Information technology -- Security techniques -- Code of practice for personally identifiable information protection
ISO/IEC 29151:2017 establishes control objectives, controls and guidelines for implementing controls in order to meet the requirements identified by a risk and impact assessment related to the protection of personally identifiable information (PII).
In particular, this international Standard specifies guidelines based on ISO/IEC 27002, taking the requirements for processing PII that may be applicable within the context of an organisation's information security risk environment into consideration.
ISO/IEC 29151:2017 applies to all types and sizes of organisations acting as PII controllers (as defined in ISO/IEC 29100), including private and public companies, government entities and not-for-profit organisations that process PII.