继续讨论第七类威胁：Non-compliance 不合规，Nc.4。

Non-compliance 不合规

见前文。

Nc.4 Non-compliance with privacy standards and best practices 不符合隐私标准和最佳实践

Criteria 辨识要素

• Privacy standards are applicable to the system
  适用于系统的隐私标准

  • Are there any (industry) specific privacy standards that are applicable to the system?
    是否有任何（行业）特定的隐私标准适用于系统？

• System does not implement or violates applicable privacy standards
  系统未实施或违反适用的隐私标准

  • Does the system adequately implement the principles and controls outlined in these standards?
    系统是否充分实施了这些标准中概述的原则和控制措施？

Examples 示例

• ISO norm
  ISO规范

  • The system does not adhere to the best practices and principles outlined in the relevant ISO norms on data protection and privacy-by-design.
    系统不符合ISO关于数据保护和隐私设计的相关规范中概述的最佳实践和原则。

• NIST Privacy Framework
  NIST隐私框架

  • Privacy risks are not classified and managed using a standardized methodology such as the NIST Privacy Framework.
    隐私风险没有使用标准化方法（如NIST隐私框架）进行分类和管理。

Impact 影响

• Demonstrating compliance
  证明合规性

  • Non-adherence to industry standards and best practices makes it more difficult to demonstrate compliance with applicable laws.
    不遵守行业标准和最佳实践会增加证明遵守适用法律的难度。

Additional information 额外信息

• Industry-specific guidance
  特定行业指南

  • Check whether there is industry-specific guidance on data processing for your sector (e.g., healthcare, manufacturing).
    检查您所在的行业（如医疗保健、制造业）是否有特定行业的数据处理指南。