IEEE 7005-2021 IEEE Standard for Transparent Employer Data Governance.
5.3.2 Secure processing requirements The employer’s PP&OD shall provide for the following processing capabilities: a) The capability to collect data that is reformatted so other authorized systems can access and act upon possible sensitive data. b) The capability to collect meta data including but not limited to data type, unique sensor identifer, and sensor location. NOTE 1—Data type includes status data, analog data, video data, etc. NOTE 2—Sensor identifer includes type of sensor, e.g., wearable sensor, tracking sensor, video sensor, etc. NOTE 3—Sensor location includes static location or mobile device to associate with other data (groups). c) The capability to qualify in terms of the risks entailed by exposing sensitive data, including but not limited to data of a techno-security value, unidentifable data, and protected data. NOTE 1—Data of techno-security value are indicators of hostile cyber-physical event. NOTE 2—Unidentifable data is data that cannot reasonably allow for the identifcation of an individual or organization. NOTE 3—Protected data is determined by local norms, laws, and regulations. d) The capability to publish collected data a consistent format so it can be correlated with other data. NOTE—Methods used to correlate data are a local matter determined by the ROU. e) The capability to align data collected to support analytical determination of sensitivity level. NOTE—Methods used to align data is a local matter determined by the ROU. f) The capability to publish collected data with suffcient information to determine sensitivity and to determine what action to take in response to receiving the data. NOTE 1—The criteria for enough information is a local matter determined by the ROU. NOTE 2—Action in response to receiving data is a local matter determined by the ROU.
5.3.3 Secure storage requirements The employer’s PP&OD shall provide for the following secure storage capabilities: a) The capability to securely store data collected in any repository in accordance with applicable norms, laws, and regulations. NOTE—Data storage includes device memory storage, server storage, etc. b) The capability to restrict data storage to provide adequate protection against unauthorized access to and use of the data. NOTE—Adequate protection is defned by local norms, laws, and regulations as adjudicated by the courts. 5.3.4 Secure disposal requirements The employer’s PP&OD shall provide for the following secure disposal capabilities: a) The capability to securely destroy collected data when it is no longer needed. b) The capability to securely destroy collected data when requested by the data subject.IEEE 7005 pdf download.