Contributed By Vondst Advocaten N V
Under the former Data Protection Act, the AP published a guideline on data security on the internet in which it makes reference to commonly deployed, technology-neutral security standards, including the Code of Information security (nen-iso/iec 27002/2007 and nen/iso/iec 27001:2005). For the healthcare sector, it refers to standard nen 7510. Examples given of commonly deployed, technology-specific security standards are the Data Security Standard of the Payment Card Industry (PCI), the National Institute of Standards and Technology (NIST) standard for cloud computing and the NCSC guidelines for IT security for web applications and for mobile devices. Also, the NCSC has published its 2018 whitepaper on the development of secure software.
The AP refers to commonly deployed standards in the context of its investigations into security measures taken by controllers, including in its investigation report on the use by the Employee Insurance Agency (‘UWV’) of greater factor authentication for accessing the UWV’s online employers portal.