Cloud Security Alliance Announces Launch Of Privacy Level Agreement (PLA) V.2 Working Group

PLA v.2 to Provide Powerful Transparency and Voluntary Disclosure Mechanism to Support European Cloud Service Providers

Edinburgh (UK), Amsterdam (NL) and Seattle, WA – April 3, 2014 – SecureCloud 2014 - The Cloud Security Alliance (CSA) today announced the launch of version 2 of its Privacy Level Agreement (PLA) Working Group. In an effort to help cloud service providers (CSPs) and potential cloud customers objectively evaluate privacy standards, PLA v2, being sponsored by CSA corporate member EMC, seeks to provide a clear and effective way to communicate to customers (and potential customers) the level of data protection offered by a CSP. “Data protection and privacy are ongoing concerns for enterprise adoption of cloud services, especially in the European Union where new privacy regulations are becoming more stringent. Industry CSPs will need to embrace higher levels of transparency to better serve their clients and to comply with data privacy industry regulators,” said Wayne M. Adams, Senior Technologist, Corporate Office of the CTO for EMC. “EMC is proud to be a prominent sponsor of CSA’s PLA V2 Working Group and is confident the planned deliverables will advance the needs and interests of enterprises, CSPs and the industry at large.” The PLA Working Group was formed in 2012 with the goal of defining compliance baselines for data protection legislation as well as establishing best practices for defining a standard for communicating the level of privacy measures (i.e., data protection and data security) that it agrees to maintain while hosting third-party data. The PLA Working Group is comprised of independent privacy and data protection subject matter experts, privacy officers, and representatives from Data Protection Authorities. The PLA V2 Working Group plans to deliver three core documents over the course of the next 12 months, including:

1. Privacy Level Agreement – Compliance tool for EU market: The first deliverable of the PLA Working Group was a transparency tool for the EU market; based on these initial results, the WG v2 will develop a compliance tool that will satisfy the requirements expressed by the Art 29 WP and in the Code of Conduct currently development by the EC.
2. Feasibility Study on Certification / Seal based on PLA: The group will create a document assessing the feasibility of a Privacy Certification Module in the context of the Open Certification Framework and establish a roadmap and guidance for its creation and implementation.
3. Privacy Level Agreement Outline for the Global Market: CSA will extend the scope of the PLA V1 by considering relevant Privacy legislation outside EU.

“Version 2 of the PLA Working Group continues our efforts to define mechanisms for simplifying the rather complex problem of privacy compliance in the cloud and supports transparency measures that cloud providers and cloud customers should have in place to protect data subject information,” said Daniele Catteddu, Managing Director EMEA for the CSA. “Thanks to PLA, cloud customers will have at their disposal a practical tool by which to assess a CSP’s commitment to address information privacy and personal data protection practices, and cloud providers will have at their disposal a simple mechanism for satisfying their privacy compliance requirements.” About the Cloud Security Alliance The Cloud Security Alliance is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing. The Cloud Security Alliance is led by a broad coalition of industry practitioners, corporations, associations and other key stakeholders. For further information, visit us at https://cloudsecurityalliance.org/, and follow us on Twitter @cloudsa. Media Contacts: Robert Nachbar [email protected] 206-427-0389