ISO/TR TECHNICAL REPORT 12859 First edition 2009-06-01 Intelligent transport systems System architecture Privacy aspects in ITs standards and systems Systemes intelligents de transport-Architecture de systeme - Aspects prives dans les normes et les systemes S/T Reference number ISO/TR 12859:2009(E) @ ISO 2009 yIHS under Not for Resale ISO/TR 12859:2009(E) PDF disclaimer This PDF file may contain embedded typefaces. In accordance with Adobe's licensing policy, this file may be printed or viewed but shall not be edited unless the typefaces which are embedded are licensed to and installed on the computer performing the editing. In accepts no liability in this area. Adobe is a trademark of Adobe Systems Incorporated. Details of the software products used to create this PDF file can be found in the General Info relative to the file; the PDF-creation parameters were optimized for printing. Every care has been taken to ensure that the file is suitable for use by IsO member bodies. In the unlikely event that a problem relating to it is found, please inform the Central Secretariat at the address given below. COPYRIGHT PROTECTED DOCUMENT ISO2009 All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm, without permission in writing from either isO at the address below or ISO's member body in the country of the requester. ISO copyright office Case postale 56 . CH-1211 Geneva 20 Tel. + 4122 749 01 11 Fax + 41 22 749 09 47 E-mail [email protected] Web www.iso.org Published in Switzerland @ ISO 2009 - All rights reserved I without license from IHS Not for Resale ISO/TR 12859:2009(E) Contents Page Foreword .iv Introduction 1 Scope, 2 Terms, definitions and abbreviated terms.. 2.1 Terms and definitions .. 2.2 Abbreviated terms ... 3 Background. 3.1 Origin and basis of this Technical Report .. 3.2 Privacyrequiressecurity.. 3.3 The investigative process... 4 Recommendations 5 4.1 Basis of recommendations 4.2 Avoidance of harm.. 4.3 Fairly and lawfully .. 4.4 Specified, explicit and legitimate purposes. .5 4.5 Explicit and legitimate and must be determined at the time of collection of the data, 4.6 Not further processed in a way incompatible with the purposes for which they are originally collected.... .5 4.7 Not to be disclosed without the consent of the data subject . .6 4.8 Adequate, relevant and not excessive in relation to the purposes for which they are collected... .6 4.9 Accurate and, where necessary, kept up to date.... 4.10 Identification of data subjects for no longer than is necessary for the purposes for which the data were collected.... 4.11 Restriction to those who have a demonstrable “"need to know" 4.12 Clear and accessible ... 4.13 Security safeguards .... 4.14 Cumulative interpretation of multiple recommendations, Annex A (informative) Data privacy Framework, Directives and Guidelines.. .8 Annex B (informative) Example of national implementation of guidelines. .9 Annex C (informative) Examples of the principle of “"cumulative interpretation".. 11 Annex D (informative) Security-related International Standards 14 Bibliography.. Copyrght International Organizaionforstandardizalonghts reserved ii from IHS Not for Resale