Search Icon White

Data Breach Update: IEC, ISO, and ITU Develop International Standard to Address Personal Data Theft


Article adapted from

As cyber criminals find new ways to steal data across industries and compromise sensitive information of millions of individuals, new guidance based on the collaborative effort of the International Electrotechnical Commission (IEC), International Organization for Standardization (ISO), and International Telecommunication Union (ITU) will provide a code of practice for the protection of personally identifiable information. The American National Standards Institute (ANSI) is the U.S. member body to ISO, and the IEC, via the U.S. National Committee.

This year, Ponemon Institute's 2017 Cost of Data Breach Study: Global Overview revealed that the average cost of a data breach cost companies $3.62 million. The study, which surveyed 419 organizations across the globe found that while the cost of a data breach decreased 10 percent, the average size of a data breach (number of records lost or stolen) increased 1.8 percent. Given that major sectorsincludinghealthcare, finance, retail, and e-commerce are among regular targets of data breaches, preventative and timely protection measures are vital.

The standard ISO/IEC 29151 l ITU-T X.1058, Information technology-security techniques-Code of practice for personally identifiable information (PII) protection, establishes the objectives of data-protection controls, specifies the controls required, and provides guidelines for their implementation. According to ISO, it also shows how arrangements of these controls can meet the requirements identified by organizations' risk and impact assessments relevant to the protection of personal data.

It builds on the standard ISO/IEC 27002, Information technology security techniques code of practice for information security controls, taking into consideration the requirements for processing PII which may be applicable within the context of an organization's information security risk environment(s).

ISO/IEC joint technical committee (JTC) 1, Information technology, Subcommittee (SC) 27, IT Security techniques, developed the standard in collaboration with ITU-Study Group 17, which works to build confidence and security in the use of information and communication technologies.

Read ISO coverage on the new standard on


The joint technical committee of ISO and IEC, ISO/IEC JTC 1, Information technology, is a consensus-based, voluntary international standards group that works as a highly productive collaboration between ISO and IEC. Some 4,500 registered experts from around the work take part in JTC 1 to develop mutually beneficial standards that enhance global trade while protecting intellectual property. The U.S. plays a leading role in JTC 1, with the ANSI holding the secretariat and Phil Wennblom serving as JTC 1's chairperson.


Jana Zabinski

Senior Director, Communications & Public Relations


[email protected]

Beth Goodbaum

Journalist/Communications Specialist


[email protected]