ISO IEC TS 27570 pdf – Privacy protection — Privacy guidelines for smart cities

ISO IEC TS 27570 pdf – Privacy protection — Privacy guidelines for smart cities
4Abbreviated terms
Al
artificial intelligence
ICT
information and communication technology
loT
internet of things
LINDDUN
linkability, identifiability, non-repudiation, detectability, disclosure of information, una-wareness, non-compliance
0ASIS
organization for the advancement of structured information standards
PIA
privacy impact assessment
STRIDE
spoofing of user identity, tampering,repudiation, information disclosure, denial of ser-vice, elevation of privilege
5Privacy in smart cities
5.1General
A smart city aims at the effective integration of physical, digital and human systems in the builtenvironment to deliver a sustainable, prosperous and inclusive future for its citizens. lt is a sharedvision among city stakeholders to achieve a number of desired outcomes: well-being, transparency,sustainability, economic development, efficiency and resilience, collaboration and innovation. In thisvision, economic development and innovation leverage ICT technology (e.g. loT, big data，Al, cloudcomputing), and require a system of systems view to enable the integration of sector-specific systems(e.g. energy,transport, healith). The integration of privacy is a major concern.Guidance needs to beprovided on how smart cities can follow the lSO/1EC29100 principles:
consent and choice;
purpose legitimacy and specification;collection limitation;
data minimization;
use, retention and disclosure limitation;accuracy and quality;
openness, transparency and access;accountability;
information security; andprivacy compliance.
5.2Integration of privacy in the smart city reference framework5.2.1Smart city lCT reference framework in the ISO/IEC 30145 series Figure 4 describes the smart city ICT reference framework in the ISO/IEC 30145 series. It consists ofthree frameworks: a business process framework which specifies the essential processes in the areas of governance,core business and support;
a knowledge management framework which provides guidance on the modelling and managementof knowledge for smart city business and operations; and
an engineering management framework which provides a set oflCT layers for smart cities operation,i.e.the smart application layer, the data and service supporting layer, the communication and storagelayer, the network communication layer and data acquisition layer.
The business process framework includes:
governance processes, which focus on the establishment of policies, and the continuous monitoringof their proper implementation by governing bodies of a smart city, e.g.local public authorities; andcore business and support processes, which focus on the running of business processes according tothe smart city policies by smart city agencies or delegated business organizations.
The engineering management framework is described in Figure 5 . This includes:
— the smart application layer focuses on domain applications, smart government, smart transportation, smart education, smart healthcare, smart home and smart campus which all rely on data processing;
— the data and services supporting layer focuses on data sources, data integration and service integration;
— the computing and storage layer focusses on computing, storage and software resources;
— the network communication layer provides communication infrastructure to smart cities with a high-capacity, high-bandwidth and high reliable optical networks and metropolitan wireless broadband network; — the data acquisition layer provides the capability to sense the world and take actions; and
— vertical systems including the security and privacy protection system, the construction system, the operation and maintenance system, the identification system and the positioning system.