Sergey Nivens - Fotolia
What's the purpose of the CSA's Privacy Level Agreement for Europe v2, and what impact does it have (if any) on U.S. companies, both providers and cloud customers?
The Cloud Security Alliance (CSA) has worked with European officials to support implementation of the Union's privacy and related data use laws and regulations.
The CSA's Privacy Level Agreement for Europe v2 describes compliance requirements in several areas, including data use, data transfer, monitoring, security controls, data breach notification and data retention. The goal of this policy is to provide a standard set of practices for comparing cloud provider services and understanding the roles and obligations of cloud providers with regards to security measures and communications with customers. For example, the agreement requires the description of measures taken to ensure confidentiality, integrity, availability and transparency of personal data. It also requires details about data retention policies, as well as procedures for responding to requests for disclosure of personal information.
While security concerns have long been an impediment to cloud adoption, the CSA's Privacy Level Agreement for Europe v2 and other such standards can mitigate some of those concerns by promoting security best practices on the part of cloud providers. Because it also documents specific responsibilities for communication with customers -- such as how customers will be contacted and in what timeframe -- cloud users can be confident about the level of communications they will receive in the event of the breach.
Ask the Expert!
Want to ask Dan Sullivan a question about cloud security? Submit your questions now via email! (All questions are anonymous.)
Get more help evaluating cloud providers.
Don't miss SearchCloudSecurity's guide on cloud service providers.
Dig Deeper on Evaluating Cloud Computing Providers
Related Q&A from Dan Sullivan
Docker's recent upgrade introduced support for hardware signing and in the future, automated security analysis on Docker images. Expert Dan Sullivan ... Continue Reading
Cisco's new project Contiv automates operational policies for containerized applications in the cloud. Expert Dan Sullivan explains the benefits of ... Continue Reading
Dropbox API abused by attackers posing as legitimate users in a huge spear phishing campaign. Expert Dan Sullivan explains how to mitigate the risks ... Continue Reading