Disclaimer: This is not an official site of ISO or Standards Council of Canada. This website is for general information purposes only. As of Feb 6th, 2023, this site is still under construction.
You have questions
We Have Answers
Consumer protection: privacy by design for consumer goods and services
​
The title of ISO 31700 -1 says a lot. But we also know that privacy means different things to different people, and that leads to questions and conversations.
How did PC 317 work through the pandemic?
This is a Paragraph. Click on "Edit Text" or double click on the text box to start editing the content and make sure to add any relevant details or information that you want to share with your visitors.
Where are copies of the ISO 31700-1 and -2 standards available?
They can be ordered through your national standards body. Click here for the ISO list of national standards member bodies...scroll down and find your country on the map, and then click through to your national body for purchasing.
🇨🇦
Canadians, please click here to save a few steps and go straight to the SCC purchasing page.
🇨🇦
​
After I buy a copy of ISO 31700, what's next?
ISO 31700 is a product-based standard, meaning that organizations, engineers, business owners, and designers can identify a single product or a group of products to apply this standard. Next, 31700 contains steps and checkpoints to ensure that privacy is designed properly into a product. Some organizations may not need much help figuring out how to integrate the requirements of ISO 31700, but many will need some help. Therefore, we encourage organizations to reach out to appropriately qualified attorneys, consultants, educators and other privacy professionals to apply ISO 31700 to their products and to make the most of this standard. You may also reach out to us and we'll be glad to help too!
What is the process of making an ISO standard?
ISO standards are written by subject matter experts, based on consensus of best practices. Experts are nominated to participate in the process by their national standards body.
What is so important about protecting consumer privacy?
Consumer privacy is all about a consumer's choice to share or not share certain information about themselves. When consumers choices and expectations are protected, we end up with strong relationships, trust, and sustainable business practices - ALL of which are good for consumers AND the organizations that make the products consumers buy.
How does this ISO standard relate to other consumer protections?
While consumers ultimately benefit from nearly all ISO standards, standards that are created specifically with consumer protection in mind are increasingly necessary in today's society. ISO develops certain standards, like ISO 31700, to help highlight the consumer protection issues related to privacy, and then publishes a standard that embraces both "horizontal and vertical" consumer protections that are often found along with consumer privacy protections.
What is privacy by design? Is that the same as Privacy by Design?
Privacy by design, with lower case letters, refers to the general thought process and product design process in which certain characteristics are "baked in" to a product. These characteristics might be things like privacy, security, or safety, hence the terms privacy by design, or safety by design. Privacy by Design, capitalized, refers to the specific set of principles and priorities created by Dr. Ann Cavoukian.
What is a standard?
Even for those of us that work with standards, it's easy to overlook the core purpose of a standard, especially an international standard. A standard breaks down a complex organizational or technical function into line item details that all add up to a roadmap for how to successfully accomplish the function. For example, quality control is a functional process and a goal of most organizations. However, for an organization to understand how to establish and achieve quality control, it needs a step-by-step guide, kinda like an instruction manual. That's a standard!
What roles or titles should someone have to utilize this privacy standard?
ISO 31700 is pretty cool as far as standards go because it was created for business managers and entrepreneurs, alongside engineers and developers. So there is actually no particular title or area of responsibility that is needed to utilize this standard. All you need to start is a desire to design privacy into a product, and a copy of the standard!
How did PC 317 work through the pandemic?
This is a Paragraph. Click on "Edit Text" or double click on the text box to start editing the content and make sure to add any relevant details or information that you want to share with your visitors.
What industries and businesses can use this standard?
ISO 31700 can be used by any industry or business to design privacy protections into a product. We acknowledge that the application of this standard to the consumer data held by an oil & gas company will be different than the application of this standard to a social media app, but overall, this standard can find a nice home just about everywhere we find consumers or data about those consumers.
How do consumers benefit from this standard?
For many years, consumers lacked protections for their privacy. In recent years, jurisdictions around the world have implemented new data protection and privacy laws, but the question has remained: "how do I make a product that complies with the law"? Another question has been, "how do I let consumers know that my product / organization really cares about their privacy"? Since a standard is like a bridge between a law that says "you must do X" and where you are now, ISO 31700 provides that missing bridge between consumer products and laws like GDPR and CCPA.
How did PC 317 work through the pandemic?
This is a Paragraph. Click on "Edit Text" or double click on the text box to start editing the content and make sure to add any relevant details or information that you want to share with your visitors.
What is the value of implementing this standard?
Consumers are eager for products that respect them and respect their privacy. Depending upon the product and market, the competitive advantage and market opportunity can be immense!
How can this standard help my business?
ISO 31700 is a product-based standard, which means that organizations of all sizes and shapes can use it. Even if this is the very first standard an organization adopts, 31700 can help the entire organization step up its game to be more efficient and focused!
How did PC 317 work through the pandemic?
This is a Paragraph. Click on "Edit Text" or double click on the text box to start editing the content and make sure to add any relevant details or information that you want to share with your visitors.
What is the relationship between this privacy standard and cybersecurity standards?
Privacy and cybersecurity should operate cooperatively to protect and manage data, along with the rights and values of the people behind the data. A comprehensive information management program should incorporate both cybersecurity standards (such as ISO 27000 series standards) and this privacy standard.
How does this standard relate to trust? identity? AI?
People need to be able to trust that their privacy choices are respected, and that the technologies we all use are created ethically. As this standard helps organizations take major steps to protect and respect privacy, other frameworks like trust, identity, and AI are positively influenced.
How did PC 317 work through the pandemic?
This is a Paragraph. Click on "Edit Text" or double click on the text box to start editing the content and make sure to add any relevant details or information that you want to share with your visitors.
As an organization, how do I know if my privacy design or general product design meets this standard? As a consumer, how would I know if a product meets this standard?
At an organization, design teams can work with other colleagues, such as engineers and business managers, to create a series of questions with auditable answers for each requirement within the standard. This process is typically overseen by an outside third party that specializes in audits or certifications. Consumers can search for existing products that meet this standard. Also, since ISO 31700-1 and -2 are new, consumers can also contact their favorite companies and request that existing products, new products, and new versions of old products utilize this standard.
Does ISO provide any of the testing or certification references in the previous question?
No, ISO does not provide this service. You may contact your national body for further information, or connect with us for guidance.
How did PC 317 work through the pandemic?
This is a Paragraph. Click on "Edit Text" or double click on the text box to start editing the content and make sure to add any relevant details or information that you want to share with your visitors.
Where can I get training on this standard?
ISO does not provide training or educational services. You may contact your national body for further information about local programs, or connect with us for guidance.
As a consumer, can I find a list of products that meet this standard?
As this standard was just published, products will be added to a list on this site. As other lists become available, we will link to those as well.
As a consumer, can I buy a copy of this standard and do anything with it?
Consumers are absolutely encouraged to buy a copy of this standard for many reasons. Top amongst those reasons are: ISO 31700 was created as a consumer protection standard, consumers can use the standard to help encourage best privacy practices in their own lives, and finally the standard can be used by advocates to help the companies and products we rely upon every day to do a better job of protecting our privacy and our data. Ask for your products to be ISO 31700!
