As consumers complete online transactions, the information they enter is encrypted with the retailer's public key. The retailer then decrypts the information with a private key, assuring that no outside sources have access to that information. Public key techniques are covered by a number of standards, including an ANS developed by IEEE, an ANSI member and accredited standards developer. IEEE 1363-2000, Standard Specifications for Public Key Cryptography, includes mathematical primitives for secret value (key) derivation, public key encryption, digital signatures, and cryptographic schemes based on those primitives.
The U.S. standards community is also involved in data privacy standards on the international level. The focal point for this work is the ISO/International Electrotechnical Commission (IEC) Joint Technical Committee (JTC) 1, Information Technology (IT), Subcommittee (SC) 27, IT Security Techniques, Working Group (WG) 5, Identity management and privacy technologies. SC 27 has developed the documents in the ISO/IEC Electrotechnical Commission (IEC) 27001 and 27002 IT Security Techniques Package, available on ANSI's electronic standards store. These standards provide the requirements and code of practice to initiate, implement, maintain and improve an information security management system in any size organization. This package helps to identify an organization's security requirements, risks and selecting controls for the requirements and risks using the "Plan-Do-Check-Act" model.
The U.S. leads JTC 1, with ANSI holding the secretariat and Karen Higginbottom acting as chairperson. The InterNational Committee for Information Technology Standards (INCITS) serves as the administrator of the ANSI-accredited U.S. Technical Advisory Group (TAG) to SC 27. INCITS is an ANSI member and accredited standards developer.
Various other ISO committees deal with some aspect of data privacy in their work programs. ISO TC 247, Fraud countermeasures and controls, was proposed last year by ANSI in conjunction with the North American Security Products Organization (NASPO), an ANSI member and accredited standards developer. The U.S. holds the secretariat to the TC through NASPO. Committee efforts are focused on the development of standards in the areas of brand and intellectual property protection, identity management, and financial fraud.
TC 247's efforts complement the initiatives of ISO Project Committee (PC) 246, Performance requirements for purpose built anti-counterfeiting tools. NASPO is the ANSI-accredited U.S. TAG administrator for both TC 247 and PC 246.
ANSI also administers a virtual U.S. TAG for a Privacy Steering Committee (PSC) that reports to ISO's Technical Management Board (TMB). The PSC aims to hold a conference to facilitate information sharing and coordination among TCs involved in privacy-related work; to develop a common terminology document on privacy; and to create a live inventory of privacy-related work. Mark MacCarthy, an adjunct professor at Georgetown University's Communication, Culture, and Technology Program and former senior vice president of global public policy for Visa Inc., will serve as the U.S. expert to the PSC.
An ongoing ANSI initiative that supports data privacy is the Identity Theft Prevention and Identity Management Standards Panel (IDSP). IDSP is a cross-sector coordinating body whose objective is to facilitate the timely development, promulgation and use of voluntary consensus standards and guidelines that equip and assist the private sector, government, and consumers in minimizing the scope and scale of identity theft and fraud.
With a number of national and international standards, committees, and panels, the standards community provides active contributions to the objectives highlighted by Data Privacy Day, assuring protection in the many ways that personal information is collected, stored, used, and shared.