Background

In recent months there have been a number of meetings and discussions related to the role CIECA Standards as they relate to the topic of data & information security. For many years people said the BMS is secure compared to the EMS, and while there is some truth in that statement, it depends greatly in one’s definition of security and which aspects of security or privacy one is addressing.

To address these concerns, the Executive Committee, requested the formation of an Ad Hoc committee to specifically address the topic of Data Security & Privacy to develop a position / policy statements on CIECA’s role as it relates to this topic.

Mission

Identify what role CIECA can realistically play in the area of Information Privacy

Develop recommendations for CIECA’s position on the topics of

• Data Security

• Data Privacy

• Data Segregation / Segmentation

Problem Statement

There is misunderstandings within the industry on what role CIECA plays as it relates to Data Security, Privacy and Segregation.

Information Privacy has evolved greatly in the last 20 years. We need to be more precise and clear in our terminology and definitions as it relates to the topics of data security, privacy and segregation.

Scope

Must have:

• The scope is CIECA’s position / role as it relates to Data Segregation.

• Keep the scope narrow to what CIECA can do and not take on the broader role of education
  

Not in scope:

• Any security or information privacy related topics that go beyond those areas that CIECA can directly influence.
  

Operating Guidelines

• This committee is an ad hoc committee formed for the single purpose of address the issue of data segmentation.

• This is not intended to be a permanent committee

Reference materials

Add links to relevant research and any other key documents