Privacy by Design Standards: ISO v IOPD Compare and Contrast

For those keeping up, there has been a lot of activity in Privacy by Design (PbD) standardization. Earlier this year, both the Institute of Operational Privacy Design (IOPD) and the International Organization for Standardization (ISO) released standards. The IOPD released its Design Process Standard (the “IOPD Standard”) and ISO released ISO 31700-1: Consumer Protection – Privacy by Design for Consumer Goods and Services (the “ISO Standard”). As the name of the IOPD Standard implies, it covers the necessary components to incorporate privacy considerations into an organization’s design “process,” whether the design of a product, service, or business process. The ISO Standard sets the organizational context for privacy as an overlap to the Software Development Life Cycle (SDLC), not limited to any specific stage. This blog looks at both standards, comparing and contrasting the two. We’ll look at a few key areas. To start with, the IOPD Standard is a conformance standard, which means that an organization will be able to certify that it follows the standard. For each component, the standard provides evidence and evaluation criteria. Currently, the IOPD is developing the certification process and looking for beta companies that wish to apply for early consideration. If you’re interested, please reach out. The ISO Standard was not developed as a conformance standard. The requirements are high-level, thus providing too much subjectivity in any evaluation.