New Cloud Security Alliance Survey Reveals Emerging International Data Privacy Challenges

73% of Respondents Call for Global Consumer Bill of Rights Around Data Privacy

Seattle, WA – September 23, 2014 – According to a new survey from the Cloud Security Alliance there is a growing and strong interest in harmonizing privacy laws towards a universal set of principles. Released today, the Data Protection Heat Index Survey Report also found overwhelming support for a global consumer bill of rights, global themes regarding data sovereignty, and a keen interest in the Organization for Economic Co-operation and Development (OECD) principles as facilitating the trends of the Internet of Things (IoT), Cloud and Big Data. “Data privacy considerations are often overlooked in the development phase of cloud, IoT and Big Data solutions, and instead are viewed through a maze of complicated regulations and guidance,” said Jim Reavis, CEO of the CSA. “These findings highlight the very significant opportunity for global co-operation between CISOs and InfoSec professionals, privacy leaders, developers and architects, to build privacy principles into new and emerging solutions.” In conducting the survey, forty of the most influential cloud security leaders worldwide were asked for insights on existing international data protection standards and demands, and to provide information about their regions’ laws and practices surrounding personal information. The survey was designed to test the existence of universal data privacy and data protection concepts and the extent to which these can be drivers for global co-operative efforts around Cloud, IoT and Big Data. The Data Protection Heat Index Survey Report was structured in four parts, and the findings were highly indicative of a positive role that privacy and data protection principles can play in the development of Cloud, IoT and Big Data solutions. Historically, data privacy experts and the Information Security industry at large have focused on deviations between different regions, instead of the similarities, which could encourage more effective collaboration. In discovering areas of alignment and deviation with regard to global data protection laws and practices, as depicted by the Data Protection Heat Index, organizations can drive innovation within the context of new technologies. The survey was structured in four parts, with key findings as follows: Data Residency and Sovereignty Many organizations struggle with issues around data residency and sovereignty. However, there was a common theme of respondents identifying “personal data” and Personally Identifiable Information (PII) as the data that is required to remain resident in most countries. Lawful Interception Responses indicated a universal interpretation of the concept of lawful interception, with responses such as: “The right to access data through country-specific laws if the needs arises, i.e. data needs to be made available for a cybercrime investigation.” User Consent Seventy-three percent of respondents indicated that there should be a call for a global consumer bill of rights and furthermore saw the United Nations as fostering that. This is very significant given the harmonization taking place in Europe, with a single EU Data Privacy Directive for 28 member states, as well as with the renewed calls for a U.S. Consumer Bill of Privacy Rights in the United States, and cross-border privacy arrangements in Australia and Asia. Privacy Principles Finally it was explored whether OECD privacy principles that have been very influential in the development of many data privacy regulations also facilitate popular trends in Cloud, IoT and Big Data initiatives or cause room for tension. The survey report includes an executive summary from Dr. Ann Cavoukian, Former Information and Privacy Commissioner of Ontario, Canada, and commentary from other industry experts on the positive role that privacy can play in developing new and innovative Cloud, IoT and Big Data Solutions. Download the Data Protection Heat Index Survey Report survey report. Please tell us what you think by posting your comments below. Key findings from the survey will be discussed during the next CSA CloudBytes webinar scheduled for Wednesday, September 24th from 9:00 a.m. - 10:00 a.m. PT. For additional details and the calendar event invite, please RSVP at https://www.brighttalk.com/webcast/10415/125943 About the Cloud Security Alliance
 The Cloud Security Alliance is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing. The Cloud Security Alliance is led by a broad coalition of industry practitioners, corporations, associations and other key stakeholders. For further information, visit us at www.cloudsecurityalliance.org, and follow us on Twitter @cloudsa. Contact Kari Walker for the CSA ZAG Communications 703.928.9996 [email protected]