Cloud Security Alliance Releases First Guidelines for Cloud Service Providers Delivering Services in the European Union
CSA Privacy Level Working Group Encourages Adoption Worldwide as a Powerful Self-regulatory Tool for Data Protection Transparency and accountability in the CloudRSA CONFERENCE – San Francisco, CA – February 25, 2013 - The Cloud Security Alliance (CSA) Privacy Level Agreement (PLA) Working Group today released the Privacy Level Agreement (PLA) Outline for Cloud Service Providers providing services in the European Union. The Outline provides a structure for Cloud Service Providers (CSP) to disclose, in a consistent matter, information about the privacy and data protection policies, procedures and practices used when processing personal data that customers upload or store in the CSP’s servers. Once a PLA outline is completed by a CSP, it will provide current and potential customers with a new tool to assess that CSP’s disclosure of its practices. “The adoption of the PLA Outline by cloud service providers worldwide can be a powerful self-regulatory harmonization tool,” said Daniele Catteddu, EMEA Managing Director of CSA. “Our intention is that the outline will help cloud customers obtain a clearer view of their CSPs’ privacy and data protection practices. This knowledge, in turn, will allow companies to evaluate the extent to which the use of a particular CSP will allow them to achieve compliance with applicable data protection laws, including, in particular, their transparency and accountability obligations, a positive shift for both the customer and provider alike.” Key elements covered in the outline include:
- Cloud customer internal and external due diligence
- Categories of personal data that may be uploaded to the service
- Ways which data should be processed in the cloud
- Data location, transfer, retention, monitoring and security measures
- Personal data breach notification
- Data portability, migration, and transfer back assistance
- Law enforcement access
About Cloud Security Alliance
The Cloud Security Alliance is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing. The Cloud Security Alliance is led by a broad coalition of industry practitioners, corporations, associations and other key stakeholders. For further information, follow us on Twitter @cloudsa.
For press inquiries, email Zenobia Godschalk of ZAG Communications or reach her by phone at 650.269.8315.