Consistent. Constant. Criteria.
Deciding how to approach a situation depends on preparation, knowledge, experience, and sound judgment.
Following recognized professional standards and guidance from recognized authorities offers confidence that the outcome will be appropriate, proportionate, and defensible.
The following standards and guidelines are relevant to information privacy, access to information, and data governance.
Practice Standards and Guidelines
CAN/CIOSC 100-2:2022 — Data governance – Part 2: Third-party access to data
BC Physician Privacy Toolkit (2017)
Canadian Government Publications Portal
Conducting Social Media Background Checks — OIPC BC
Cyber Security Curriculum Guide — Draft
Data Protection Directive (EU)2016/680 for Police and Criminal Justice Authorities
Higher Education Cloud Vendor Assessment Tool
In the Matter of LabMD, Inc — FTC — offers detailed guidance on cybersecurity requirements
Joint investigation of Ashley Madison by the Privacy Commissioner of Canada and the Australian Privacy Commissioner/Acting Australian Information Commissioner — offers detailed guidance on cybersecurity requirements
Mobile Device Security Standard for Information Protection — BC OCIO
National Core Competency and Professional Standards
OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data
Privacy in mobile apps — Guidance for app developer — ICO UK
U.S. Customs & Border Protection Inspection of Electronic Devices
Proof of Age Standards
The Scheme is the appointed auditor for the UK’s Proof of Age Standards Scheme operated by PASSCO cic – their applicable standards include:
PASS 1:2022 – Proof of Age Standards Scheme – Requirements for Identity and Age Verification
PASS 0:2022 – Proof of Age Standards Scheme – General Principles and Definitions
PASS 3:2020 – Proof of Age Standards Scheme – Requirements for Data Protection and Privacy
PASS 5:2023 – Proof of Age Standards Scheme – Requirements for Digital Presentation of Proof of Age
National and International Standards
2089-2021 — IEEE Standard for an Age Appropriate Digital Services Framework Based on the 5Rights Principles for Children
7000-2021 — IEEE Standard Model Process for Addressing Ethical Concerns during System Design
7001-2021 — IEEE Standard for Transparency of Autonomous Systems
7002-2022 — IEEE Standard for Data Privacy Process
7003-2024 — Standard for Algorithmic Bias Considerations
7005-2021 — IEEE Standard for Transparent Employer Data Governance
7007-2021 — IEEE Ontological Standard for Ethically Driven Robotics and Automation Systems
7010-2020 — IEEE Recommended Practice for Assessing the Impact of Autonomous and Intelligent Systems on Human Well-Being
BS ISO/IEC 7810:2019 – Identification cards — Physical characteristics
ISO 15489-1:2016 — Information and documentation – Records management – Part 1: Concepts and principles
ISO 22307:2008. Financial services – Privacy impact assessment.
ISO 24760-1:2011 – Framework for identity management – Part 1: Terminology and concepts
ISO/IEC 29176:2011. Information technology – Mobile item identification and management – Consumer privacy-protection protocol for Mobile RFID services.
ISO/IEC 29187-1:2013. Information technology – Identification of privacy protection requirements pertaining to learning, education and training (LET) – Part 1: Framework and reference model.
ISO/IEC 29190:2015. Information technology – Security techniques – Privacy capability assessment model.
ISO/IEC 30107-1:2016 – Information technology — Biometric Presentation Attack Detection
ISO/IEC DIS 15944-12. Information technology – Business Operational View – Part 12: Privacy protection requirements on information life cycle management (ILCM) and EDI of personal information
ISO 29100:2011 – Privacy framework
ISO 9001:2015 – Quality Management Systems – Requirements;
ISO ISO31700 Privacy by design for consumer products & services
ISO/IEC 15944-8:2012. Information technology – Business Operational View – Part 8: Identification of privacy protection requirements as external constraints on business transactions.
ISO/IEC 29100:2011. Information technology – Security techniques – Privacy framework.
ISO/IEC 29100:2024 – Information technology – Security techniques – Privacy Framework;
ISO/IEC 29101:2013. Information technology – Security techniques – Privacy architecture framework.
ISO/IEC 29101:2018 – Information technology – Security techniques – Privacy Architecture Framework.
ISO/IEC DIS 29134. Information technology – Security techniques – Privacy impact assessment – Guidelines.
ISO/IEC FDIS 29187-1. Information technology – Identification of privacy protection requirements pertaining to learning, education and training (LET) – Part 1: Framework and reference model
ISO/TR 12859:2009. Intelligent transport systems – System architecture – Privacy aspects in ITS standards and systems.
ISO/TR 17427-7:2015. Intelligent transport systems – Cooperative ITS – Part 7: Privacy aspects.
ISO/TS 14441:2013. Health informatics – Security and privacy requirements of EHR systems for use in conformity assessment
Standards Organizations & Initiatives
American National Standards Institute (ANSI)
Australasian Digital Recordkeeping Initiative (ADRI)
Digital Governance Council Institute (develops standards in a broad range of technology fields)
The Common Criteria for Information Technology Security Evaluation
Council of Australasian Archives and Records Authorities (CAARA)
Declaration of Cities Coalition for Digital Rights
IEEE Standards University (develops standards in a broad range of technology fields)
Implementing the ISO 15489 Records Management Standard in the Government of Alberta
ISO – International Standards Organization
ITU Telecommunication Standardization Sector
NIST – National Institute of Standards and Technology
NIST Special Publication 800-63B — Digital Identity Guidelines
Open Group information security management maturity model (O-ISM3)
Tri-Council Policy Statement: Ethical Conduct for Research Involving Humans
