1. PIMS personal data management system briefing
The PIMS study was first conducted within the United States General Electric Company in 1960. The main purpose was to find out how the market share affects the performance of a business unit. Taking some of the various business units of the ventilation company as a source of data, after several years of research and verification, the researchers established a regression model. The model is able to identify factors that are closely related to the rate of return on investment, and these factors can more strongly explain changes in the rate of return on investment.By 1972, participants in the PIMS study were no longer limited to researchers within General Electric, but rather to scholars at Harvard Business School and Market Science Institute. At this stage, the database used in the research involves not only the general electrical company, but also the information materials of many other business units.In 1975, a member company participating in the PIMS study initiated a non-profit research organization called the Strategic Planning Institute, which was responsible for managing the PIMS project and continuing research. To date, more than 200 companies have participated in the PIMS project, most of which are among the top 500 companies in the world.
2.Taiwan’s individual capitalization law was promulgated in May 2010, and it has an impact on the public service, non-profit organizations or private enterprises. In particular, today's computer network information is developed, commercial marketing and trading behaviors are numerous and numerous. Enterprises should actively develop relevant management methods and purchase necessary computer software and hardware to prevent customers or employees' personal data from being leaked, stolen or tampered with. and many more. The corresponding penalties for individual capital laws also remind companies not to ignore the importance of capital, so as not to trigger a crisis in business.
3.The new version of BS 10012:2017 was officially released on March 31, 2017. This revision is in line with the needs of global industry trends, and injects comprehensive information governance concepts for the collection, storage and subsequent processing of personal data, including: Timely access to notice, use of anonymized personal capital, and the right to exercise the right to be forgotten and the requirements for data portability.The major purpose of this revision is to reconcile the “General Data Protection Specification (GDPR)” officially adopted by the European Union on April 14, 2016. Since this decree will be officially implemented on May 25, 2018, it will not only be regulated within the EU. The establishment of the enterprise organization and its overseas branches and related enterprises will also extend the scope of application to the overseas organizations that transmit, collect and handle the private capital of the EU. This further highlights the importance of the new version of the BS 10012:2017 standard in the world.
4. what is BS 10012 personal information management
BS 10012 PIMS was developed by the British Standards Association for personal information management based on the OECD, APEC and Data Protection Acts.BS 10012 is consistent with other international standards and defines the requirements of the Personal Information Management System (PIMS). The standard design ensures adequate and appropriate control measures, and helps to protect personal information and enhance the confidence of the organization, including stakeholders, and other stakeholders in the organization's personal information management. The standard uses a process approach to establish, implement, operate, monitor, review, maintain, and improve an organization's Personal Information Management System (PIMS). BS 10012 is definitely not only the standard requirements for information communication (ICT) technology, but also the management of personal information from the legal, management and process aspects, in line with the domestic personal data protection law and the organization should follow the industry. Under the circumstance of good practice, the personal information held by the protection organization is carried out.
5., PIMS management principles
PIMS, short for "Personal Information Management System", is a set of management methods for protecting personal information. It is mainly aimed at companies or organizations that manage or use personal information to protect personal privacy.The core idea of PIMS is mainly reflected in the eight management principles:
The first principle – treated fairly and legally;
The second principle – obtained for specific purposes only and not subject to non-compliance;
The third principle – appropriate, relevant and not excessive;
The fourth principle – correct and up to date;
The fifth principle – retention time does not exceed the necessary level;
The sixth principle – the treatment is in accordance with the rights granted to individuals by law, including the subject right of access.
The seventh principle – access to security;
The eighth principle – countries that are not transferred abroad without proper protection.
6. BS 10012 Why do you need to match ISO 27001?
BS10012 personal information management system has strong correlation with ISO27001 information security management system, but the difference is also obvious. ISO27001 aims to be the security of general information, namely confidentiality, integrity and availability, while BS 10012 aims not to carry out personal information. Unauthorized use, security is a means to achieve this. Organizations can use ISO 27001 as a means of personal information protection to refine information security.
7. PIMS global issues
The security of information is not easy to maintain. Even the most technologically advanced and largest international companies are obviously not immune. For example, Google recently launched an ambitious streetscape project to film photo-based township cities around the world. The Internet giant has to admit that when collecting map information, it has been "unlawfully sampling the load data from an open (ie, no password-protected) wireless network" and immediately stated that it has never used that data for any Google product. ".Alan Eustace, senior vice president of Google Engineering's R&D department, explained in the company's official blog in May: "After we found the problem, we immediately destroyed our Street View car and separated the data from our network. Broken connection, making the data unreachable.""This event highlights the current state of publicly accessible, open, password-free wireless networks."Google insists that this is unintentional, but the move has set off a wave of data protection around the world.Richard Blumenthal, the Attorney General of Connecticut, recently formed a 37-state alliance in the United States that asked search engine giants to answer further questions and list specific locations for unauthorized data collection.He stated in a statement: "We will take all necessary steps, including potential legal actions, to obtain a comprehensive and complete response. Google must confess and detail how this privacy violation occurred. And why it happened."
8. Global PIMS problem
The security of information is not easy to maintain. Even the most technologically advanced and largest international companies are obviously not immune. For example, Google recently launched an ambitious streetscape project to film photo-based township cities around the world. The Internet giant has to admit that when collecting map information, it has been "unlawfully sampling the load data from an open (ie, no password-protected) wireless network" and immediately stated that it has never used that data for any Google product. ".Alan Eustace, senior vice president of Google Engineering's R&D department, explained in the company's official blog in May: "After we found the problem, we immediately destroyed our Street View car and separated the data from our network. Broken connection, making the data unreachable.""This event highlights the current state of publicly accessible, open, password-free wireless networks."Google insists that this is unintentional, but the move has set off a wave of data protection around the world.Richard Blumenthal, the Attorney General of Connecticut, recently formed a 37-state alliance in the United States that asked search engine giants to answer further questions and list specific locations for unauthorized data collection.He stated in a statement: "We will take all necessary steps, including potential legal actions, to obtain a comprehensive and complete response. Google must confess and detail how this privacy violation occurred. And why it happened."捌, maintain PIMS legalityGoogle’s case effectively highlights the fact that all industries must be able to demonstrate data risk management policies, which is perfectly reasonable.The EU's information protection lists eight principles for the storage and processing of personal data, including information that is relevant, accurate and specific, and that can only be kept when necessary and is fully protected. Other administrative districts have similar principles. However, data protection laws, such as the Data Protection Act of the United Kingdom (DPA), generally do not provide a fixed structure to ensure compliance, but companies are responsible for developing appropriate systems and technologies.BSI Data Protection Standard - BS 10012:2017 Specification of Personal Information Management System - can be used here because it was developed to mitigate the risk of the company managing personal data. Public authorities are equally applicable to private companies.