ISO is developing the international standards for privacy matters at ISO/IEC JTC1/SC27 WG (Working Group) 5. The first contribution from the WG was ISO/IEC 29100 Privacy framework. The WG towards to resolve how to fit privacy and security in organizations. The well-known ISO/IEC 27001 ISMS (Information security management system) can be used for security protection for personal information, but can it be used also for other privacy protection? The answer can be found in the highlight on secrecy instead of security. It is introduced in this session that IT security is an enabler for both of data privacy and secrecy.