2 (3) 4 5 (6) (7) MB Clause No./ Subclause No./ Annex (e.g. 3.1) Paragraph/ Figure/Table/ Note (e.g. Table 1) Ty
14、pe of com- ment Comment (justification for change) by the MB Proposed change by the MB Secretariat observations on each comment submitted 3.1 Definition 1 ed Definition is ambiguous and needs clarifying. Amend to read . so that the mains connector to which no connection . 6.4 Paragraph 2 te The use
15、of the UV photometer as an alternative cannot be supported as serious problems have been encountered in its use in the UK. Delete reference to UV photometer. Microsoft and MS-DOS are registered trademarks, and Windows is a trademark of Microsoft Corporation. Licensed Copy: London South Bank Universi
16、ty, South Bank University, 16/11/2008 11:56, Uncontrolled Copy, (c) BSI THIS DOCUMENT IS A DRAFT CIRCULATED FOR COMMENT AND APPROVAL. IT IS THEREFORE SUBJECT TO CHANGE AND MAY NOT BE REFERRED TO AS AN INTERNATIONAL STANDARD UNTIL PUBLISHED AS SUCH. IN ADDITION TO THEIR EVALUATION AS BEING ACCEPTABLE
17、 FOR INDUSTRIAL, TECHNOLOGICAL, COMMERCIAL AND USER PURPOSES, DRAFT INTERNATIONAL STANDARDS MAY ON OCCASION HAVE TO BE CONSIDERED IN THE LIGHT OF THEIR POTENTIAL TO BECOME STANDARDS TO WHICH REFERENCE MAY BE MADE IN NATIONAL REGULATIONS. RECIPIENTS OF THIS DRAFT ARE INVITED TO SUBMIT, WITH THEIR COM
18、MENTS, NOTIFICATION OF ANY RELEVANT PATENT RIGHTS OF WHICH THEY ARE AWARE AND TO PROVIDE SUPPORTING DOCUMENTATION. DRAFT INTERNATIONAL STANDARD ISO/DIS 24100 International Organization for Standardization, 2008 INTERNATIONAL ORGANIZATION FOR STANDARDIZATION ORGANISATION INTERNATIONALE DE NORMALISATI
19、ON ISO/TC 204 Voting begins on: 2008-10-02 Secretariat: ANSI Voting terminates on: 2009-03-02 Privacy - the basic principles for probe personal data protection Vie prive Les principes de base pour la protection des donnes personnelles de sonde ICS 03.220.01; 35.240.60 In accordance with the provisio
20、ns of Council Resolution 15/1993 this document is circulated in the English language only. Conformment aux dispositions de la Rsolution du Conseil 15/1993, ce document est distribu en version anglaise seulement. To expedite distribution, this document is circulated as received from the committee sec
21、retariat. ISO Central Secretariat work of editing and text composition will be undertaken at publication stage. Pour acclrer la distribution, le prsent document est distribu tel quil est parvenu du secrtariat du comit. Le travail de rdaction et de composition de texte sera effectu au Secrtariat cent
22、ral de lISO au stade de publication. Licensed Copy: London South Bank University, South Bank University, 16/11/2008 11:56, Uncontrolled Copy, (c) BSI ISO/DIS 24100 ii ISO 2008 All rights reserved PDF disclaimer This PDF file may contain embedded typefaces. In accordance with Adobes licensing policy,
23、 this file may be printed or viewed but shall not be edited unless the typefaces which are embedded are licensed to and installed on the computer performing the editing. In downloading this file, parties accept therein the responsibility of not infringing Adobes licensing policy. The ISO Central Sec
24、retariat accepts no liability in this area. Adobe is a trademark of Adobe Systems Incorporated. Details of the software products used to create this PDF file can be found in the General Info relative to the file; the PDF-creation parameters were optimized for printing. Every care has been taken to e
25、nsure that the file is suitable for use by ISO member bodies. In the unlikely event that a problem relating to it is found, please inform the Central Secretariat at the address given below. Copyright notice This ISO document is a Draft International Standard and is copyright-protected by ISO. Except
26、 as permitted under the applicable laws of the users country, neither this ISO draft nor any extract from it may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, photocopying, recording or otherwise, without prior written permission being secured. R
27、equests for permission to reproduce should be addressed to either ISO at the address below or ISOs member body in the country of the requester. ISO copyright office Case postale 56 CH-1211 Geneva 20 Tel. + 41 22 749 01 11 Fax + 41 22 749 09 47 E-mail copyrightiso.org Web www.iso.org Reproduction may
28、 be subject to royalty payments or a licensing agreement. Violators may be prosecuted. Licensed Copy: London South Bank University, South Bank University, 16/11/2008 11:56, Uncontrolled Copy, (c) BSI Licensed Copy: London South Bank University, South Bank University, 16/11/2008 11:56, Uncontrolled C
29、opy, (c) BSI 4 Contents 1 Scope.8 2 Normative references .9 3 Terms and definitions.9 4 Reference architecture .11 5 Personal data included in probe vehicle systems13 5.1 Personal data 13 5.2 Encryption data that can become personal data14 5.3 Authentication data that can become personal data15 6 Th
30、e basic principles16 6.1 Collection limitation principle16 6.2 Data quality principle16 6.3 Purpose specification principle.16 6.4 Use limitation principle.17 6.5 Security safeguards principle17 6.6 Openness principle.17 6.7 Individual participation principle.17 6.8 Accountability principle .17 Anne
31、x A - Threats to personal data in probe vehicle systems.18 ISO/DIS 24100 DRAFT 2008 ISO 2002 All rights reserved Licensed Copy: London South Bank University, South Bank University, 16/11/2008 11:56, Uncontrolled Copy, (c) BSI 5 Page Figures Figure 1 Scope of this ISO international standard 8 Figure
