Today marks the sixth annual celebration of Data Privacy Day, which was established in 2008 to educate organizations and individuals about the most effective ways to make use of existing data security measures to safeguard their privacy. The American National Standards Institute (ANSI) salutes Data Privacy Day and all those who work to support information security, including the standards developing organizations (SDOs), many of them members of the ANSI Federation, that create standards in this area. With the rising popularity of mobile devices like smartphones and tablets, wireless Internet connections have become both more prevalent and more necessary. But the ubiquity of wireless access makes it easy for users to shrug off privacy and data risks, leaving windows of opportunity open for scammers and hackers. Thankfully, ANSI member and accredited standards developer the Telecommunications Industry Association (TIA) has developed an American National Standard (ANS) to provide guidance in this important area. ANSI/TIA 664-528-B-2007 (R2013), Wireless Features Description: Data Privacy (DP), sets down recommendations for the implementation of uniform features for use in wireless telecommunications systems, with a particular focus on data privacy associated with user roaming.
While wireless devices are becoming more common, millions of U.S. households still depend on desktop computers and other non-portable devices, often making use of a cable modem to connect to the Internet through their local cable provider. ANSI/SCTE 22-2 2002 R2007, Data-Over-Cable Service Interface Specification DOCSIS 1.0 Baseline Privacy Interface (BPI), provides a description of a data privacy function association with communications between cable modems and a given cable modem transmission system, allowing for secure communications and a level of protection for personal data. This ANS was developed by the Society of Cable Telecommunications Engineers (SCTE), an ANSI member and accredited standards developer.
Even though computers and mobile devices get most of the attention when it comes to protecting private data, it's important to remember that private data can be transmitted to and stored on a wide variety of different electronic devices, including hardcopy devices (HCDs) such as copiers and printers. IEEE Std 2600-2008, IEEE Standard for Information Technology: Hardcopy Device and System Security, defines security requirements, including privacy and authentication needs, for HCDs and the computers and networks that support these devices. The standard - which was developed by IEEE, an ANSI member and accredited standards developer - focuses on instructing software developers and manufacturers about the inclusion of appropriate security capabilities in HCDs and providing information to users about the effective use of these capabilities.
Protecting the private data of organizations and individuals is always important, but when it comes to private health information, even more care is required to make sure that this deeply personal data is not accidentally (or maliciously) shared. ASTM International, an ANSI member and audited designator, has developed a standard intended to support efforts to safeguard the privacy of electronic health records (EHRs) and other confidential health information. ASTM E1869-04(2010), Standard Guide for Confidentiality, Privacy, Access, and Data Security Principles for Health Information Including Electronic Health Records, focuses on computer-based systems and sets down basic principles and ethical practices for handling these confidential records and related documents in a manner that conforms to local, state, and federal laws, and bolsters the security and privacy and security of health information in an EHR or related system.
In support of improved health information privacy, ANSI's Identity Theft Prevention and Identity Management Standards Panel (IDSP), in partnership with The Santa Fe Group and the Internet Security Alliance (ISA), released a 2012 report, titled The Financial Impact of Breached Protected Health Information: A Business Case for Enhanced PHI Security, that encouraged healthcare organizations to implement enhanced security for consumers' protected health information (PHI) and provided a five-step method enabling healthcare groups to accurately estimate the financial costs of a PHI breach, among other content. The full report is available online.
Whether you're checking your email on a smartphone or having a check-up at your doctor's office, voluntary consensus standards provide important support for efforts to keep your private data private.
For more information on Data Privacy Day, visit its official website.