ISO/IEC 29151 – Protecting Personal Information

ISO/IEC 29151 has just been released and boy am I glad!  This new IT standard focuses on the protection of personally identifiable information (PII).  The complete title is Information technology – Security techniques – Code of practice for personally identifiable information protection.  It’s available now from Document Center Inc.

High profile data breaches are undermining consumer confidence in companies using the network for transmission of personal information.  And yet, more and more of our data is stored and transmitted every day.  We expect our suppliers to protect our information, and regulators are starting to agree with us.  This presents a real challenge for business.  I remember that in the early days of the Internet, it was said that the only true security was “air” (not being connected to the internet at all).  Now with thumb drives, etc., not even “air” can do the job.

The ISO/IEC 29151 is a guidance document.  It builds on the many IT security standards already in force.  It was developed in conjunction with the ITU and is identical to ITU T Recommendation X.1058.

The document is based on the structure of ISO/IEC 27002 (Information technology – Security techniques – Code of practice for information security controls).  Using that document’s clauses 4 to 18, guidance is given on using controls specifically geared for PII security.  What would those controls be? The Annex A (mandatory) contains the extended list.  These additional controls supplement those already in the ISO/IEC 27002.  They are divided into 12 categories, taken from ISO/IEC 29100.  A 14-item bibliography completes this 48-page standard.

ISO/IEC 29151 provides organizations with specific guidance for protecting consumer information.  This is a critical task for many organizations moving forward.  The risks associated with not taking proactive steps in this regards range from harm to your customer base and reputation to legal non-compliance with ever-increasing regulations.  You can’t afford not to be paying attention to this issue.

To get your copy of this standard and those related publications, head to the Document Center Inc. webstore.  We are an authorized distributor of standards, so you can purchase from us with confidence.  Our store is at  Here is a link to the order page for the ISO/IEC 29151 for your convenience.

Document Center Inc. can help you identify and maintain the standards you need for compliance. For more information on our services, please get in touch with us by phone (650-591-7600) or email ( Find out why so many standards users make us their Standards Experts!