32、2 Model of data transmitted from vehicles 10 Figure 3 The conceptual model of probe data collection. 11 Figure 4 The reference architecture for the basic principles 12 Tables Table 1 Other databases . 13 Table 2 Encryption data that can become personal data 14 Table 3 Authentication data that can be
33、come personal data. 15 Table 4 Examples of threats to personal data peculiar to probe vehicle systems . 1 Table 5 Threats occurring in information/communications systems in general and not dependent on probe vehicle systems . 3 Table 6 Detailed analysis of threats. 4 The table of contents is an opti
34、onal preliminary element, but is necessary if it makes the document easier to consult. The table of contents shall be entitled “Contents” and shall list clauses and, if appropriate, subclauses with titles, annexes together with their status in parentheses, the bibliography, indexes, figures and tabl
35、es. The order shall be as follows: clauses and subclauses with titles; annexes (including clauses and subclauses with titles if appropriate); the bibliography; indexes; figures; tables. All the elements listed shall be cited with their full titles. Terms in the “Terms and definitions” clause shall n
36、ot be listed in the table of contents. ISO/DIS 24100 DRAFT 2008 ISO 2002 All rights reserved Licensed Copy: London South Bank University, South Bank University, 16/11/2008 11:56, Uncontrolled Copy, (c) BSI 6 Foreword ISO (the International Organization for Standardization) is a worldwide federation
37、of national standards bodies (ISO member bodies). The work of preparing International Standards is normally carried out through ISO technical committees. Each member body interested in a subject for which a technical committee has been established has the right to be represented on that committee. I
38、nternational organizations, governmental and non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of electrotechnical standardization. International Standards are drafted in accordance with
39、 the rules given in the ISO/IEC Directives, Part 2. The main task of technical committees is to prepare International Standards. Draft International Standards adopted by the technical committees are circulated to the member bodies for voting. Publication as an International Standard requires approva
40、l by at least 75 % of the member bodies casting a vote. Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. ISO shall not be held responsible for identifying any or all such patent rights. ISO nnn-n was prepared by Technical Committee
41、 ISO/TC 000, TC title, Subcommittee SC 0, SC title. This second/third/. edition cancels and replaces the first/second/. edition (ISO nnn-n:19xx), clause(s) / subclause(s) / table(s) / figure(s) / annex(es) of which has / have been technically revised. ISO nnn consists of the following parts, under t
42、he general title Introductory element Main element: Part n: Part title Part n+1: Part title Part n+2: Part title The foreword shall appear in each document. It shall not contain requirements, recommendations, figures or tables. It consists of a general part and a specific part. The general part (sup
43、plied by the Central Secretariat of ISO) gives information relating to the organization responsible and to International Standards in general, i.e. a) the designation and name of the committee that prepared the document, b) information regarding the approval of the document, and c) information regar
44、ding the drafting conventions used, comprising a reference to the ISO/IEC Directives, Part 2. The specific part (supplied by the committee secretariat) shall give a statement of significant technical changes from any previous edition of the document and as many of the following as are appropriate: d
45、) an indication of any other international organization that has contributed to the preparation of the document; e) a statement that the document cancels and replaces other documents in whole or in part; f) the relationship of the document to other documents. ISO/DIS 24100 DRAFT 2008 ISO 2002 All ri
46、ghts reserved Licensed Copy: London South Bank University, South Bank University, 16/11/2008 11:56, Uncontrolled Copy, (c) BSI 7 I Introduction Background: Probe vehicle systems are being investigated and deployed throughout the world. It is expected that the number of practical systems will grow st
47、eadily over the next few years. In general, probe data collection systems will incorporate extensive technical measures to minimize the use of personal data and protect any personal data that is used. Nevertheless, because technical measures cannot address every situation, we must address the possib
48、ility that situations may arise in which personal data becomes vulnerable to mis-use. Since data collected by such systems can reveal sensitive personal information, it is critical to address consumer requirements for personal data protection through a formal policy for handling this data. This prot
49、ection is particularly important because it is difficult to completely eliminate any possibility of probe data being linked to a particular person or vehicle. For example, consider a probe vehicle information service that does not include any personal data within the probe data, but uses personal data to authenticate the data source and en