Information is often at its most vulnerable when it is being transferred from one location to another – either physically, digitally or verbally.
Organisations need to safeguard PII that is in transit, and provide employees and suppliers with a clear set of guidelines on how to conduct themselves when moving information from one source to another.
ISO 27701 clause 6.10.2 contains 4 sub-clauses that address privacy protection within the scope of information transfers. Each sub-clause is reliant upon guidance information from ISO 27002:
Two sub-clauses contain guidance that is applicable within UK GDPR legislation – (Clauses 6.10.2.1 and 6.10.2.4), with no additional PIMS or PII-related guidance offered outside of the general guidance points already stated.
Information transfer operations should:
When utilising electronic transfer facilities, organisations should:
When transferring physical media (including paper documents) between premises or external locations, organisations should:
Verbally conveying sensitive information presents a unique security risk, particularly where PII and privacy protection is concerned.
Organisations should remind employees to:
See ISO 27701 Clause 6.10.2.1
Book a tailored hands-on session
based on your needs and goals
Book your demo
See ISO 27701 Clause 6.10.2.1
Organisations should utilise non-disclosure agreements (NDAs) and confidentiality agreements to protect the wilful or accidental divulgence of sensitive information to unauthorised personnel.
When drafting, implementing and maintaining such agreements, organisations should:
Confidentiality laws vary from jurisdiction to jurisdiction, and organisations should consider their own legal and regulatory obligations when drafting NDAs and confidentiality agreements (see ISO 27002 controls 5.31, 5.32, 5.33 and 5.34).
ISO 27701 Clause Identifier | ISO 27701 Clause Name | ISO 27002 Control | Associated GDPR Articles |
---|---|---|---|
6.10.2.1 | Information Transfer Policies and Procedures | 5.14 – Information Transfer for ISO 27002 | Article (5) |
6.10.2.2 | Agreements for Information Transfer | 5.14 – Information Transfer for ISO 27002 | None |
6.10.2.3 | Electronic Messaging | 5.14 – Information Transfer for ISO 27002 | None |
6.10.2.4 | Confidentiality or Non-disclosure Agreements | 6.6 – Confidentiality or Non-Disclosure Agreements for ISO 27002 | Article (5), (25), (28), (38) |
Whether you’re just starting to look at data privacy, or an expert looking to integrate multiple standards and regulations, our features are easy to use and you’ll make progress the instant you log on.
Find out more by booking a demo.
Book a tailored hands-on session
based on your needs and goals
Book your demo
We can’t think of any company whose service can hold a candle to ISMS.online.